billhouseman

January 3, 2013

Results of screen317's Security Check version 0.99.56

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 29

Java version out of Date!

Adobe Flash Player 11.5.502.135

Adobe Reader 8 Adobe Reader out of Date!

Mozilla Firefox 14.0.1 Firefox out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Windows Defender MSASCui.exe

Alwil Software Avast5 AvastSvc.exe

Alwil Software Avast5 AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 19 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

January 3, 2013

i'm not sure, just want to make sure there is no malware on my system. no visible signs of infection, but i changed all the settings in all of my browsers. Thank you very much for your assistance and help.

January 2, 2013

Am i finished? No more malware on my system?

January 2, 2013

Was i supposed to delete all 3 files with RogueKiller? I only deleted one.

here's the log for adwcleaner

***** [services] *****

Stopped & Deleted : Updater Service for StartNow Toolbar

***** [Files / Folders] *****

File Deleted : C:\END

File Deleted : C:\Users\RichardSohn\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk

File Deleted : C:\Users\RichardSohn\AppData\Roaming\Mozilla\Firefox\Profiles\oe9khkmp.default\searchplugins\funmoods.xml

Folder Deleted : C:\Users\RichardSohn\AppData\Roaming\Desktopicon

Folder Deleted : C:\Users\RichardSohn\AppData\Roaming\Funmoods

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKCU\Software\TENCENT

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}

Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr

Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar

Key Deleted : HKLM\Software\StartNow Toolbar

Key Deleted : HKLM\Software\TENCENT

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=adknlg&ir=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0EyCzz0EtA0DtD0F0BtB0AtCtDtN0D0Tzu0CtAyEtDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2005892322 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\RichardSohn\AppData\Roaming\Mozilla\Firefox\Profiles\oe9khkmp.default\prefs.js

C:\Users\RichardSohn\AppData\Roaming\Mozilla\Firefox\Profiles\oe9khkmp.default\user.js ... Deleted !

Deleted : user_pref("browser.search.selectedEngine", "Funmoods");

Deleted : user_pref("extensions.funmoods.aflt", "adknlg");

Deleted : user_pref("extensions.funmoods.autoRvrt", false);

Deleted : user_pref("extensions.funmoods.cntry", "US");

Deleted : user_pref("extensions.funmoods.cv", "cv5");

Deleted : user_pref("extensions.funmoods.dfltLng", "");

Deleted : user_pref("extensions.funmoods.dfltSrch", true);

Deleted : user_pref("extensions.funmoods.dnsErr", true);

Deleted : user_pref("extensions.funmoods.envrmnt", "production");

Deleted : user_pref("extensions.funmoods.excTlbr", false);

Deleted : user_pref("extensions.funmoods.hdrMd5", "1BA8FEB8B935C0A9F40C4BF49C496A4B");

Deleted : user_pref("extensions.funmoods.hmpg", true);

Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=adknlg&ir=adknlg&cd=2Xzuy[...]

Deleted : user_pref("extensions.funmoods.id", "001E68E3D0FB2A10");

Deleted : user_pref("extensions.funmoods.instlDay", "15679");

Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");

Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);

Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2215:45:35");

Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Deleted : user_pref("extensions.funmoods.newTab", true);

Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=adknlg&ir=adknlg&cd=2Xz[...]

Deleted : user_pref("extensions.funmoods.prdct", "funmoods");

Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");

Deleted : user_pref("extensions.funmoods.sg", "none");

Deleted : user_pref("extensions.funmoods.smplGrp", "none");

Deleted : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");

Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=adknlg&ir=adknlg&cd=2[...]

Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2215:45:35");

Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Deleted : user_pref("extensions.funmoods_i.newTab", true);

Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");

Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:45:35");

Deleted : user_pref("extensions.searchrecs@veoh.com.install-event-fired", true);

Deleted : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision[...]

Deleted : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2");

Deleted : user_pref("extensions.veohsearchrecs.id", "26bd393d8-e28e-13d9-d2ba-87ed2c3a240");

Deleted : user_pref("extensions.veohsearchrecs.lastsitedate", "13");

Deleted : user_pref("extensions.veohsearchrecs.veohenabled", "false");

Deleted : user_pref("keyword.URL", "hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z095&pa[...]

Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");

Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "www.startnow.com");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\RichardSohn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.12.1707.0

File : C:\Users\RichardSohn\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9883 octets] - [02/01/2013 12:43:47]

AdwCleaner[R2].txt - [9943 octets] - [02/01/2013 12:52:05]

AdwCleaner[s1].txt - [9941 octets] - [02/01/2013 12:53:05]

########## EOF - C:\AdwCleaner[s1].txt - [10001 octets] ##########

January 2, 2013

There were 3 "bad" files, on Rogue Killer. I deleted the suspicious one, was i supposed to delete all 3?

