[A] ScvHost is scanning as virus, random site redirects

Inactive
By BlindGuardian36
Mar 24, 2012
Topic Status:
Not open for further replies.
  1. Been trying to remove it, posting logs.

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.23.04

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Brandon :: BRANDON-HP [administrator]

    Protection: Enabled

    3/24/2012 12:11:15 AM
    mbam-log-2012-03-24 (00-11-15).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 480603
    Time elapsed: 1 hour(s), 14 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)




    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-24 12:25:18
    Windows 6.1.7600
    Running: mrnxni5q[1].exe


    ---- Files - GMER 1.0.15 ----

    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\bgrnd-purplePlayer[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\clear[1].gif 43 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\2[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\300x250[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\300x250_2[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\300x250_Start_Building_EA28[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\300x250_survey[2].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\e[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\timthumb[6].php 2743 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\timthumb[7].php 1357 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\pixel[2].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\11SCK_12054_728x90_FB[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\surly[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\adc_boost_7000_linedesk_160x600[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\comment-li-bg[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\thirdage-videos[1].css 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WX2YW5I\small[9].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\madonna-_i_am_b256[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\mariah_lights_u255[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\disp[1].htm 2448 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\a_casual_jennif251[1].jpg 6485 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\1_Control300x250[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\tripexplorers_728x90[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\widget-logo[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\widget[1].css 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\cs[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\telemetry_player_instream_as3[2].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\home[2].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\iframe[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\StdBanner[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\get_flash_player[2].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\CarlaVeldman[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\gallery[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\LiveRail.Interstitial-1.0.min[2].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\logCANIHITK.gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\logCATCUY8X.gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\allclick_clouds_728x90_v6[1].swf 49194 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HM9IQC9\hello_halle_ber262[1].jpg 5235 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\sta[2].htm 249 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\dsp[1].htm 643 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\kim_kardashian_125[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\ads[2].htm 636 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\ads[3].htm 636 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\quantv2[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\optn=64[7].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\42-default_1x1[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\surly[8].js 2078 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\notify[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\LiveRail.Interstitial-1.0.min[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\service[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\EWTRACK_TIME[1] 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\telemetry_player_vpaid_as3[2].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\dvtp_src[5].js 7832 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\dvtp_src[8].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\adsCAJHN6J6.js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\count[1].json 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\logCAJK0HIW.gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\MediaPlayer[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\DocumentDotWrite[1].js 50 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\KpfH270D_LRbaw32NcheMQDR0T1iDoGb[1].xml 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\7761[6].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\7761[7].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\visit[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\Carnie%20Wilson[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\blank[7].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\iVl_h8THFs2IezHtPu4UHQ7YOTcIqLT1[1].xml 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\jennie-garth-2-300[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3IK4W0J\josh-lucas-300[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ISBERGMY.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LSARTQ1A.txt 2791 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9CU28P66.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9ZX7BPO7.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\S9DW3R97.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WX9N8IEI.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\X00SKMGD.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\X1ARKTVT.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\N6KOYJ59.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\H3W37IZ3.txt 3675 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\H84A2AHF.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1R4TH948.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\613T11AJ.txt 170 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3AJQ5PVK.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8H0LNQHO.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WBGZ0QBR.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CKO19TL5.txt 3660 bytes

    ---- EOF - GMER 1.0.15 ----


    Couldn't get DDS to run tried to deactivate script blocking but to no reward.
  2. BlindGuardian36

    BlindGuardian36 Newcomer, in training Topic Starter Posts: 41

    Thanks in advance for any help you can provide. Also got DDS to work...

