PDA

View Full Version : Icityfind and others redirect



tarrant_01
2011-05-17, 10:24
Hello. I am trying to remove all this malware my friend has managed to accumulate over the past few months. I was able to remove the fake Windows XP Recovery tool that locked down his system. What I have now is just a redirect that just redirects when I click on any search results, but if i go to a website directly it works fine. The other issue I have is the task manager is just the box with the running windows. All of the tabs are gone so I can't see running processes.

I've uninstalled McAfee since it was expired and installed Avast. Any help is appreciated.

Here's the DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 0:08:26.14 on Tue 05/17/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1490 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = about:blank
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Anti-Phishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [yonXQoADpl] c:\documents and settings\all users\application data\yonXQoADpl.exe
uRun: [pronto] "c:\program files\wimba\pronto\pronto.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259735097750
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Filter: text/html - {dd7e5502-b36d-4a25-99db-702c37a5b33b} -
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-16 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-16 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-16 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-16 42184]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-6-15 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-6-3 174720]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-1-9 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-16 22:47:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-16 22:47:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-05-16 12:16:20 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-16 12:16:09 40112 ----a-w- c:\windows\avastSS.scr
2011-05-16 12:15:59 -------- d-----w- c:\program files\AVAST Software
2011-05-16 12:15:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-05-15 22:11:55 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2011-05-15 22:11:54 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Help
2011-05-15 20:26:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-15 20:26:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-15 20:26:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-12 17:41:32 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-12 17:41:32 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-08 17:30:58 -------- d-----w- c:\program files\MyDSC2
2011-05-08 17:30:11 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-05-08 17:28:19 212480 ----a-w- c:\windows\PCDLIB32.DLL
2011-05-04 03:35:16 -------- d-----w- c:\program files\Lame For Audacity
2011-05-04 03:19:17 -------- d-----w- c:\program files\facemoods.com
2011-05-03 01:54:02 -------- d-----r- c:\program files\Skype
2011-04-22 05:08:27 -------- d-----w- c:\program files\Audacity
.
==================== Find3M ====================
.
2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 0:11:10.43 ===============

Here is the latest Spybot S&D log..sorry I dont see how to make it a short log:

--- Report generated: 2011-05-16 22:02 ---

Babylon.Toolbar: [SBI $4D2B8FD6] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Babylon.Toolbar: [SBI $7C893BE9] Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Babylon.Toolbar: [SBI $C5E991BF] Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Babylon.Toolbar: [SBI $07586C96] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane

Babylon.Toolbar: [SBI $07586C96] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1

Babylon.Toolbar: [SBI $07586C96] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}

Babylon.Toolbar: [SBI $AA4747ED] Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\AppID\escort.DLL

Babylon.Toolbar: [SBI $4AB6C1F6] Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}

Babylon.Toolbar: [SBI $EDEE5496] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}

Babylon.Toolbar: [SBI $1A89274C] Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Babylon.Toolbar: [SBI $DAF071F2] Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}

Babylon.Toolbar: [SBI $6F596698] Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\AppID\esrv.EXE

Babylon.Toolbar: [SBI $7FDC77BF] Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}

Babylon.Toolbar: [SBI $335BD69F] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}

Babylon.Toolbar: [SBI $F2D194B9] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}

Babylon.Toolbar: [SBI $CC37E2D7] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

Fraud.Sysguard: [SBI $E7C9E8DB] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-4154379194-418623744-3423388001-1006\Software\wpyyaxvbft

Fraud.WindowsRecovery: [SBI $9C8FE954] Settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-4154379194-418623744-3423388001-1006\Software\75fa38b7-8b94-4995-ad32-52e938867954

Fraud.WindowsRecovery: [SBI $597FC39E] Settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-4154379194-418623744-3423388001-1006\Software\BD

Toolbar.Facemood: [SBI $87ABC9E8] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.escrtSrvc

Toolbar.Facemood: [SBI $87ABC9E8] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.escrtSrvc.1

Toolbar.Facemood: [SBI $87ABC9E8] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}

Toolbar.Facemood: [SBI $B0AC0542] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}

Toolbar.Facemood: [SBI $7BBF0EC0] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}

Toolbar.Facemood: [SBI $54FC7DB6] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}

Toolbar.Facemood: [SBI $D74BE4BE] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}

Toolbar.Facemood: [SBI $5EA898D8] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}

Toolbar.Facemood: [SBI $35668AA4] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}

Toolbar.Facemood: [SBI $2543F0B4] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}

Toolbar.Facemood: [SBI $FCAC8542] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}

Toolbar.Facemood: [SBI $D3994306] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Toolbar.Facemood: [SBI $E5279435] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}

Toolbar.Facemood: [SBI $04C50E46] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Toolbar.Facemood: [SBI $D7D894B6] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}

Toolbar.Facemood: [SBI $4C7C8205] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-4154379194-418623744-3423388001-1006\Software\facemoods.com

