Inactive [A] ScvHost is scanning as virus, random site redirects

[BlindGuardian36]

Been trying to remove it, posting logs.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.23.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Brandon :: BRANDON-HP [administrator]

Protection: Enabled

3/24/2012 12:11:15 AM
mbam-log-2012-03-24 (00-11-15).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 480603
Time elapsed: 1 hour(s), 14 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-24 12:25:18
Windows 6.1.7600
Running: mrnxni5q[1].exe


---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\bgrnd-purplePlayer[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\clear[1].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\2[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\300x250[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\300x250_2[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\300x250_Start_Building_EA28[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\300x250_survey[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\e[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\timthumb[6].php 2743 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\timthumb[7].php 1357 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\pixel[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\11SCK_12054_728x90_FB[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\surly[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\adc_boost_7000_linedesk_160x600[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\comment-li-bg[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\thirdage-videos[1].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\small[9].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\madonna-_i_am_b256[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\mariah_lights_u255[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\disp[1].htm 2448 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\a_casual_jennif251[1].jpg 6485 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\1_Control300x250[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\tripexplorers_728x90[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\widget-logo[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\widget[1].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\cs[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\telemetry_player_instream_as3[2].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\home[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\iframe[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\StdBanner[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\get_flash_player[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\CarlaVeldman[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\gallery[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\LiveRail.Interstitial-1.0.min[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\logCANIHITK.gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\logCATCUY8X.gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\allclick_clouds_728x90_v6[1].swf 49194 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\hello_halle_ber262[1].jpg 5235 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\sta[2].htm 249 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\dsp[1].htm 643 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\kim_kardashian_125[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\ads[2].htm 636 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\ads[3].htm 636 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\quantv2[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\optn=64[7].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\42-default_1x1[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\surly[8].js 2078 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\notify[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\LiveRail.Interstitial-1.0.min[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\service[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\EWTRACK_TIME[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\telemetry_player_vpaid_as3[2].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\dvtp_src[5].js 7832 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\dvtp_src[8].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\adsCAJHN6J6.js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\count[1].json 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\logCAJK0HIW.gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\MediaPlayer[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\DocumentDotWrite[1].js 50 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\KpfH270D_LRbaw32NcheMQDR0T1iDoGb[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\7761[6].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\7761[7].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\visit[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\Carnie%20Wilson[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\blank[7].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\iVl_h8THFs2IezHtPu4UHQ7YOTcIqLT1[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\jennie-garth-2-300[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\josh-lucas-300[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ISBERGMY.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LSARTQ1A.txt 2791 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9CU28P66.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9ZX7BPO7.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\S9DW3R97.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WX9N8IEI.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\X00SKMGD.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\X1ARKTVT.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\N6KOYJ59.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\H3W37IZ3.txt 3675 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\H84A2AHF.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1R4TH948.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\613T11AJ.txt 170 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3AJQ5PVK.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8H0LNQHO.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WBGZ0QBR.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CKO19TL5.txt 3660 bytes

---- EOF - GMER 1.0.15 ----


Couldn't get DDS to run tried to deactivate script blocking but to no reward.

 

[BlindGuardian36]

Thanks in advance for any help you can provide. Also got DDS to work...

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Brandon at 13:19:02 on 2012-03-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4863.1740 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\SymcPCCULaunchSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avant Browser\avant.exe
C:\Program Files (x86)\Avant Browser\ybrowser.exe
C:\Program Files (x86)\Avant Browser\ybrowser.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\hsplayer.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\TEMP\0.89321265999752
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Avant Browser\ybrowser.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Avant Browser\ybrowser.exe
C:\Program Files (x86)\Avant Browser\ybrowser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot
uSearch Page = hxxp://www.bing.com/?pc=AVBR
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local
mSearchAssistant = hxxp://start.facemoods.com/?a=brn1&s={searchTerms}&f=4
uURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Helper.dll
uURLSearchHooks: H - No File
mURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Qwiklinx: {3e7c8b5a-96ab-438f-bf9b-782400655440} - C:\Users\Brandon\AppData\Roaming\Qwiklinx\Qwiklinx.dll
BHO: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: RewardsArcadeSuite: {b6ef6c45-5e8d-4c3b-b580-a5073261a381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO: FreeWorkz Games: {d1ecd019-8423-43de-98d1-7892af2da309} - C:\Program Files (x86)\FreeWorkz\FreeWorkzIE.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: Shop to Win: {f9e44926-2497-46f3-8a25-928136ac079e} - C:\Program Files (x86)\Shop to Win 20\Shop to Win 20.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform