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Brandon at 13:19:02 on 2012-03-24
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4863.1740 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\SymcPCCULaunchSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Avant Browser\avant.exe
    C:\Program Files (x86)\Avant Browser\ybrowser.exe
    C:\Program Files (x86)\Avant Browser\ybrowser.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\hsplayer.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\TEMP\0.89321265999752
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Avant Browser\ybrowser.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Avant Browser\ybrowser.exe
    C:\Program Files (x86)\Avant Browser\ybrowser.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot
    uSearch Page = hxxp://www.bing.com/?pc=AVBR
    mStart Page = hxxp://home.sweetim.com
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local
    mSearchAssistant = hxxp://start.facemoods.com/?a=brn1&s={searchTerms}&f=4
    uURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
    uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
    uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Helper.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
    BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    BHO: Qwiklinx: {3e7c8b5a-96ab-438f-bf9b-782400655440} - C:\Users\Brandon\AppData\Roaming\Qwiklinx\Qwiklinx.dll
    BHO: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
    BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
    BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: RewardsArcadeSuite: {b6ef6c45-5e8d-4c3b-b580-a5073261a381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
    BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
    BHO: FreeWorkz Games: {d1ecd019-8423-43de-98d1-7892af2da309} - C:\Program Files (x86)\FreeWorkz\FreeWorkzIE.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
    BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    BHO: Shop to Win: {f9e44926-2497-46f3-8a25-928136ac079e} - C:\Program Files (x86)\Shop to Win 20\Shop to Win 20.dll
    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform

    \6.0.2282.0\npwinext.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
    TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
    TB: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL
    TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    TB: Chimpoo: {5b010b98-98f5-4faf-bdc5-f24746d465ce} - C:\Program Files (x86)\Chimpoo_3a\bar\1.bin\3abar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
    mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
    uPolicies-explorer: NoInstrumentation = 1
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - C:\Users\Brandon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    IE: {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files (x86)\FreeYouTubeToMP3TURBOConverter\ytmRunner.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
    TCP: Interfaces\{F83232F0-EA76-4E10-BFC6-1782B42B825E} : DhcpNameServer = 192.168.254.254 192.168.254.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
    BHO-X64: WhiteSmoke Bar - No File
    BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    BHO-X64: Babylon toolbar helper - No File
    BHO-X64: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Brandon\AppData\Roaming\Qwiklinx\Qwiklinx.dll
    BHO-X64: Qwiklinx - No File
    BHO-X64: eGames Toolbar: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
    BHO-X64: facemoods Helper - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO-X64: StartNow Toolbar Helper - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
    BHO-X64: Fantapper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    BHO-X64: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: RewardsArcadeSuite: {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
    BHO-X64: RewardsArcadeSuite - No File
    BHO-X64: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
    BHO-X64: FCTBPos00Pos - No File
    BHO-X64: FreeWorkz Games: {D1ECD019-8423-43de-98D1-7892AF2DA309} - C:\Program Files (x86)\FreeWorkz\FreeWorkzIE.dll
    BHO-X64: FreeWorkz Games - No File
    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO-X64: WeCareReminder - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
    BHO-X64: NetAssistantBHO - No File
    BHO-X64: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    BHO-X64: SWEETIE - No File
    BHO-X64: Shop to Win: {F9E44926-2497-46F3-8A25-928136AC079E} - C:\Program Files (x86)\Shop to Win 20\Shop to Win 20.dll
    BHO-X64: Freecause Shopping BHO - No File
    BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform

    \6.0.2282.0\npwinext.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
    TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    TB-X64: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
    TB-X64: eGames Toolbar: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL
    TB-X64: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB-X64: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    TB-X64: Chimpoo: {5b010b98-98f5-4faf-bdc5-f24746d465ce} - C:\Program Files (x86)\Chimpoo_3a\bar\1.bin\3abar.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    TB-X64: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
    mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files (x86)\FreeYouTubeToMP3TURBOConverter\ytmRunner.html
    Hosts: 149.5.18.172 www.google-analytics.com.
    Hosts: 149.5.18.172 ad-emea.doubleclick.net.
    Hosts: 149.5.18.172 www.statcounter.com.
    Hosts: 108.163.215.51 www.google-analytics.com.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\unltxd4t.default\
    FF - prefs.js: browser.search.selectedEngine - My Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZJxdm035YYus&ptb=hzoc4IRD69VW_n63zDiQ5Q&si=63684
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?

