Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows blocks download files-Need Help


  • This topic is locked This topic is locked
19 replies to this topic

#1 Vic Kersey

Vic Kersey

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 19 February 2014 - 05:05 AM

I'm sure some malicious virus has got my computer.  All files like Microsoft updates, email files (from good sources), and Norton Power Eraser are blocked.  Pop up window states files contains a virus.  Full Norton scans do not reveal the problem. Windows 7 operating system.

Thanks

Vic



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 19 February 2014 - 08:33 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Vic Kersey

Vic Kersey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 19 February 2014 - 08:40 AM

Most appreciate your assistance.  Please note I'm not able to download "Please download Farbar's Recovery Scan Tool to your desktop:..."

 

Vic



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 19 February 2014 - 08:50 AM

Don´t you have another computer nearby?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Vic Kersey

Vic Kersey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 19 February 2014 - 08:52 AM

Yes



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 19 February 2014 - 08:53 AM

Please download the file there, then run the scan as explained and post up the log files here in your thread, please. :)

We need to see what´s going on here, first.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Vic Kersey

Vic Kersey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 19 February 2014 - 09:01 AM

Okay.  Download to a second computer.  Then, scan the infected computer. 

 

So do I transfer Farbar's Recovery Scan Tool to infected computer?



#8 Vic Kersey

Vic Kersey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 19 February 2014 - 09:17 AM

Okay, it ran from the flash drive.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Vic (administrator) on VIC-HP on 19-02-2014 09:12:24
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
() C:\Program Files\IB Updater\ExtensionUpdaterService.exe
() C:\Windows\system32\dmwu.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
() C:\Users\Vic\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Nikon Corporation) C:\Program Files (x86)\Nikon\NkView6\NkvMon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(We-Care.com) C:\ProgramData\WeCareReminder\ReminderHelper.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\.DEFAULT\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3122603440-3039974119-3942265651-1001\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\S-1-5-21-3122603440-3039974119-3942265651-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-25] (Google Inc.)
HKU\S-1-5-21-3122603440-3039974119-3942265651-1001\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Vic\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3122603440-3039974119-3942265651-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-3122603440-3039974119-3942265651-1001\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Vic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {21AA7445-9AEC-4AB4-A234-E841316CAACC} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {22A59868-B652-4DFE-96D1-515FDF83ED4B} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464
SearchScopes: HKLM - {DDBAC37C-1154-4127-B19A-195370316E8D} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {21AA7445-9AEC-4AB4-A234-E841316CAACC} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {22A59868-B652-4DFE-96D1-515FDF83ED4B} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464
SearchScopes: HKLM-x32 - {DDBAC37C-1154-4127-B19A-195370316E8D} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - DefaultScope {22A59868-B652-4DFE-96D1-515FDF83ED4B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
SearchScopes: HKCU - {07720353-5322-DD9E-4A6D-55508C614C0A} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {21AA7445-9AEC-4AB4-A234-E841316CAACC} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {22A59868-B652-4DFE-96D1-515FDF83ED4B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
SearchScopes: HKCU - {6F89CEAE-04F7-4FFD-A8ED-74D888EA1C80} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Browseforchange/search/redirect/?type=default&user_id=6e22802d-637c-43a2-a006-3e38b2847192&query={searchTerms}
SearchScopes: HKCU - {A33E3ABF-677F-4819-A503-E5DB7572EC45} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKCU - {DDBAC37C-1154-4127-B19A-195370316E8D} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {EAF9520E-A95D-472D-BAE0-2E5CB1B34FDB} URL = http://delicious.com/search?p={searchTerms}
BHO: Privacy Safeguard BHO - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivacySafeguard)
BHO: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
BHO-x32: No Name - {1036AD63-AEAC-460B-9060-C96005D4DC86} -  No File
BHO-x32: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Browse For Change BHO - {912C156F-05CF-4B62-851A-96E167A677B0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Privacy Safeguard BHO - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivacySafeguard)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default
FF user.js: detected! => C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\user.js
FF NewTab: hxxp://mystart.incredibar.com/mb185?a=6OyWq3wjgT&i=26
FF DefaultSearchEngine: Funmoods
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", "");
FF SelectedSearchEngine: Funmoods
FF Homepage: hxxp://searchfunmoods.com/?f=1&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
FF Keyword.URL: hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&a=6OyWq3wjgT&&i=26&search=
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Vic\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Vic\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\searchplugins\Funmoods.xml
FF SearchPlugin: C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\searchplugins\MyStart Search.xml
FF Extension: Browse For Change - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\browseforchange@browseforchange.com [2012-12-06]
FF Extension: Funmoods.com - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\ffxtlbr@funmoods.com [2012-12-06]
FF Extension: incredibar.com - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\ffxtlbr@incredibar.com [2012-12-06]
FF Extension: No Name - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\staged [2013-03-31]
FF Extension: We-Care App - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\wecarereminder@bryan [2012-12-06]
FF Extension: Yahoo! Toolbar - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-12-06]
FF Extension: No Name - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.xpi [2012-12-06]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFF [2013-10-09]

