billhouseman

Results of screen317's Security Check version 0.99.56 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 29 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox 14.0.1 Firefox out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSASCui.exe Windows Defender MSASCui.exe Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 19 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````

i'm not sure, just want to make sure there is no malware on my system. no visible signs of infection, but i changed all the settings in all of my browsers. Thank you very much for your assistance and help.

Am i finished? No more malware on my system?

Was i supposed to delete all 3 files with RogueKiller? I only deleted one. here's the log for adwcleaner ***** [services] ***** Stopped & Deleted : Updater Service for StartNow Toolbar ***** [Files / Folders] ***** File Deleted : C:\END File Deleted : C:\Users\RichardSohn\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk File Deleted : C:\Users\RichardSohn\AppData\Roaming\Mozilla\Firefox\Profiles\oe9khkmp.default\searchplugins\funmoods.xml Folder Deleted : C:\Users\RichardSohn\AppData\Roaming\Desktopicon Folder Deleted : C:\Users\RichardSohn\AppData\Roaming\Funmoods ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKCU\Software\TENCENT Key Deleted : HKCU\Software\Zugo Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A} Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar Key Deleted : HKLM\Software\StartNow Toolbar Key Deleted : HKLM\Software\TENCENT Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=adknlg&ir=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0EyCzz0EtA0DtD0F0BtB0AtCtDtN0D0Tzu0CtAyEtDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2005892322 --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\RichardSohn\AppData\Roaming\Mozilla\Firefox\Profiles\oe9khkmp.default\prefs.js C:\Users\RichardSohn\AppData\Roaming\Mozilla\Firefox\Profiles\oe9khkmp.default\user.js ... Deleted ! Deleted : user_pref("browser.search.selectedEngine", "Funmoods"); Deleted : user_pref("extensions.funmoods.aflt", "adknlg"); Deleted : user_pref("extensions.funmoods.autoRvrt", false); Deleted : user_pref("extensions.funmoods.cntry", "US"); Deleted : user_pref("extensions.funmoods.cv", "cv5"); Deleted : user_pref("extensions.funmoods.dfltLng", ""); Deleted : user_pref("extensions.funmoods.dfltSrch", true); Deleted : user_pref("extensions.funmoods.dnsErr", true); Deleted : user_pref("extensions.funmoods.envrmnt", "production"); Deleted : user_pref("extensions.funmoods.excTlbr", false); Deleted : user_pref("extensions.funmoods.hdrMd5", "1BA8FEB8B935C0A9F40C4BF49C496A4B"); Deleted : user_pref("extensions.funmoods.hmpg", true); Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=adknlg&ir=adknlg&cd=2Xzuy[...] Deleted : user_pref("extensions.funmoods.id", "001E68E3D0FB2A10"); Deleted : user_pref("extensions.funmoods.instlDay", "15679"); Deleted : user_pref("extensions.funmoods.instlRef", "adknlg"); Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true); Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2215:45:35"); Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Deleted : user_pref("extensions.funmoods.newTab", true); Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=adknlg&ir=adknlg&cd=2Xz[...] Deleted : user_pref("extensions.funmoods.prdct", "funmoods"); Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods"); Deleted : user_pref("extensions.funmoods.sg", "none"); Deleted : user_pref("extensions.funmoods.smplGrp", "none"); Deleted : user_pref("extensions.funmoods.srchPrvdr", "Funmoods"); Deleted : user_pref("extensions.funmoods.tlbrId", "base"); Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=adknlg&ir=adknlg&cd=2[...] Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2215:45:35"); Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Deleted : user_pref("extensions.funmoods_i.newTab", true); Deleted : user_pref("extensions.funmoods_i.smplGrp", "none"); Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:45:35"); Deleted : user_pref("extensions.searchrecs@veoh.com.install-event-fired", true); Deleted : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision[...] Deleted : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2"); Deleted : user_pref("extensions.veohsearchrecs.id", "26bd393d8-e28e-13d9-d2ba-87ed2c3a240"); Deleted : user_pref("extensions.veohsearchrecs.lastsitedate", "13"); Deleted : user_pref("extensions.veohsearchrecs.veohenabled", "false"); Deleted : user_pref("keyword.URL", "hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z095&pa[...] Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar"); Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "www.startnow.com"); -\\ Google Chrome v23.0.1271.97 File : C:\Users\RichardSohn\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.12.1707.0 File : C:\Users\RichardSohn\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [9883 octets] - [02/01/2013 12:43:47] AdwCleaner[R2].txt - [9943 octets] - [02/01/2013 12:52:05] AdwCleaner[s1].txt - [9941 octets] - [02/01/2013 12:53:05] ########## EOF - C:\AdwCleaner[s1].txt - [10001 octets] ##########