\6.0.2282.0\npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
TB: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Chimpoo: {5b010b98-98f5-4faf-bdc5-f24746d465ce} - C:\Program Files (x86)\Chimpoo_3a\bar\1.bin\3abar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
uPolicies-explorer: NoInstrumentation = 1
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Brandon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files (x86)\FreeYouTubeToMP3TURBOConverter\ytmRunner.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{F83232F0-EA76-4E10-BFC6-1782B42B825E} : DhcpNameServer = 192.168.254.254 192.168.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
BHO-X64: WhiteSmoke Bar - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Brandon\AppData\Roaming\Qwiklinx\Qwiklinx.dll
BHO-X64: Qwiklinx - No File
BHO-X64: eGames Toolbar: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
BHO-X64: facemoods Helper - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO-X64: Fantapper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO-X64: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: RewardsArcadeSuite: {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
BHO-X64: RewardsArcadeSuite - No File
BHO-X64: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: FreeWorkz Games: {D1ECD019-8423-43de-98D1-7892AF2DA309} - C:\Program Files (x86)\FreeWorkz\FreeWorkzIE.dll
BHO-X64: FreeWorkz Games - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
BHO-X64: NetAssistantBHO - No File
BHO-X64: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-X64: SWEETIE - No File
BHO-X64: Shop to Win: {F9E44926-2497-46F3-8A25-928136AC079E} - C:\Program Files (x86)\Shop to Win 20\Shop to Win 20.dll
BHO-X64: Freecause Shopping BHO - No File
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform

\6.0.2282.0\npwinext.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB-X64: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
TB-X64: eGames Toolbar: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL
TB-X64: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB-X64: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB-X64: Chimpoo: {5b010b98-98f5-4faf-bdc5-f24746d465ce} - C:\Program Files (x86)\Chimpoo_3a\bar\1.bin\3abar.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files (x86)\FreeYouTubeToMP3TURBOConverter\ytmRunner.html
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\unltxd4t.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZJxdm035YYus&ptb=hzoc4IRD69VW_n63zDiQ5Q&si=63684
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?

id=ZJxdm035YYus&ptnrS=ZJxdm035YYus&si=63684&ptb=hzoc4IRD69VW_n63zDiQ5Q&ind=2012021716&n=77ed03d4&psa=&st=kwd&searchfor=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Chimpoo_3a\bar\1.bin\NP3aStub.dll
FF - plugin: C:\Program Files (x86)\ChristmasHolidayLaughs_4mEI\Installr\1.bin\NP4mEISb.dll
FF - plugin: C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll
FF - plugin: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
FF - plugin: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Brandon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Brandon\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
FF - plugin: C:\Users\Brandon\AppData\Local\Roblox\Versions\version-59ef45ad660c45f5\NPRobloxProxy.dll
FF - plugin: C:\Users\Brandon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-9-9 1152632]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110923.030\IDSviA64.sys [2011-9-23 488568]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 MpKslc4590358;MpKslc4590358;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC89FE25-59F4-427C-97CD-A0EEDC733373}\MpKslc4590358.sys [2012-3-23 35664]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [2011-12-12 11776]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-23 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [2012-1-30 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\SymcPCCULaunchSvc.exe [2012-2-17