Here is the log for AdwCleaner

Found : Updater Service for StartNow Toolbar

***** [Files / Folders] *****

File Found : C:\END

File Found : C:\Users\RichardSohn\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk

File Found : C:\Users\RichardSohn\AppData\Roaming\Mozilla\Firefox\Profiles\oe9khkmp.default\searchplugins\funmoods.xml

Folder Found : C:\Users\RichardSohn\AppData\Roaming\Desktopicon

Folder Found : C:\Users\RichardSohn\AppData\Roaming\Funmoods

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKCU\Software\TENCENT

Key Found : HKCU\Software\Zugo

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}

Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject

Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject

Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}

Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr

Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar

Key Found : HKLM\Software\StartNow Toolbar

Key Found : HKLM\Software\TENCENT

Key Found : HKU\S-1-5-21-1433120736-4235176061-2558041162-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Key Found : HKU\S-1-5-21-1433120736-4235176061-2558041162-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=adknlg&ir=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0EyCzz0EtA0DtD0F0BtB0AtCtDtN0D0Tzu0CtAyEtDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2005892322

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\RichardSohn\AppData\Roaming\Mozilla\Firefox\Profiles\oe9khkmp.default\prefs.js

Found : user_pref("browser.search.selectedEngine", "Funmoods");

Found : user_pref("extensions.funmoods.aflt", "adknlg");

Found : user_pref("extensions.funmoods.autoRvrt", false);

Found : user_pref("extensions.funmoods.cntry", "US");

Found : user_pref("extensions.funmoods.cv", "cv5");

Found : user_pref("extensions.funmoods.dfltLng", "");

Found : user_pref("extensions.funmoods.dfltSrch", true);

Found : user_pref("extensions.funmoods.dnsErr", true);

Found : user_pref("extensions.funmoods.envrmnt", "production");

Found : user_pref("extensions.funmoods.excTlbr", false);

Found : user_pref("extensions.funmoods.hdrMd5", "1BA8FEB8B935C0A9F40C4BF49C496A4B");

Found : user_pref("extensions.funmoods.hmpg", true);

Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=adknlg&ir=adknlg&cd=2Xzuy[...]

Found : user_pref("extensions.funmoods.id", "001E68E3D0FB2A10");

Found : user_pref("extensions.funmoods.instlDay", "15679");

Found : user_pref("extensions.funmoods.instlRef", "adknlg");

Found : user_pref("extensions.funmoods.isdcmntcmplt", true);

Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2215:45:35");

Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Found : user_pref("extensions.funmoods.newTab", true);

Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=adknlg&ir=adknlg&cd=2Xz[...]

Found : user_pref("extensions.funmoods.prdct", "funmoods");

Found : user_pref("extensions.funmoods.prtnrId", "funmoods");

Found : user_pref("extensions.funmoods.sg", "none");

Found : user_pref("extensions.funmoods.smplGrp", "none");

Found : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");

Found : user_pref("extensions.funmoods.tlbrId", "base");

Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=adknlg&ir=adknlg&cd=2[...]

Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2215:45:35");

Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Found : user_pref("extensions.funmoods_i.newTab", true);

Found : user_pref("extensions.funmoods_i.smplGrp", "none");

Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:45:35");

Found : user_pref("extensions.searchrecs@veoh.com.install-event-fired", true);

Found : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision[...]

Found : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2");

Found : user_pref("extensions.veohsearchrecs.id", "26bd393d8-e28e-13d9-d2ba-87ed2c3a240");

Found : user_pref("extensions.veohsearchrecs.lastsitedate", "13");

Found : user_pref("extensions.veohsearchrecs.veohenabled", "false");

Found : user_pref("keyword.URL", "hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z095&pa[...]

Found : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");

Found : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "www.startnow.com");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\RichardSohn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.12.1707.0

File : C:\Users\RichardSohn\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9754 octets] - [02/01/2013 12:43:47]

########## EOF - C:\AdwCleaner[R1].txt - [9814 octets] ##########

January 2, 2013

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : RichardSohn [Admin rights]

Mode : Scan -- Date : 01/02/2013 11:58:41

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[TASK][sUSP PATH] Funmoods : C:\Users\RICHAR~1\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE /Check -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++

--- User ---

[MBR] 4afab9ba6db9689a75dd612f33c89ed2

[bSP] f7fcad8a8da35140f79ad82383955f5e : Acer tatooed MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 147501 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323055616 | Size: 143872 Mo

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 617705472 | Size: 3630 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01022013_02d1158.txt >>