Chrome:
=======
CHR HomePage: hxxp://searchfunmoods.com/?f=1&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
CHR RestoreOnStartup: "hxxp://searchfunmoods.com/?f=1&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=",
   "hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464"
CHR DefaultSearchProvider: Funmoods
CHR DefaultSearchURL: http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Vic\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Funmoods) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2013-03-10]
CHR Extension: (New Tab) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj [2013-03-10]
CHR Extension: (Privacy SafeGuard) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh [2013-03-10]
CHR Extension: (We-Care.com Reminder) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2013-03-10]
CHR Extension: (New tab for Chrome™) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg [2013-03-10]
CHR Extension: (Wajam) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-03-10]
CHR Extension: (Norton Identity Protection) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-03-10]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Vic\AppData\Local\funmoods.crx [2012-12-06]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Vic\AppData\Local\funmoods-speeddial_sf.crx [2012-12-06]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-12-06]
CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_adk-in_1_1.crx [2012-12-06]
CHR HKCU\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Vic\AppData\Local\funmoods.crx [2012-12-06]
CHR HKCU\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Vic\AppData\Local\funmoods-speeddial_sf.crx [2012-12-06]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Vic\AppData\Local\funmoods.crx [2012-12-06]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Vic\AppData\Local\funmoods-speeddial_sf.crx [2012-12-06]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-12-06]
CHR HKLM-x32\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_adk-in_1_1.crx [2012-12-06]
CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [2012-10-09]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-12-06]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Vic\AppData\Local\Wajam\Chrome\wajam.crx [2012-10-05]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
R2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2012-10-04] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1316144 2013-03-04] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
R2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20140214.001_b79\BHDrvx64.sys [1526488 2014-02-14] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-06] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-06] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20140218.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140218.032\ENG64.SYS [126040 2014-02-18] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140218.032\EX64.SYS [2099288 2014-02-18] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 EraserUtilDrv11310; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11310.sys [X]
S3 EraserUtilDrv11311; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-19 09:12 - 2014-02-19 09:12 - 00000000 ____D () C:\FRST
2014-02-19 03:07 - 2014-02-19 03:09 - 00004698 _____ () C:\Windows\IE11_main.log
2014-02-18 03:01 - 2014-02-19 09:00 - 00000284 _____ () C:\Windows\Tasks\Funmoods.job
2014-02-17 16:47 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-17 16:47 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-17 16:47 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-02-17 16:47 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-02-17 16:28 - 2013-12-21 04:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-17 16:28 - 2013-12-21 02:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-17 16:27 - 2014-02-01 04:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-17 16:27 - 2014-02-01 04:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-17 16:27 - 2014-02-01 04:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-17 16:27 - 2014-02-01 04:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-17 16:27 - 2014-02-01 04:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-17 16:27 - 2014-02-01 04:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-17 16:27 - 2014-02-01 04:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-17 16:27 - 2014-02-01 04:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-17 16:27 - 2014-02-01 04:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-17 16:27 - 2014-02-01 04:18 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-17 16:27 - 2014-02-01 04:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-17 16:27 - 2014-02-01 04:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-17 16:27 - 2014-02-01 04:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-17 16:27 - 2014-02-01 04:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-17 16:27 - 2014-02-01 04:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-17 16:27 - 2014-02-01 02:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-17 16:27 - 2014-02-01 02:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-17 16:27 - 2014-02-01 02:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-17 16:27 - 2014-02-01 02:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-17 16:27 - 2014-02-01 02:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-17 16:27 - 2014-02-01 02:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-17 16:27 - 2014-02-01 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-17 16:27 - 2014-02-01 02:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-17 16:27 - 2014-02-01 02:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-17 16:27 - 2014-02-01 02:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-17 16:27 - 2014-02-01 02:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-17 16:27 - 2014-02-01 02:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-17 16:27 - 2014-02-01 02:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-17 16:27 - 2014-02-01 02:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-17 16:27 - 2014-02-01 02:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-17 16:27 - 2014-02-01 02:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-17 16:27 - 2014-02-01 01:45 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-17 16:27 - 2014-02-01 01:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-17 15:57 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-17 15:57 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-17 15:57 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-17 15:57 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-17 15:57 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-17 15:57 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-17 15:57 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-02-17 15:57 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-02-17 15:57 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-17 15:57 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-02-17 15:57 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-17 15:57 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-02-17 15:57 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-17 15:57 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-02-17 15:57 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-02-17 15:57 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-02-17 15:57 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-02-17 15:57 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-17 15:57 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-17 15:57 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-02-17 15:57 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-02-17 15:57 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-02-17 15:56 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-17 15:56 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-17 15:56 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-17 15:56 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-17 15:56 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-17 15:56 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-17 15:56 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-17 15:56 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-17 15:56 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-17 15:56 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-17 15:56 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-17 15:56 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-17 15:56 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-17 15:56 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-17 15:56 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-17 15:56 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-17 15:56 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-17 15:56 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-17 15:56 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-17 15:56 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-17 15:56 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-17 15:56 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-17 15:56 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-17 15:56 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-17 15:56 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-17 15:56 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-17 15:56 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-17 15:56 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-17 15:56 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-17 15:56 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-17 15:56 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-17 15:56 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-02-17 15:56 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-02-17 15:56 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-02-17 15:56 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-02-17 15:56 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-02-17 15:56 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-02-17 15:56 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-02-17 15:56 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-02-17 15:56 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-02-17 15:56 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-02-17 15:56 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-02-17 15:56 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-02-17 15:56 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-02-17 15:56 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-02-17 15:56 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-02-17 15:56 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-02-17 15:56 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-02-17 15:56 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-02-17 15:56 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-02-17 15:56 - 2013-09-07 21:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-17 15:56 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-02-17 15:56 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-02-17 15:56 - 2013-08-28 21:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-02-17 15:56 - 2013-08-28 21:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-02-17 15:56 - 2013-08-28 21:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-02-17 15:56 - 2013-08-28 21:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-02-17 15:56 - 2013-08-28 21:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-02-17 15:56 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-02-17 15:56 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-02-17 15:56 - 2013-08-28 20:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-02-17 15:56 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-02-17 15:56 - 2013-08-28 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-02-17 15:56 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-02-17 15:56 - 2013-08-28 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-02-17 15:56 - 2013-08-28 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-02-17 15:56 - 2013-08-28 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-02-17 15:56 - 2013-08-28 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-02-17 15:56 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-02-17 15:56 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-02-17 15:56 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-02-17 15:56 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-02-17 15:56 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-02-17 15:56 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-02-17 15:56 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-02-17 15:56 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-02-17 15:56 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-02-17 15:56 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-02-17 15:56 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-02-17 15:56 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-02-17 15:56 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-02-17 15:56 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-02-17 15:56 - 2013-07-02 23:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-02-17 15:56 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-02-17 15:56 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-02-17 15:56 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-02-17 15:56 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-02-17 15:56 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-02-17 15:56 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-02-17 15:56 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-02-17 15:56 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-02-17 15:56 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-02-17 15:56 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-02-17 15:56 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-02-17 15:56 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-02-17 15:56 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-02-17 15:55 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-17 15:55 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-17 15:55 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-02-17 15:55 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-02-17 15:55 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-02-17 15:55 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-02-17 15:55 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-02-17 15:55 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-02-17 15:55 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-02-17 15:55 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-17 15:55 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-17 15:55 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-02-17 15:55 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-02-17 15:55 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-02-17 15:55 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-02-17 15:55 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-02-17 15:55 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-02-17 15:55 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-17 15:55 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-02-17 15:55 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-02-17 15:55 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-02-17 15:55 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-17 15:55 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-28 07:19 - 2014-01-28 07:19 - 00000000 ____D () C:\Users\Vic\AppData\Local\{609501F3-66A8-4839-A8B1-237EAF6741A5}