    id=ZJxdm035YYus&ptnrS=ZJxdm035YYus&si=63684&ptb=hzoc4IRD69VW_n63zDiQ5Q&ind=2012021716&n=77ed03d4&psa=&st=kwd&searchfor=
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Chimpoo_3a\bar\1.bin\NP3aStub.dll
    FF - plugin: C:\Program Files (x86)\ChristmasHolidayLaughs_4mEI\Installr\1.bin\NP4mEISb.dll
    FF - plugin: C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll
    FF - plugin: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    FF - plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    FF - plugin: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Brandon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Brandon\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
    FF - plugin: C:\Users\Brandon\AppData\Local\Roblox\Versions\version-59ef45ad660c45f5\NPRobloxProxy.dll
    FF - plugin: C:\Users\Brandon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-9-9 1152632]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110923.030\IDSviA64.sys [2011-9-23 488568]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 MpKslc4590358;MpKslc4590358;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC89FE25-59F4-427C-97CD-A0EEDC733373}\MpKslc4590358.sys [2012-3-23 35664]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [2011-12-12 11776]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-23 652360]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [2012-1-30 130008]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\SymcPCCULaunchSvc.exe [2012-2-17

    123320]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2012-2-17 126392]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-2-1 793048]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-14 1119768]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-5-20 210144]
    R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-18 918880]
    R2 X5XSEx;X5XSEx;C:\Program Files (x86)\Free Ride Games\X5XSEx.sys [2012-1-14 55400]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-21 138360]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-5 136176]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-13 1436424]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-5 136176]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-03-24 00:49:54 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC89FE25-59F4-427C-97CD-A0EEDC733373}\offreg.dll
    2012-03-24 00:49:52 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC89FE25-59F4-427C-97CD-A0EEDC733373}\MpKslc4590358.sys
    2012-03-23 23:48:26 20480 ----a-w- C:\Windows\svchost.exe
    2012-03-23 22:46:18 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68F2DF4B-F151-4336-B84C-0ED0680D77E5}\gapaengine.dll
    2012-03-23 22:45:37 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC89FE25-59F4-427C-97CD-A0EEDC733373}\mpengine.dll
    2012-03-23 22:25:42 743932 ----a-w- C:\Windows\SysWow64\PerfStringBackup.TMP
    2012-03-23 22:25:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-03-23 22:24:46 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-03-23 22:24:24 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-03-23 18:21:06 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Malwarebytes
    2012-03-23 18:21:02 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-03-23 18:21:01 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-23 18:21:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-23 17:57:27 8669240 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0FC4C8B-29AF-4777-A1D1-9650F78C5721}\mpengine.dll
    2012-03-23 17:57:25 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-03-23 17:55:48 -------- d--h--w- C:\Program Files\CCleaner
    2012-03-23 17:15:24 5120 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\1B16.tmp
    2012-03-23 17:15:24 5120 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\1B15.tmp
    2012-03-19 07:02:07 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-19 07:02:07 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-19 07:02:06 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-18 22:08:23 3143168 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-18 22:08:19 1541120 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-18 22:08:18 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-03-18 22:08:18 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-03-18 22:08:18 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2012-03-18 22:08:18 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2012-03-18 22:08:18 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2012-03-18 22:08:18 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2012-03-18 22:08:18 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2012-03-18 22:08:18 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-03-18 22:08:18 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-18 22:03:41 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-18 22:03:41 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-18 22:03:41 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-03-18 22:03:23 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-03-18 22:03:22 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-18 22:03:22 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-18 22:03:22 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-02-29 06:55:19 413760 ---ha-w- C:\Windows\SysWow64\MPG4C32.dll
    2012-02-29 06:55:19 -------- d--h--w- C:\Program Files (x86)\innoheim
    .
    ==================== Find3M ====================
    .
    2012-02-07 19:23:09 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-05 03:24:58 512472 ---ha-w- C:\Windows\SysWow64\msxml.dll
    2012-01-05 03:24:52 40408 ----a-w- C:\Windows\System32\CleanMFT64.exe
    2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    .
    ============= FINISH: 13:19:52.37 ===============

    .
  3. BlindGuardian36

    BlindGuardian36 Newcomer, in training Topic Starter Posts: 41

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/25/2011 8:56:03 PM
    System Uptime: 3/23/2012 6:27:14 PM (19 hours ago)
    .
    Motherboard: FOXCONN | | 2AB1
    Processor: AMD Athlon(tm) II X4 640 Processor | CPU 1 | 3000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 685 GiB total, 594.988 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.611 GiB free.
    E: is CDROM (UDF)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP85: 2/29/2012 7:00:22 PM - Created by PC Tools Registry Mechanic