Toolbar.Facemood: [SBI $4C7C8205] Settings (Registry key, fixing failed)
HKEY_USERS\S-1-5-21-4154379194-418623744-3423388001-1007\Software\facemoods.com

Toolbar.Facemood: [SBI $8B30B7C1] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-4154379194-418623744-3423388001-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}

Toolbar.Facemood: [SBI $8F44A361] Application ID (Registry key, fixed)
HKEY_CLASSES_ROOT\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}

Toolbar.Facemood: [SBI $91EA8548] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}

Toolbar.Facemood: [SBI $5388130E] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{929801A8-4AEF-4d12-BE31-D85BF666452B}

Toolbar.Facemood: [SBI $B00E03DE] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}

Toolbar.Facemood: [SBI $4A0A750A] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}

Toolbar.Facemood: [SBI $2424DA1F] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}

Toolbar.Facemood: [SBI $CDB19D2C] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}

Toolbar.Facemood: [SBI $A2745C0F] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}

Toolbar.Facemood: [SBI $145B6003] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\facemoods.dskBnd

Toolbar.Facemood: [SBI $145B6003] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\facemoods.dskBnd.1

Toolbar.Facemood: [SBI $145B6003] Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}

Toolbar.Facemood: [SBI $040843B5] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\facemoods.facemoodsHlpr

Toolbar.Facemood: [SBI $040843B5] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\facemoods.facemoodsHlpr.1

Toolbar.Facemood: [SBI $040843B5] Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}

Toolbar.Facemood: [SBI $040843B5] Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}

Toolbar.Facemood: [SBI $22AD035E] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\facemoods.xtrnl

Toolbar.Facemood: [SBI $22AD035E] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\facemoods.xtrnl.1

Toolbar.Facemood: [SBI $22AD035E] Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}

Toolbar.Facemood: [SBI $86BF4B70] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\facemoodsApp.appCore

Toolbar.Facemood: [SBI $86BF4B70] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\facemoodsApp.appCore.1

Toolbar.Facemood: [SBI $86BF4B70] Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}

Toolbar.Facemood: [SBI $5E30C9D5] Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}

Toolbar.Facemood: [SBI $5E54EF0C] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\facemoods.com

Toolbar.Facemood: [SBI $C05EACE9] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif

Toolbar.Facemood: [SBI $05615868] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567}

Toolbar.Facemood: [SBI $1668309A] Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods

Toolbar.Facemood: [SBI $1B24744B] IE toolbar (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}

Toolbar.Facemood: [SBI $05FB3923] IE Search page (Registry change, fixed)
HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Search\SearchAssistant=about:blank

Toolbar.Facemood: [SBI $6C447D91] Autorun settings (facemoods) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\facemoods

Toolbar.Facemood: [SBI $6C447D91] Program file (File, fixed)
C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe
Properties.size=323584
Properties.md5=65ED705DE0A073566BEF1E5335275476
Properties.filedate=1288107428
Properties.filedatetext=2010-10-26 08:37:08

Toolbar.Facemood: [SBI $68541A5D] Data (File, fixed)
C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoods.crx
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Toolbar.Facemood: [SBI $E4F50377] Picture (File, fixed)
C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoods.png
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Toolbar.Facemood: [SBI $653F1CBE] Library (File, fixed)
C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsApp.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Toolbar.Facemood: [SBI $653F1CBE] Library (File, fixed)
C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsEng.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Toolbar.Facemood: [SBI $653F1CBE] Library (File, fixed)
C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Toolbar.Facemood: [SBI $E324154F] Executable (File, fixed)
C:\Program Files\facemoods.com\facemoods\1.4.17.6\uninstall.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Toolbar.Facemood: [SBI $1786BAF6] Web page (File, fixed)
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Toolbar.Facemood: [SBI $08671D2B] Program directory (Directory, fixed)
C:\Documents and Settings\kelleh\Application Data\facemoods.com\facemoods\

Toolbar.Facemood: [SBI $08671D2B] Program directory (Directory, fixed)
C:\Documents and Settings\Owner\Application Data\facemoods.com\facemoods\

Toolbar.Facemood: [SBI $AB791C50] Program directory (Directory, fixed)
C:\Documents and Settings\kelleh\Application Data\facemoods.com\

Toolbar.Facemood: [SBI $AB791C50] Program directory (Directory, fixed)
C:\Documents and Settings\Owner\Application Data\facemoods.com\

Toolbar.Facemood: [SBI $8E5A5ECF] Program directory (Directory, fixing failed)
C:\Program Files\facemoods.com\facemoods\

Toolbar.Facemood: [SBI $DC22050E] Program directory (Directory, fixing failed)
C:\Program Files\facemoods.com\

Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $D80580B5] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe

Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $21695B76] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe

MyWebSearch: [SBI $0778094F] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

MyWebSearch: [SBI $EB0F98F9] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

Search-Explorer: Interface (IPugiObj) (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}

Statcounter: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


MediaPlex: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


FastClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Right Media: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

tarrant_01
2011-05-20, 13:23
Disregard. Impatience got the best of me :)