==================== One Month Modified Files and Folders =======

2014-02-19 09:12 - 2014-02-19 09:12 - 00000000 ____D () C:\FRST
2014-02-19 09:11 - 2009-07-13 23:51 - 00058313 _____ () C:\Windows\setupact.log
2014-02-19 09:08 - 2010-11-25 18:08 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 09:00 - 2014-02-18 03:01 - 00000284 _____ () C:\Windows\Tasks\Funmoods.job
2014-02-19 08:57 - 2010-10-12 00:06 - 01236077 _____ () C:\Windows\WindowsUpdate.log
2014-02-19 08:50 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-19 08:50 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-19 08:23 - 2013-03-06 19:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-19 07:57 - 2013-03-04 20:12 - 00000628 ____H () C:\Windows\Tasks\Norton Product InstallerIdle.job
2014-02-19 06:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-02-19 03:32 - 2009-07-14 00:13 - 00727144 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-19 03:27 - 2010-11-25 18:08 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-19 03:27 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-19 03:26 - 2010-10-23 12:24 - 00835286 _____ () C:\Windows\PFRO.log
2014-02-19 03:25 - 2010-10-24 20:27 - 00000000 ____D () C:\Users\Vic\AppData\Roaming\SoftGrid Client
2014-02-19 03:09 - 2014-02-19 03:07 - 00004698 _____ () C:\Windows\IE11_main.log
2014-02-19 03:07 - 2010-11-01 19:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-19 03:07 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-19 03:03 - 2010-11-25 18:08 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-19 03:03 - 2010-11-25 18:08 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 21:43 - 2010-10-12 00:41 - 00000000 ____D () C:\ProgramData\Norton
2014-02-18 21:43 - 2010-10-12 00:17 - 00000000 ____D () C:\ProgramData\CinemaNow
2014-02-18 21:43 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-02-18 21:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-02-18 21:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-18 18:47 - 2012-12-06 20:42 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-02-18 18:46 - 2010-10-23 14:34 - 00000000 ____D () C:\Users\Vic
2014-02-18 03:01 - 2012-12-06 20:36 - 00003216 _____ () C:\Windows\System32\Tasks\Funmoods
2014-02-18 03:00 - 2013-09-14 22:09 - 00000179 _____ () C:\Users\Vic\AppData\Roaming\WB.CFG
2014-02-17 18:23 - 2010-10-23 14:43 - 00000000 ___RD () C:\Users\Vic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 18:23 - 2010-10-23 14:43 - 00000000 ___RD () C:\Users\Vic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-17 18:23 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-17 18:19 - 2009-07-13 23:45 - 00422144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-17 18:13 - 2013-03-14 02:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-17 18:13 - 2013-03-14 02:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-17 16:47 - 2010-10-24 20:26 - 00743348 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-17 16:47 - 2010-10-24 20:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-02-17 15:05 - 2012-06-29 19:18 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForVic.job
2014-02-17 14:37 - 2010-10-23 14:35 - 00113528 _____ () C:\Users\Vic\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-17 14:23 - 2012-06-29 19:18 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForVic
2014-02-17 14:23 - 2011-10-31 19:01 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-17 14:23 - 2010-11-01 18:43 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-17 14:22 - 2010-10-12 00:07 - 00000000 ____D () C:\ProgramData\PDFC
2014-02-05 15:12 - 2013-03-06 19:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 15:12 - 2013-03-06 19:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 15:12 - 2013-03-06 19:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 13:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-04 13:17 - 2011-12-21 19:23 - 00002104 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-01 04:20 - 2014-02-17 16:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 04:19 - 2014-02-17 16:27 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-01 04:19 - 2014-02-17 16:27 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-01 04:18 - 2014-02-17 16:27 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-01 04:18 - 2014-02-17 16:27 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-01 04:18 - 2014-02-17 16:27 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-01 04:18 - 2014-02-17 16:27 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-01 04:18 - 2014-02-17 16:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-01 04:18 - 2014-02-17 16:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-01 04:18 - 2014-02-17 16:27 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-01 04:18 - 2014-02-17 16:27 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-01 04:18 - 2014-02-17 16:27 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-01 04:18 - 2014-02-17 16:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-01 04:18 - 2014-02-17 16:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-01 04:18 - 2014-02-17 16:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-01 02:58 - 2014-02-17 16:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-01 02:58 - 2014-02-17 16:27 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-01 02:57 - 2014-02-17 16:27 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-01 02:57 - 2014-02-17 16:27 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-01 02:57 - 2014-02-17 16:27 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-01 02:57 - 2014-02-17 16:27 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-01 02:57 - 2014-02-17 16:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-01 02:57 - 2014-02-17 16:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-01 02:57 - 2014-02-17 16:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-01 02:57 - 2014-02-17 16:27 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-01 02:57 - 2014-02-17 16:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-01 02:57 - 2014-02-17 16:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-01 02:57 - 2014-02-17 16:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-01 02:57 - 2014-02-17 16:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-01 02:40 - 2014-02-17 16:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 02:34 - 2014-02-17 16:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-01 01:45 - 2014-02-17 16:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-01 01:38 - 2014-02-17 16:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-28 07:19 - 2014-01-28 07:19 - 00000000 ____D () C:\Users\Vic\AppData\Local\{609501F3-66A8-4839-A8B1-237EAF6741A5}
2014-01-28 07:19 - 2010-10-25 05:48 - 00000000 ____D () C:\Users\Vic\AppData\Local\Windows Live
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Files to move or delete:
====================
C:\Users\Vic\AppData\Roaming\cache.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2014-02-18 06:09