RKreport[1]_S_01022013_02d1158.txt

January 2, 2013

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3000.2455 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0908&m=aspire_6930

mStart Page = hxxp://www.google.com

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0908&m=aspire_6930

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll

TB: The Weather Channel Toolbar: {2E5E800E-6AC0-411E-940A-369530A35E43} - c:\windows\system32\TwcToolbarIe7.dll

TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files\startnow toolbar\Toolbar32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\users\richardsohn\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [spotify Web Helper] "c:\users\richardsohn\appdata\roaming\spotify\data\SpotifyWebHelper.exe"

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe

mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"

mRun: [bkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"

mRun: [eRecoveryService] <no file>

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{2C264BDA-DB13-459D-B76E-A60007CE1696} : DHCPNameServer = 192.168.1.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\richardsohn\appdata\roaming\mozilla\firefox\profiles\oe9khkmp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.windowsxlive.net

FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110720&user_guid=40B74DB8530546188344CF477DC3EDC4&machine_id=0edac18c58953e31fc039bc89e447598&browser=FF&os=win&os_version=6.0-x86-SP2&q=

FF - prefs.js: browser.search.selectedEngine - Funmoods

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll

FF - plugin: c:\program files\olympus\ib utilities\firefox plugin\npIbInst.dll

FF - plugin: c:\users\richardsohn\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\users\richardsohn\appdata\roaming\move networks\plugins\npqmp071706000001.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll

FF - ExtSQL: !HIDDEN! 2009-08-22 01:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=adknlg&ir=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0EyCzz0EtA0DtD0F0BtB0AtCtDtN0D0Tzu0CtAyEtDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2005892322

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Funmoods

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=adknlg&ir=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0EyCzz0EtA0DtD0F0BtB0AtCtDtN0D0Tzu0CtAyEtDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2005892322

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=adknlg&ir=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0EyCzz0EtA0DtD0F0BtB0AtCtDtN0D0Tzu0CtAyEtDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=2005892322&q=

FF - user.js: extensions.funmoods.id - 001E68E3D0FB2A10

FF - user.js: extensions.funmoods.instlDay - 15679

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2215:45:35

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - adknlg

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - adknlg

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

.

============= SERVICES / DRIVERS ===============

.

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-18 738504]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-7 361032]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-9-11 61424]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-7 21256]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-7 58680]

S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-7 44808]

S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

S2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-9-11 81504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-10-14 24576]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]

S2 gupdate1c9bacb10fb39c8;Google Update Service (gupdate1c9bacb10fb39c8);c:\program files\google\update\GoogleUpdate.exe [2009-4-11 133104]

S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]

S2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-9-11 122368]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2012-11-27 479840]

S2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-9-11 233472]

S2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf squeezemysql --> c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf SqueezeMySQL [?]

S2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-1-18 5120]

S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-8-23 14336]

S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-8-23 20864]

S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-8-23 19968]

S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-8-23 24960]

S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2008-10-19 25728]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-14 113664]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-1-9 8576]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-2 30192]

S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]

.

=============== Created Last 30 ================

.

2013-01-02 14:28:34 -------- d--h--w- c:\windows\PIF

2013-01-01 07:17:18 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8d5149b7-5b34-4014-81e1-25c75e2b43fe}\offreg.dll

2013-01-01 07:03:08 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8d5149b7-5b34-4014-81e1-25c75e2b43fe}\mpengine.dll

2012-12-30 04:23:50 -------- d-----w- c:\users\richardsohn\appdata\local\Spotify

2012-12-30 04:22:56 -------- d-----w- c:\users\richardsohn\appdata\roaming\Spotify

2012-12-21 21:45:36 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 21:45:36 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-12-13 04:26:47 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-13 04:26:37 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-13 04:26:37 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-13 04:26:36 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-13 04:26:36 16896 ----a-w- c:\windows\system32\winusb.dll

2012-12-13 04:26:35 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-13 04:26:34 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-13 04:26:34 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-13 04:26:30 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-13 04:26:30 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-13 04:26:30 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-13 00:52:37 2048000 ----a-w- c:\windows\system32\win32k.sys

2012-12-13 00:52:36 376320 ----a-w- c:\windows\system32\dpnet.dll

2012-12-13 00:52:34 23040 ----a-w- c:\windows\system32\dpnsvr.exe

2012-12-13 00:52:31 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-13 00:52:23 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-07 05:08:30 -------- d-----w- c:\program files\Voxengo

2012-12-05 20:48:50 -------- d-----w- c:\users\richardsohn\appdata\roaming\Funmoods

.

==================== Find3M ====================

.

2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-12 18:59:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-12 18:59:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 23:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr

.

============= FINISH: 9:36:18.64 ===============

attach.zip

Sign In

billhouseman

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by billhouseman

funmoods virus

funmoods virus

funmoods virus

funmoods virus

funmoods virus

funmoods virus

funmoods virus

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information