    RP86: 3/1/2012 7:00:27 PM - Created by PC Tools Registry Mechanic
    RP87: 3/2/2012 7:00:20 PM - Created by PC Tools Registry Mechanic
    RP88: 3/18/2012 7:00:25 PM - Created by PC Tools Registry Mechanic


    RP89: 3/18/2012 10:20:10 PM - Installed Logitech Harmony Remote Software
    RP90: 3/19/2012 3:00:11 AM - Windows Update
    RP91: 3/19/2012 7:00:22 PM - Created by PC Tools Registry Mechanic


    RP92: 3/20/2012 1:20:07 AM - HPSF Restore Point
    RP93: 3/20/2012 7:00:21 PM - Created by PC Tools Registry Mechanic


    RP94: 3/21/2012 7:00:21 PM - Created by PC Tools Registry Mechanic


    RP95: 3/22/2012 7:00:22 PM - Created by PC Tools Registry Mechanic


    RP96: 3/23/2012 1:56:21 PM - Windows Update
    RP97: 3/23/2012 6:24:01 PM - Windows Update
    RP98: 3/23/2012 7:00:50 PM - Created by PC Tools Registry Mechanic


    RP99: 3/23/2012 7:34:02 PM - Windows Update
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 149.5.18.172 www.google-analytics.com.
    Hosts: 149.5.18.172 ad-emea.doubleclick.net.
    Hosts: 149.5.18.172 www.statcounter.com.
    Hosts: 108.163.215.51 www.google-analytics.com.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    Hosts: 108.163.215.51 www.statcounter.com.
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Adobe AIR
    Adobe Shockwave Player 11.6
    Agatha Christie - Peril at End House
    Akamai NetSession Interface
    Anti-phishing Domain Advisor
    Apple Application Support
    Apple Software Update
    Autodesk Material Library 2011
    Autodesk Material Library 2011 Base Image library
    Avant Browser (remove only)
    Aveyond - Gates of Night
    Aveyond: The Darkthrop Prophecy
    AVG Security Toolbar
    Babylon toolbar on IE
    Bejeweled 2 Deluxe
    Big Fish Games: Game Manager
    Bing Bar
    Bing Bar Platform
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Blasterball 3
    blinkx beat
    Blio
    Boogie Bunnies
    Bounce Symphony
    Build-a-lot 2
    Build-a-lot 2: Town of the Year
    Cake Mania
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Cause of the Month Reminder by We-Care.com v5.0.6.2
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cerulean Skies
    Chica Password Manager 1.10.0.6
    Chuzzle Deluxe
    CyberLink DVD Suite Deluxe
    D3DX10
    DealPly
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Diner Dash 2 Restaurant Rescue
    Dogpile Bundle Toolbar
    Dora's World Adventure
    DVD Menu Pack for HP MediaSmart Video
    eGames Toolbar
    Elementals - The Magic Key
    Elizabeth Find MD Diagnosis Mystery: Season 2
    Escape Rosecliff Island
    f.a.m.p.s™
    Facebook Video Calling 1.2.0.159
    Facemoods Toolbar
    Fantapper Player
    Farm Frenzy
    FARO LS 1.1.406.58
    FATE
    File Type Assistant
    Final Drive Nitro
    FlipToast
    Free Realms
    Free Ride Games Player
    Free YouTube to MP3 Converter version 3.10.6.727
    Free YouTube to MP3 TURBO Converter 2011
    FreeWorkz
    Freeze.com NetAssistant
    FrostWire 4.20.9
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.1.2.0
    Home Sweet Home
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart Video
    HP MediaSmart/TouchSmart Netflix
    HP MovieStore
    HP Odometer
    HP Setup
    HP Setup Manager
    HP Support Assistant
    HP Support Information
    HP Update
    Hulu Desktop
    Insider Tales - Vanished in Rome
    Java Auto Updater
    Java(TM) 6 Update 27
    Jenkat Games Arcade
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Kobo
    LabelPrint
    LightScribe System Software
    liteCam Evaluation
    Logitech Harmony Remote Software
    Magical Mysteries: Path of the Sorceress
    Malwarebytes Anti-Malware version 1.60.1.1000
    McAfee Security Scan Plus
    Microsoft Default Manager
    Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Visio 2010
    Microsoft Office Visio MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft PowerPoint Viewer
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visio 2010 Service Pack 1 (SP1)
    Microsoft Visio Premium 2010
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - The London Caper
    NetAssistant
    Norton Internet Security
    Norton Online Backup
    Norton PC Checkup
    PC Tools Registry Mechanic 11.0
    PDF Complete Special Edition
    Penguins!
    PhotoNow!
    Plants vs. Zombies
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PressReader
    QuickTime
    Qwiklinx
    Realtek High Definition Audio Driver
    Recovery Manager
    RewardsArcadeSuite
    Roblox for Brandon
    Roboball
    RoxioNow Player
    Search Toolbar
    SeaWorld Adventure Parks Tycoon
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    Shop To Win
    StarCraft II
    SweetIM for Messenger 3.6
    SweetIM Toolbar for Internet Explorer 4.2
    swMSM
    The Treasures of Montezuma
    The Weather Channel Desktop 6
    thriXXX Hentai3D2-122.001
    thriXXX WebLaunch
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Update Installer for WildTangent Games App
    Virtual Families
    Virtual Villagers 4 - The Tree of Life
    Wheel of Fortune 2
    WhiteSmoke Bar Toolbar
    WhiteSmokeTranslator
    WildGames
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Xilisoft Audio Maker 6
    Yahoo! Software Update
    Yahoo! Toolbar
    Zhu Zhu Pets
    Zinio Reader 4
    Zoo Tycoon 2 Endangered Species Trial
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/23/2012 6:28:34 PM, Error: Service Control Manager [7023] - The Peer Name Resolution