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by Vic at 2014-02-19 09:13:50
Running from H:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.21 (x32 Version: 9.21.00.0 - Igor Pavlov)
Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop 5.5 (x32 Version: 5.5 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.18 (HKCU Version: 1.0.18 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.0.1 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.0.1 - Amazon Services LLC) Hidden
Apple Application Support (x32 Version: 1.4.1 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASPCA Reminder by We-Care.com v4.1.19.1 (x32 Version: 4.1.19.1 - We-Care.com)
ATI Catalyst Install Manager (Version: 3.0.774.0 - ATI Technologies, Inc.)
Avery Template (x32 Version: 2.0.0.0 - Avery)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (x32 Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Browse For Change (x32 Version:  - Browseforchange)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help English (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help French (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help German (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
ccc-utility64 (Version: 2010.0511.2153.37435 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (x32 Version: 1.9.1.105 - CinemaNow, Inc.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2823 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2823 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Ease Audio Converter 5.30 (x32 Version:  - )
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Funmoods (x32 Version:  - Volonet Ltd) <==== ATTENTION
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (x32 Version: 3.4.12850.3526 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (x32 Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (x32 Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.1.4229 - Hewlett-Packard) Hidden
HP MediaSmart Music (x32 Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.1.4301 - Hewlett-Packard) Hidden
HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.1.4211 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.1.4214 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (x32 Version: 11.14.0001 - HP)
HP Setup (x32 Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (x32 Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (x32 Version: 10.1.0002 - Hewlett-Packard)
HP Update (x32 Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (Version: 2.1.2.27173 - Hewlett-Packard)
Hulu Desktop (HKCU Version: 0.9.13 - Hulu LLC)
IB Updater 2.0.0.530 (Version: 2.0.0.530 - IncrediBar) <==== ATTENTION
IB Updater Service (Version: 2.0.1.1 - ) <==== ATTENTION
Incredibar Toolbar  on IE (x32 Version:  - ) <==== ATTENTION
Internet Explorer (Enable DEP) (Version:  - )
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (x32 Version:  - )
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (x32 Version: 1.18.15.1 - LightScribe)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - English (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office O MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox 14.0.1 (x86 en-US) (x32 Version: 14.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 14.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nikon View 6 (x32 Version:  - )
Norton 360 (x32 Version: 20.4.0.40 - Symantec Corporation)
Norton Bootable Recovery Tool Wizard (x32 Version: 3.1.0.11 - Symantec Corporation)
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
PDF Complete Special Edition (x32 Version: 3.5.111 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (x32 Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (x32 Version: 5.10.621.0 -  NewspaperDirect Inc.)
Privacy SafeGuard version 1.1 (Version: 1.1 - Privacy SafeGuard)
QuickTime (x32 Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6132 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Roxio CinemaNow 2.0 (x32 Version: 1.0.284 - Hewlett-Packard) Hidden
Sendori (x32 Version: 2.0.15 - Sendori, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (x32 Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wajam (x32 Version: 1.50 - Wajam) <==== ATTENTION
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! BrowserPlus 2.9.8 (HKCU Version:  - Yahoo! Inc.)
Yahoo! Software Update (x32 Version:  - )
Yahoo! Toolbar (x32 Version:  - Yahoo! Inc.)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

06-02-2014 21:10:46 Scheduled Checkpoint
14-02-2014 18:21:13 Scheduled Checkpoint
17-02-2014 19:40:50 restore 2-17-14
17-02-2014 20:58:53 Windows Update
18-02-2014 08:00:38 Windows Update
18-02-2014 23:27:55 Windows Update
19-02-2014 08:00:41 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0AE5A47F-B29B-487F-A37A-A8DA2584B6B4} - System32\Tasks\HPCeeScheduleForVic => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1245012B-6F22-4997-A45E-897DBF833F70} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {1271880C-4210-4662-8CE5-55932F9BEDEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {14A3E070-61A3-4C03-8C0E-FB439AD50E1A} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe
Task: {1CA03989-BCA2-4E0B-8DF9-3A8D977CCEDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25] (Google Inc.)
Task: {1FA05FDC-1B8C-4D41-9C60-A6BEB0710CD8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {39541F1E-E4BB-450E-9AB4-1BB7783778FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4073B2E6-F0ED-45F0-99A6-4C1F1A0265C3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {5E68DF40-3AF2-4064-9AF3-E633713E3DEF} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {7A4C9741-5668-4D9A-A8B5-4D3F3E9FA371} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {85FBBE48-2D76-4CCA-A9DB-4A8DF9424EC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25] (Google Inc.)
Task: {8753A6C8-7E58-4565-98B2-4C5DBF839D2B} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {B0DA792E-72C0-41B7-8427-E04DD2187D1A} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {B3954A93-6E99-4D3B-8233-CA68F3CDE8C3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {F11B3EB1-4050-43FE-8C44-3846C008C1B8} - System32\Tasks\Funmoods => C:\Users\Vic\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Funmoods.job => C:\Users\Vic\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForVic.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\SysWOW64\Adobe\Shockwave 12\SymInstallStub.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-12-06 20:40 - 2012-10-04 14:06 - 00188760 _____ () C:\Program Files\IB Updater\ExtensionUpdaterService.exe
2012-12-06 20:41 - 2013-03-04 04:00 - 01316144 _____ () C:\Windows\system32\dmwu.exe
2010-01-18 12:21 - 2010-01-18 12:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2013-05-22 13:17 - 2013-05-22 13:17 - 00400704 _____ () C:\Users\Vic\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2009-06-08 18:45 - 2009-06-08 18:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-12 00:09 - 2010-10-12 00:09 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-06-18 19:18 - 2012-05-30 09:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll
2010-09-28 14:00 - 2010-09-28 14:00 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-09-28 14:00 - 2010-09-28 14:00 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-09-28 14:00 - 2010-09-28 14:00 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2014 07:33:00 AM) (Source: Kamodia) (User: )
Description: Process with an Id of 570558208 is not running.