There were 3 "bad" files, on Rogue Killer. I deleted the suspicious one, was i supposed to delete all 3? Here is the log for AdwCleaner Found : Updater Service for StartNow Toolbar ***** [Files / Folders] ***** File Found : C:\END File Found : C:\Users\RichardSohn\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk File Found : C:\Users\RichardSohn\AppData\Roaming\Mozilla\Firefox\Profiles\oe9khkmp.default\searchplugins\funmoods.xml Folder Found : C:\Users\RichardSohn\AppData\Roaming\Desktopicon Folder Found : C:\Users\RichardSohn\AppData\Roaming\Funmoods ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKCU\Software\TENCENT Key Found : HKCU\Software\Zugo Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169} Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Found : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7} Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A} Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1 Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar Key Found : HKLM\Software\StartNow Toolbar Key Found : HKLM\Software\TENCENT Key Found : HKU\S-1-5-21-1433120736-4235176061-2558041162-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Found : HKU\S-1-5-21-1433120736-4235176061-2558041162-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=adknlg&ir=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0EyCzz0EtA0DtD0F0BtB0AtCtDtN0D0Tzu0CtAyEtDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2005892322 -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\RichardSohn\AppData\Roaming\Mozilla\Firefox\Profiles\oe9khkmp.default\prefs.js Found : user_pref("browser.search.selectedEngine", "Funmoods"); Found : user_pref("extensions.funmoods.aflt", "adknlg"); Found : user_pref("extensions.funmoods.autoRvrt", false); Found : user_pref("extensions.funmoods.cntry", "US"); Found : user_pref("extensions.funmoods.cv", "cv5"); Found : user_pref("extensions.funmoods.dfltLng", ""); Found : user_pref("extensions.funmoods.dfltSrch", true); Found : user_pref("extensions.funmoods.dnsErr", true); Found : user_pref("extensions.funmoods.envrmnt", "production"); Found : user_pref("extensions.funmoods.excTlbr", false); Found : user_pref("extensions.funmoods.hdrMd5", "1BA8FEB8B935C0A9F40C4BF49C496A4B"); Found : user_pref("extensions.funmoods.hmpg", true); Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=adknlg&ir=adknlg&cd=2Xzuy[...] Found : user_pref("extensions.funmoods.id", "001E68E3D0FB2A10"); Found : user_pref("extensions.funmoods.instlDay", "15679"); Found : user_pref("extensions.funmoods.instlRef", "adknlg"); Found : user_pref("extensions.funmoods.isdcmntcmplt", true); Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2215:45:35"); Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Found : user_pref("extensions.funmoods.newTab", true); Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=adknlg&ir=adknlg&cd=2Xz[...] Found : user_pref("extensions.funmoods.prdct", "funmoods"); Found : user_pref("extensions.funmoods.prtnrId", "funmoods"); Found : user_pref("extensions.funmoods.sg", "none"); Found : user_pref("extensions.funmoods.smplGrp", "none"); Found : user_pref("extensions.funmoods.srchPrvdr", "Funmoods"); Found : user_pref("extensions.funmoods.tlbrId", "base"); Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=adknlg&ir=adknlg&cd=2[...] Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2215:45:35"); Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Found : user_pref("extensions.funmoods_i.newTab", true); Found : user_pref("extensions.funmoods_i.smplGrp", "none"); Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:45:35"); Found : user_pref("extensions.searchrecs@veoh.com.install-event-fired", true); Found : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision[...] Found : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2"); Found : user_pref("extensions.veohsearchrecs.id", "26bd393d8-e28e-13d9-d2ba-87ed2c3a240"); Found : user_pref("extensions.veohsearchrecs.lastsitedate", "13"); Found : user_pref("extensions.veohsearchrecs.veohenabled", "false"); Found : user_pref("keyword.URL", "hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z095&pa[...] Found : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar"); Found : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "www.startnow.com"); -\\ Google Chrome v23.0.1271.97 File : C:\Users\RichardSohn\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.12.1707.0 File : C:\Users\RichardSohn\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [9754 octets] - [02/01/2013 12:43:47] ########## EOF - C:\AdwCleaner[R1].txt - [9814 octets] ##########

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : RichardSohn [Admin rights] Mode : Scan -- Date : 01/02/2013 11:58:41 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [TASK][sUSP PATH] Funmoods : C:\Users\RICHAR~1\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE /Check -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++ --- User --- [MBR] 4afab9ba6db9689a75dd612f33c89ed2 [bSP] f7fcad8a8da35140f79ad82383955f5e : Acer tatooed MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 147501 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323055616 | Size: 143872 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 617705472 | Size: 3630 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01022013_02d1158.txt >> RKreport[1]_S_01022013_02d1158.txt