123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2012-2-17 126392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-2-1 793048]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-14 1119768]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-5-20 210144]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-18 918880]
R2 X5XSEx;X5XSEx;C:\Program Files (x86)\Free Ride Games\X5XSEx.sys [2012-1-14 55400]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-21 138360]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-5 136176]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-13 1436424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-5 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-24 00:49:54 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC89FE25-59F4-427C-97CD-A0EEDC733373}\offreg.dll
2012-03-24 00:49:52 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC89FE25-59F4-427C-97CD-A0EEDC733373}\MpKslc4590358.sys
2012-03-23 23:48:26 20480 ----a-w- C:\Windows\svchost.exe
2012-03-23 22:46:18 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68F2DF4B-F151-4336-B84C-0ED0680D77E5}\gapaengine.dll
2012-03-23 22:45:37 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC89FE25-59F4-427C-97CD-A0EEDC733373}\mpengine.dll
2012-03-23 22:25:42 743932 ----a-w- C:\Windows\SysWow64\PerfStringBackup.TMP
2012-03-23 22:25:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-23 22:24:46 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-03-23 22:24:24 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-03-23 18:21:06 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Malwarebytes
2012-03-23 18:21:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-23 18:21:01 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-23 18:21:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-23 17:57:27 8669240 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0FC4C8B-29AF-4777-A1D1-9650F78C5721}\mpengine.dll
2012-03-23 17:57:25 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-03-23 17:55:48 -------- d--h--w- C:\Program Files\CCleaner
2012-03-23 17:15:24 5120 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\1B16.tmp
2012-03-23 17:15:24 5120 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\1B15.tmp
2012-03-19 07:02:07 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-19 07:02:07 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-19 07:02:06 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-18 22:08:23 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-18 22:08:19 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-18 22:08:18 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-18 22:08:18 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-18 22:08:18 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-18 22:08:18 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-18 22:08:18 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-18 22:08:18 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-18 22:08:18 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-18 22:08:18 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-18 22:08:18 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-18 22:03:41 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-18 22:03:41 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-18 22:03:41 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-18 22:03:23 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-18 22:03:22 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-18 22:03:22 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-18 22:03:22 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-29 06:55:19 413760 ---ha-w- C:\Windows\SysWow64\MPG4C32.dll
2012-02-29 06:55:19 -------- d--h--w- C:\Program Files (x86)\innoheim
.
==================== Find3M ====================
.
2012-02-07 19:23:09 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-05 03:24:58 512472 ---ha-w- C:\Windows\SysWow64\msxml.dll
2012-01-05 03:24:52 40408 ----a-w- C:\Windows\System32\CleanMFT64.exe
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 13:19:52.37 ===============

.

 

[BlindGuardian36]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/25/2011 8:56:03 PM
System Uptime: 3/23/2012 6:27:14 PM (19 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Athlon(tm) II X4 640 Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 685 GiB total, 594.988 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.611 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP85: 2/29/2012 7:00:22 PM - Created by PC Tools Registry Mechanic


RP86: 3/1/2012 7:00:27 PM - Created by PC Tools Registry Mechanic
RP87: 3/2/2012 7:00:20 PM - Created by PC Tools Registry Mechanic
RP88: 3/18/2012 7:00:25 PM - Created by PC Tools Registry Mechanic


RP89: 3/18/2012 10:20:10 PM - Installed Logitech Harmony Remote Software
RP90: 3/19/2012 3:00:11 AM - Windows Update
RP91: 3/19/2012 7:00:22 PM - Created by PC Tools Registry Mechanic


RP92: 3/20/2012 1:20:07 AM - HPSF Restore Point
RP93: 3/20/2012 7:00:21 PM - Created by PC Tools Registry Mechanic


RP94: 3/21/2012 7:00:21 PM - Created by PC Tools Registry Mechanic


RP95: 3/22/2012 7:00:22 PM - Created by PC Tools Registry Mechanic


RP96: 3/23/2012 1:56:21 PM - Windows Update
RP97: 3/23/2012 6:24:01 PM - Windows Update
RP98: 3/23/2012 7:00:50 PM - Created by PC Tools Registry Mechanic