    Protocol service terminated with the following error: Access is denied.
    3/23/2012 6:28:34 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping

    service depends on the Peer Name Resolution Protocol service which failed to start because

    of the following error: Access is denied.
    3/23/2012 6:28:34 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution

    Protocol cloud did not start because the creation of the default identity failed with error

    code: 0x80070005.
    3/23/2012 6:28:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server

    was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart

    your computer, and then restart the WMPNetworkSvc service.
    3/23/2012 6:27:52 PM, Error: Service Control Manager [7001] - The Windows Image

    Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to

    start because of the following error: The service cannot be started, either because it is

    disabled or because it has no enabled devices associated with it.
    3/23/2012 3:32:13 PM, Error: Service Control Manager [7001] - The Computer Browser service

    depends on the Server service which failed to start because of the following error: The

    dependency service or group failed to start.
    3/23/2012 2:14:24 PM, Error: Service Control Manager [7001] - The HomeGroup Provider

    service depends on the Function Discovery Provider Host service which failed to start

    because of the following error: The dependency service or group failed to start.
    3/23/2012 2:14:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

    "1084" attempting to start the service WSearch with arguments "" in order to run the

    server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/23/2012 2:14:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

    "1084" attempting to start the service WSearch with arguments "" in order to run the

    server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/23/2012 2:14:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error

    "1084" attempting to start the service EventSystem with arguments "" in order to run the

    server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/23/2012 2:13:51 PM, Error: Service Control Manager [7026] - The following boot-start or

    system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX

    SymIRON SymNetS Wanarpv6
    3/23/2012 2:13:50 PM, Error: Service Control Manager [7001] - The Client Virtualization

    Handler service depends on the Application Virtualization Client service which failed to

    start because of the following error: The dependency service or group failed to start.
    3/23/2012 2:13:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The

    computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096,

    0xfffff80002a4ef9a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:

    \Windows\Minidump\032312-20498-01.dmp. Report Id: 032312-20498-01.
    3/23/2012 2:11:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The

    computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096,

    0xfffff80002ab2f9a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:

    \Windows\Minidump\032312-39421-01.dmp. Report Id: 032312-39421-01.
    .
    ==== End Of File ===========================
  4. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    You're running two AV programs, MSE and Norton.
    One of them has to go.
    If Norton use this tool: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

    When done...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.