Error: (02/18/2014 11:29:53 AM) (Source: Kamodia) (User: )
Description: Process with an Id of 235013888 is not running.

Error: (02/17/2014 03:03:15 PM) (Source: HP Advisor) (User: )
Description: Timestamp: 02/17/2014 15:03:15.052;
Category: FATAL;
Priority:(4);
Win32 Thread Id: [76356];
Message: Application::OnStartup() failed !!!, shutdown application... ;
EventId: 400;
Severity: Critical;
Machine: VIC-HP;
Application Domain: HPAdvisor.exe;
Process Id: 76360;
Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe;
Extended Properties:

Error: (02/17/2014 03:03:01 PM) (Source: HP Advisor) (User: )
Description: Timestamp: 02/17/2014 15:03:00.543;
Category: FATAL;
Priority:(4);
Win32 Thread Id: [72216];
Message: Application::OnStartup() failed !!!, shutdown application... ;
EventId: 400;
Severity: Critical;
Machine: VIC-HP;
Application Domain: HPAdvisor.exe;
Process Id: 74940;
Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe;
Extended Properties:

Error: (02/13/2014 03:37:35 PM) (Source: SendoriService) (User: )
Description: In the enable methodObject reference not set to an instance of an object.

Error: (02/13/2014 03:36:36 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (02/13/2014 04:57:03 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program dmwu.exe because of this error.

Program: dmwu.exe
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (02/13/2014 04:57:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: dmwu.exe, version: 2.0.1.1, time stamp: 0x513462b5
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
Exception code: 0xc0000096
Fault offset: 0x0000000000182948
Faulting process id: 0x7e8
Faulting application start time: 0xdmwu.exe0
Faulting application path: dmwu.exe1
Faulting module path: dmwu.exe2
Report Id: dmwu.exe3

Error: (02/13/2014 04:57:01 AM) (Source: Application Error) (User: )
Description: Faulting application name: WajamUpdater.exe, version: 1.0.0.5, time stamp: 0x4f143f83
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x9e8
Faulting application start time: 0xWajamUpdater.exe0
Faulting application path: WajamUpdater.exe1
Faulting module path: WajamUpdater.exe2
Report Id: WajamUpdater.exe3

Error: (02/11/2014 00:58:22 PM) (Source: SendoriService) (User: )
Description: In the enable methodObject reference not set to an instance of an object.

System errors:
=============
Error: (02/19/2014 08:23:51 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (02/19/2014 08:23:51 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (02/19/2014 07:28:27 AM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/19/2014 06:43:32 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (02/19/2014 06:43:32 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (02/19/2014 04:53:37 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (02/19/2014 04:53:37 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (02/19/2014 03:29:11 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (02/19/2014 03:29:11 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (02/19/2014 03:29:02 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Microsoft Office Sessions:
=========================
Error: (02/19/2014 07:33:00 AM) (Source: Kamodia)(User: )
Description: Process with an Id of 570558208 is not running.

Error: (02/18/2014 11:29:53 AM) (Source: Kamodia)(User: )
Description: Process with an Id of 235013888 is not running.

Error: (02/17/2014 03:03:15 PM) (Source: HP Advisor)(User: )
Description: Timestamp: 02/17/2014 15:03:15.052;
Category: FATAL;
Priority:(4);
Win32 Thread Id: [76356];
Message: Application::OnStartup() failed !!!, shutdown application... ;
EventId: 400;
Severity: Critical;
Machine: VIC-HP;
Application Domain: HPAdvisor.exe;
Process Id: 76360;
Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe;
Extended Properties:

Error: (02/17/2014 03:03:01 PM) (Source: HP Advisor)(User: )
Description: Timestamp: 02/17/2014 15:03:00.543;
Category: FATAL;
Priority:(4);
Win32 Thread Id: [72216];
Message: Application::OnStartup() failed !!!, shutdown application... ;
EventId: 400;
Severity: Critical;
Machine: VIC-HP;
Application Domain: HPAdvisor.exe;
Process Id: 74940;
Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe;
Extended Properties:

Error: (02/13/2014 03:37:35 PM) (Source: SendoriService)(User: )
Description: In the enable methodObject reference not set to an instance of an object.

Error: (02/13/2014 03:36:36 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (02/13/2014 04:57:03 AM) (Source: Application Error)(User: )
Description: dmwu.exe000000000

Error: (02/13/2014 04:57:03 AM) (Source: Application Error)(User: )
Description: dmwu.exe2.0.1.1513462b5ole32.dll6.1.7601.175144ce7c92cc000009600000000001829487e801cf2447d224e5bdC:\Windows\system32\dmwu.exeC:\Windows\system32\ole32.dll2fc51dde-9495-11e3-a934-d48564b577e2

Error: (02/13/2014 04:57:01 AM) (Source: Application Error)(User: )
Description: WajamUpdater.exe1.0.0.54f143f83unknown0.0.0.000000000c0000005000000009e801cf2447d8f817c5C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exeunknown2ebce51f-9495-11e3-a934-d48564b577e2

Error: (02/11/2014 00:58:22 PM) (Source: SendoriService)(User: )
Description: In the enable methodObject reference not set to an instance of an object.