RP99: 3/23/2012 7:34:02 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Shockwave Player 11.6
Agatha Christie - Peril at End House
Akamai NetSession Interface
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Avant Browser (remove only)
Aveyond - Gates of Night
Aveyond: The Darkthrop Prophecy
AVG Security Toolbar
Babylon toolbar on IE
Bejeweled 2 Deluxe
Big Fish Games: Game Manager
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
blinkx beat
Blio
Boogie Bunnies
Bounce Symphony
Build-a-lot 2
Build-a-lot 2: Town of the Year
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Cause of the Month Reminder by We-Care.com v5.0.6.2
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cerulean Skies
Chica Password Manager 1.10.0.6
Chuzzle Deluxe
CyberLink DVD Suite Deluxe
D3DX10
DealPly
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dogpile Bundle Toolbar
Dora's World Adventure
DVD Menu Pack for HP MediaSmart Video
eGames Toolbar
Elementals - The Magic Key
Elizabeth Find MD Diagnosis Mystery: Season 2
Escape Rosecliff Island
f.a.m.p.s™
Facebook Video Calling 1.2.0.159
Facemoods Toolbar
Fantapper Player
Farm Frenzy
FARO LS 1.1.406.58
FATE
File Type Assistant
Final Drive Nitro
FlipToast
Free Realms
Free Ride Games Player
Free YouTube to MP3 Converter version 3.10.6.727
Free YouTube to MP3 TURBO Converter 2011
FreeWorkz
Freeze.com NetAssistant
FrostWire 4.20.9
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
Home Sweet Home
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Odometer
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
Hulu Desktop
Insider Tales - Vanished in Rome
Java Auto Updater
Java(TM) 6 Update 27
Jenkat Games Arcade
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
LightScribe System Software
liteCam Evaluation
Logitech Harmony Remote Software
Magical Mysteries: Path of the Sorceress
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Microsoft Default Manager
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft PowerPoint Viewer
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
NetAssistant
Norton Internet Security
Norton Online Backup
Norton PC Checkup
PC Tools Registry Mechanic 11.0
PDF Complete Special Edition
Penguins!
PhotoNow!
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
QuickTime
Qwiklinx
Realtek High Definition Audio Driver
Recovery Manager
RewardsArcadeSuite
Roblox for Brandon
Roboball
RoxioNow Player
Search Toolbar
SeaWorld Adventure Parks Tycoon
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Shop To Win
StarCraft II
SweetIM for Messenger 3.6
SweetIM Toolbar for Internet Explorer 4.2
swMSM
The Treasures of Montezuma
The Weather Channel Desktop 6
thriXXX Hentai3D2-122.001
thriXXX WebLaunch
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update Installer for WildTangent Games App
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
WhiteSmoke Bar Toolbar
WhiteSmokeTranslator
WildGames
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xilisoft Audio Maker 6
Yahoo! Software Update
Yahoo! Toolbar
Zhu Zhu Pets
Zinio Reader 4
Zoo Tycoon 2 Endangered Species Trial
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
3/23/2012 6:28:34 PM, Error: Service Control Manager [7023] - The Peer Name Resolution

Protocol service terminated with the following error: Access is denied.
3/23/2012 6:28:34 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping

service depends on the Peer Name Resolution Protocol service which failed to start because

of the following error: Access is denied.
3/23/2012 6:28:34 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution

Protocol cloud did not start because the creation of the default identity failed with error

code: 0x80070005.
3/23/2012 6:28:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server

was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart

your computer, and then restart the WMPNetworkSvc service.
3/23/2012 6:27:52 PM, Error: Service Control Manager [7001] - The Windows Image

Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to

start because of the following error: The service cannot be started, either because it is

disabled or because it has no enabled devices associated with it.
3/23/2012 3:32:13 PM, Error: Service Control Manager [7001] - The Computer Browser service

depends on the Server service which failed to start because of the following error: The

dependency service or group failed to start.
3/23/2012 2:14:24 PM, Error: Service Control Manager [7001] - The HomeGroup Provider

service depends on the Function Discovery Provider Host service which failed to start

because of the following error: The dependency service or group failed to start.
3/23/2012 2:14:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

"1084" attempting to start the service WSearch with arguments "" in order to run the

server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/23/2012 2:14:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

"1084" attempting to start the service WSearch with arguments "" in order to run the

server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/23/2012 2:14:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

"1084" attempting to start the service EventSystem with arguments "" in order to run the

server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/23/2012 2:13:51 PM, Error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX

SymIRON SymNetS Wanarpv6
3/23/2012 2:13:50 PM, Error: Service Control Manager [7001] - The Client Virtualization

Handler service depends on the Application Virtualization Client service which failed to

start because of the following error: The dependency service or group failed to start.
3/23/2012 2:13:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The

computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096,

0xfffff80002a4ef9a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:

\Windows\Minidump\032312-20498-01.dmp. Report Id: 032312-20498-01.
3/23/2012 2:11:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The

computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096,

0xfffff80002ab2f9a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:

\Windows\Minidump\032312-39421-01.dmp. Report Id: 032312-39421-01.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

You're running two AV programs, MSE and Norton.
One of them has to go.
If Norton use this tool: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

When done...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.