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3000.2455 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\Explorer.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0908&m=aspire_6930 mStart Page = hxxp://www.google.com mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0908&m=aspire_6930 BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files\startnow toolbar\Toolbar32.dll BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll TB: The Weather Channel Toolbar: {2E5E800E-6AC0-411E-940A-369530A35E43} - c:\windows\system32\TwcToolbarIe7.dll TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files\startnow toolbar\Toolbar32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Google Update] "c:\users\richardsohn\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [spotify Web Helper] "c:\users\richardsohn\appdata\roaming\spotify\data\SpotifyWebHelper.exe" mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe" mRun: [bkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe" mRun: [eRecoveryService] <no file> mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{2C264BDA-DB13-459D-B76E-A60007CE1696} : DHCPNameServer = 192.168.1.1 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\richardsohn\appdata\roaming\mozilla\firefox\profiles\oe9khkmp.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.windowsxlive.net FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110720&user_guid=40B74DB8530546188344CF477DC3EDC4&machine_id=0edac18c58953e31fc039bc89e447598&browser=FF&os=win&os_version=6.0-x86-SP2&q= FF - prefs.js: browser.search.selectedEngine - Funmoods FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll FF - plugin: c:\program files\olympus\ib utilities\firefox plugin\npIbInst.dll FF - plugin: c:\users\richardsohn\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\users\richardsohn\appdata\roaming\move networks\plugins\npqmp071706000001.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll FF - ExtSQL: !HIDDEN! 2009-08-22 01:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=adknlg&ir=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0EyCzz0EtA0DtD0F0BtB0AtCtDtN0D0Tzu0CtAyEtDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2005892322 FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Funmoods FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=adknlg&ir=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0EyCzz0EtA0DtD0F0BtB0AtCtDtN0D0Tzu0CtAyEtDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2005892322 FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=adknlg&ir=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0EyCzz0EtA0DtD0F0BtB0AtCtDtN0D0Tzu0CtAyEtDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2005892322&q= FF - user.js: extensions.funmoods.id - 001E68E3D0FB2A10 FF - user.js: extensions.funmoods.instlDay - 15679 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2215:45:35 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - adknlg FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - adknlg FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 . ============= SERVICES / DRIVERS =============== . R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480] R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-18 738504] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-7 361032] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-9-11 61424] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-7 21256] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-7 58680] S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-7 44808] S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384] S2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-9-11 81504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-10-14 24576] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?] S2 gupdate1c9bacb10fb39c8;Google Update Service (gupdate1c9bacb10fb39c8);c:\program files\google\update\GoogleUpdate.exe [2009-4-11 133104] S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056] S2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-9-11 122368] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2012-11-27 479840] S2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-9-11 233472] S2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf squeezemysql --> c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf SqueezeMySQL [?] S2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-1-18 5120] S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-8-23 14336] S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-8-23 20864] S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-8-23 19968] S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-8-23 24960] S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2008-10-19 25728] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-14 113664] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-1-9 8576] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-2 30192] S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960] . =============== Created Last 30 ================ . 2013-01-02 14:28:34 -------- d--h--w- c:\windows\PIF 2013-01-01 07:17:18 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8d5149b7-5b34-4014-81e1-25c75e2b43fe}\offreg.dll 2013-01-01 07:03:08 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8d5149b7-5b34-4014-81e1-25c75e2b43fe}\mpengine.dll 2012-12-30 04:23:50 -------- d-----w- c:\users\richardsohn\appdata\local\Spotify 2012-12-30 04:22:56 -------- d-----w- c:\users\richardsohn\appdata\roaming\Spotify 2012-12-21 21:45:36 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 21:45:36 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-13 04:26:47 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-13 04:26:37 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-13 04:26:37 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-13 04:26:36 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-13 04:26:36 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-13 04:26:35 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-13 04:26:34 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-13 04:26:34 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-13 04:26:30 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-13 04:26:30 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-13 04:26:30 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-13 00:52:37 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-12-13 00:52:36 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 00:52:34 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-13 00:52:31 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-13 00:52:23 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-07 05:08:30 -------- d-----w- c:\program files\Voxengo 2012-12-05 20:48:50 -------- d-----w- c:\users\richardsohn\appdata\roaming\Funmoods . ==================== Find3M ==================== . 2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 18:59:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 18:59:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 23:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr . ============= FINISH: 9:36:18.64 =============== attach.zip