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 5887.29 MB
Available physical RAM: 4136.92 MB
Total Pagefile: 11772.75 MB
Available Pagefile: 9138.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.35 GB) (Free:851.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.07 GB) (Free:1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (My GS Drive) (Removable) (Total:0.95 GB) (Free:0.11 GB) FAT
Drive h: (TELLUS) (Removable) (Total:3.73 GB) (Free:3.48 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: C5FB2B2F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 974 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=974 MB) - (Type=0E)

========================================================
Disk: 6 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 20 February 2014 - 07:29 AM

Your computer is badly infected. Let´s try to get rid of all this crap:

 

 

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKU\.DEFAULT\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
    HKU\S-1-5-19\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
    HKU\S-1-5-20\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
    HKU\S-1-5-21-3122603440-3039974119-3942265651-1001\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
    SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464
    SearchScopes: HKLM-x32 - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {21AA7445-9AEC-4AB4-A234-E841316CAACC} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464
    SearchScopes: HKCU - DefaultScope {22A59868-B652-4DFE-96D1-515FDF83ED4B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
    SearchScopes: HKCU - {21AA7445-9AEC-4AB4-A234-E841316CAACC} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKCU - {22A59868-B652-4DFE-96D1-515FDF83ED4B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
    SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Browseforchange/search/redirect/?type=default&user_id=6e22802d-637c-43a2-a006-3e38b2847192&query={searchTerms}
    SearchScopes: HKCU - {EAF9520E-A95D-472D-BAE0-2E5CB1B34FDB} URL = http://delicious.com/search?p={searchTerms}
    BHO: Privacy Safeguard BHO - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivacySafeguard)
    BHO: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
    BHO-x32: No Name - {1036AD63-AEAC-460B-9060-C96005D4DC86} -  No File
    BHO-x32: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
    BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
    BHO-x32: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
    BHO-x32: Browse For Change BHO - {912C156F-05CF-4B62-851A-96E167A677B0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    BHO-x32: Privacy Safeguard BHO - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivacySafeguard)
    BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
    BHO-x32: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
    Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
    Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
    Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
    Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
    FF NewTab: hxxp://mystart.incredibar.com/mb185?a=6OyWq3wjgT&i=26
    FF DefaultSearchEngine: Funmoods
    FF SelectedSearchEngine: Funmoods
    FF Homepage: hxxp://searchfunmoods.com/?f=1&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
    FF Keyword.URL: hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&a=6OyWq3wjgT&&i=26&search=
    FF SearchPlugin: C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\searchplugins\Funmoods.xml
    FF SearchPlugin: C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\searchplugins\MyStart Search.xml
    FF Extension: Browse For Change - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\browseforchange@browseforchange.com [2012-12-06]
    FF Extension: Funmoods.com - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\ffxtlbr@funmoods.com [2012-12-06]
    FF Extension: incredibar.com - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\ffxtlbr@incredibar.com [2012-12-06]
    FF Extension: No Name - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\staged [2013-03-31]
    FF Extension: We-Care App - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\wecarereminder@bryan [2012-12-06]
    FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
    FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-06]
    FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
    FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-06]
    CHR HomePage: hxxp://searchfunmoods.com/?f=1&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
    CHR RestoreOnStartup: "hxxp://searchfunmoods.com/?f=1&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=",
       "hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464"
    CHR DefaultSearchProvider: Funmoods
    CHR DefaultSearchURL: http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
    CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Vic\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
    CHR Extension: (Funmoods) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2013-03-10]
    CHR Extension: (New Tab) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj [2013-03-10]
    CHR Extension: (Privacy SafeGuard) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh [2013-03-10]
    CHR Extension: (We-Care.com Reminder) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2013-03-10]
    CHR Extension: (New tab for Chrome™) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg [2013-03-10]
    CHR Extension: (Wajam) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-03-10]
    CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Vic\AppData\Local\funmoods.crx [2012-12-06]
    CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Vic\AppData\Local\funmoods-speeddial_sf.crx [2012-12-06]
    CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-12-06]
    CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_adk-in_1_1.crx [2012-12-06]
    CHR HKCU\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Vic\AppData\Local\funmoods.crx [2012-12-06]
    CHR HKCU\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Vic\AppData\Local\funmoods-speeddial_sf.crx [2012-12-06]
    CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Vic\AppData\Local\funmoods.crx [2012-12-06]
    CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Vic\AppData\Local\funmoods-speeddial_sf.crx [2012-12-06]
    CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-12-06]
    CHR HKLM-x32\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_adk-in_1_1.crx [2012-12-06]
    CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [2012-10-09]
    CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-12-06]
    CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Vic\AppData\Local\Wajam\Chrome\wajam.crx [2012-10-05]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    
    R2 Application Sendori
    R2 IB Updater
    R2 IBUpdaterService
    R2 Service Sendori
    R2 sndappv2
    R2 WajamUpdater
    
    C:\Windows\system32\dmwu.exe
    C:\Program Files (x86)\Sendori
    C:\Program Files (x86)\Incredibar.com
    C:\Program Files (x86)\Funmoods
    C:\Windows\Tasks\Funmoods.job
    C:\Windows\System32\Tasks\Funmoods
    C:\Program Files (x86)\Wajam
    C:\Program Files (x86)\Google\Desktop\Install
    C:\Users\Vic\AppData\Roaming\cache.ini
    C:\Windows\Tasks\Funmoods.job
    C:\Program Files\PrivacySafeGuard
    C:\Program Files\IB Updater
    C:\ProgramData\WeCareReminder
    C:\Users\Vic\AppData\Local\Wajam
    C:\Program Files (x86)\Perion\NewTab
    
    DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    
    CMD: netsh winsock reset
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Vic Kersey

Vic Kersey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 20 February 2014 - 07:59 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by Vic at 2014-02-20 07:58:09 Run:1
Running from H:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3122603440-3039974119-3942265651-1001\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464
SearchScopes: HKLM-x32 - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {21AA7445-9AEC-4AB4-A234-E841316CAACC} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464
SearchScopes: HKCU - DefaultScope {22A59868-B652-4DFE-96D1-515FDF83ED4B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
SearchScopes: HKCU - {21AA7445-9AEC-4AB4-A234-E841316CAACC} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {22A59868-B652-4DFE-96D1-515FDF83ED4B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Browseforchange/search/redirect/?type=default&user_id=6e22802d-637c-43a2-a006-3e38b2847192&query={searchTerms}
SearchScopes: HKCU - {EAF9520E-A95D-472D-BAE0-2E5CB1B34FDB} URL = http://delicious.com/search?p={searchTerms}
BHO: Privacy Safeguard BHO - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivacySafeguard)
BHO: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
BHO-x32: No Name - {1036AD63-AEAC-460B-9060-C96005D4DC86} -  No File
BHO-x32: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
BHO-x32: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
BHO-x32: Browse For Change BHO - {912C156F-05CF-4B62-851A-96E167A677B0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Privacy Safeguard BHO - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivacySafeguard)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
FF NewTab: hxxp://mystart.incredibar.com/mb185?a=6OyWq3wjgT&i=26
FF DefaultSearchEngine: Funmoods
FF SelectedSearchEngine: Funmoods
FF Homepage: hxxp://searchfunmoods.com/?f=1&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
FF Keyword.URL: hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&a=6OyWq3wjgT&&i=26&search=
FF SearchPlugin: C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\searchplugins\Funmoods.xml
FF SearchPlugin: C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\searchplugins\MyStart Search.xml
FF Extension: Browse For Change - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\browseforchange@browseforchange.com [2012-12-06]
FF Extension: Funmoods.com - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\ffxtlbr@funmoods.com [2012-12-06]
FF Extension: incredibar.com - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\ffxtlbr@incredibar.com [2012-12-06]
FF Extension: No Name - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\staged [2013-03-31]
FF Extension: We-Care App - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\wecarereminder@bryan [2012-12-06]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-06]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2012-12-06]
CHR HomePage: hxxp://searchfunmoods.com/?f=1&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
CHR RestoreOnStartup: "hxxp://searchfunmoods.com/?f=1&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=",
   "hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CtAyEtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1617078464"
CHR DefaultSearchProvider: Funmoods
CHR DefaultSearchURL: http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Vic\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Extension: (Funmoods) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2013-03-10]
CHR Extension: (New Tab) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj [2013-03-10]
CHR Extension: (Privacy SafeGuard) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh [2013-03-10]
CHR Extension: (We-Care.com Reminder) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2013-03-10]
CHR Extension: (New tab for Chrome™) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg [2013-03-10]
CHR Extension: (Wajam) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-03-10]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Vic\AppData\Local\funmoods.crx [2012-12-06]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Vic\AppData\Local\funmoods-speeddial_sf.crx [2012-12-06]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-12-06]
CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_adk-in_1_1.crx [2012-12-06]
CHR HKCU\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Vic\AppData\Local\funmoods.crx [2012-12-06]
CHR HKCU\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Vic\AppData\Local\funmoods-speeddial_sf.crx [2012-12-06]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Vic\AppData\Local\funmoods.crx [2012-12-06]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Vic\AppData\Local\funmoods-speeddial_sf.crx [2012-12-06]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-12-06]
CHR HKLM-x32\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_adk-in_1_1.crx [2012-12-06]
CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [2012-10-09]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-12-06]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Vic\AppData\Local\Wajam\Chrome\wajam.crx [2012-10-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

R2 Application Sendori
R2 IB Updater
R2 IBUpdaterService
R2 Service Sendori
R2 sndappv2
R2 WajamUpdater

C:\Windows\system32\dmwu.exe
C:\Program Files (x86)\Sendori
C:\Program Files (x86)\Incredibar.com
C:\Program Files (x86)\Funmoods
C:\Windows\Tasks\Funmoods.job
C:\Windows\System32\Tasks\Funmoods
C:\Program Files (x86)\Wajam
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Vic\AppData\Roaming\cache.ini
C:\Windows\Tasks\Funmoods.job
C:\Program Files\PrivacySafeGuard
C:\Program Files\IB Updater
C:\ProgramData\WeCareReminder
C:\Users\Vic\AppData\Local\Wajam
C:\Program Files (x86)\Perion\NewTab

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

CMD: netsh winsock reset
*****************

HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\S-1-5-21-3122603440-3039974119-3942265651-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => Key deleted successfully.
HKCR\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{21AA7445-9AEC-4AB4-A234-E841316CAACC} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{21AA7445-9AEC-4AB4-A234-E841316CAACC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21AA7445-9AEC-4AB4-A234-E841316CAACC} => Key deleted successfully.
HKCR\CLSID\{21AA7445-9AEC-4AB4-A234-E841316CAACC} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{22A59868-B652-4DFE-96D1-515FDF83ED4B} => Key deleted successfully.
HKCR\CLSID\{22A59868-B652-4DFE-96D1-515FDF83ED4B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} => Key deleted successfully.
HKCR\CLSID\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EAF9520E-A95D-472D-BAE0-2E5CB1B34FDB} => Key deleted successfully.
HKCR\CLSID\{EAF9520E-A95D-472D-BAE0-2E5CB1B34FDB} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86} => Key deleted successfully.
HKCR\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} => Key deleted successfully.
HKCR\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{912C156F-05CF-4B62-851A-96E167A677B0} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{912C156F-05CF-4B62-851A-96E167A677B0} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => Key not found.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\searchplugins\Funmoods.xml => Moved successfully.
C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\searchplugins\MyStart Search.xml => Moved successfully.
C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\browseforchange@browseforchange.com => Moved successfully.
C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\ffxtlbr@funmoods.com => Moved successfully.
C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\ffxtlbr@incredibar.com => Moved successfully.
C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\staged => Moved successfully.
C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\midc6eaz.default\Extensions\wecarereminder@bryan => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => Value deleted successfully.
C:\Program Files\IB Updater\Firefox => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => Value deleted successfully.
C:\Program Files\IB Updater\Firefox not found.
CHR HomePage: hxxp://searchfunmoods.com/?f=1&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir= ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://searchfunmoods.com/?f=1&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir=", ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Funmoods ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=AgnUpd&cd=2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0ByDyByB0EtBtD0BtAtCtN0D0Tzu0CyEzztDtN1L2XzutN1L1Czu&cr=1450863260&ir= ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Vic\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => Moved successfully.
C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh => Moved successfully.
C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj => Moved successfully.
C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh => Moved successfully.
C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm => Moved successfully.
C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg => Moved successfully.
C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh => Key deleted successfully.
C:\Users\Vic\AppData\Local\funmoods.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj => Key deleted successfully.
C:\Users\Vic\AppData\Local\funmoods-speeddial_sf.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => Key deleted successfully.
C:\Program Files\IB Updater\source.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh => Key deleted successfully.
C:\Program Files\PrivacySafeGuard\pschrome_adk-in_1_1.crx => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh => Key deleted successfully.
"C:\Users\Vic\AppData\Local\funmoods.crx" => File/Directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj => Key deleted successfully.
"C:\Users\Vic\AppData\Local\funmoods-speeddial_sf.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh => Key deleted successfully.
"C:\Users\Vic\AppData\Local\funmoods.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj => Key deleted successfully.
"C:\Users\Vic\AppData\Local\funmoods-speeddial_sf.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => Key deleted successfully.
"C:\Program Files\IB Updater\source.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh => Key deleted successfully.
"C:\Program Files\PrivacySafeGuard\pschrome_adk-in_1_1.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm => Key deleted successfully.
C:\ProgramData\WeCareReminder\\wecarereminderro.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg => Key deleted successfully.
C:\Program Files (x86)\Perion\NewTab\newTab.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp => Key deleted successfully.
C:\Users\Vic\AppData\Local\Wajam\Chrome\wajam.crx => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Windows\system32\dmwu.exe => Moved successfully.

"C:\Program Files (x86)\Sendori" directory move:

C:\Program Files (x86)\Sendori\DynLib.dll => Moved successfully.
C:\Program Files (x86)\Sendori\freebl3.dll => Moved successfully.
C:\Program Files (x86)\Sendori\install.log => Moved successfully.
C:\Program Files (x86)\Sendori\Interop.PCProxyLib.dll => Moved successfully.
C:\Program Files (x86)\Sendori\libnspr4.dll => Moved successfully.
C:\Program Files (x86)\Sendori\libplc4.dll => Moved successfully.
C:\Program Files (x86)\Sendori\libplds4.dll => Moved successfully.
C:\Program Files (x86)\Sendori\nss3.dll => Moved successfully.
C:\Program Files (x86)\Sendori\nssckbi.dll => Moved successfully.
C:\Program Files (x86)\Sendori\nssdbm3.dll => Moved successfully.
C:\Program Files (x86)\Sendori\nssutil3.dll => Moved successfully.
C:\Program Files (x86)\Sendori\PAD_FILE.xml => Moved successfully.
C:\Program Files (x86)\Sendori\Sendori.dll => Moved successfully.
C:\Program Files (x86)\Sendori\Sendori.Library.dll => Moved successfully.
C:\Program Files (x86)\Sendori\Sendori.Service.exe => Moved successfully.
C:\Program Files (x86)\Sendori\sendori32.sys => Moved successfully.
C:\Program Files (x86)\Sendori\sendori32.sys.win7 => Moved successfully.
C:\Program Files (x86)\Sendori\SendoriControl.exe => Moved successfully.
C:\Program Files (x86)\Sendori\SendoriLSP.exe => Moved successfully.
C:\Program Files (x86)\Sendori\SendoriLSP.ini => Moved successfully.
C:\Program Files (x86)\Sendori\SendoriLSP64.exe => Moved successfully.
C:\Program Files (x86)\Sendori\SendoriSvc.exe => Moved successfully.
C:\Program Files (x86)\Sendori\SendoriTray.exe => Moved successfully.
C:\Program Files (x86)\Sendori\SendoriUp.exe => Moved successfully.
C:\Program Files (x86)\Sendori\smime3.dll => Moved successfully.
C:\Program Files (x86)\Sendori\sndappv2.exe => Moved successfully.
C:\Program Files (x86)\Sendori\SndCertDLL.dll => Moved successfully.
C:\Program Files (x86)\Sendori\softokn3.dll => Moved successfully.
C:\Program Files (x86)\Sendori\SpOrder.dll => Moved successfully.
C:\Program Files (x86)\Sendori\sqlite3.dll => Moved successfully.
C:\Program Files (x86)\Sendori\ssl3.dll => Moved successfully.
C:\Program Files (x86)\Sendori\Uninstall.exe => Moved successfully.
"C:\Program Files (x86)\Sendori" => Directory moved successfully.

C:\Program Files (x86)\Incredibar.com => Moved successfully.
C:\Program Files (x86)\Funmoods => Moved successfully.
C:\Windows\Tasks\Funmoods.job => Moved successfully.
C:\Windows\System32\Tasks\Funmoods => Moved successfully.

"C:\Program Files (x86)\Wajam" directory move:

C:\Program Files (x86)\Wajam\uninstall.exe => Moved successfully.
C:\Program Files (x86)\Wajam\Updater\update.exe => Moved successfully.
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe => Moved successfully.
C:\Program Files (x86)\Wajam\IE\0 => Moved successfully.
C:\Program Files (x86)\Wajam\IE\favicon.ico => Moved successfully.
C:\Program Files (x86)\Wajam\IE\priam_bho.dll => Moved successfully.
C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp => Moved successfully.
C:\Program Files (x86)\Wajam\Firefox\firefox_trigger_extension.htm => Moved successfully.
C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi => Moved successfully.
"C:\Program Files (x86)\Wajam" => Directory moved successfully.

C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
C:\Users\Vic\AppData\Roaming\cache.ini => Moved successfully.
"C:\Windows\Tasks\Funmoods.job" => File/Directory not found.
C:\Program Files\PrivacySafeGuard => Moved successfully.
C:\Program Files\IB Updater => Moved successfully.
C:\ProgramData\WeCareReminder => Moved successfully.
C:\Users\Vic\AppData\Local\Wajam => Moved successfully.
C:\Program Files (x86)\Perion\NewTab => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

=========  netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

==== End of Fixlog ====



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 20 February 2014 - 08:07 AM

Are you able to download now?

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Edited by TB-Psychotic, 20 February 2014 - 08:08 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Vic Kersey

Vic Kersey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 20 February 2014 - 08:13 AM

Yes, can now download!  Great!



#13 Vic Kersey

Vic Kersey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 20 February 2014 - 08:16 AM

No threats found



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 20 February 2014 - 08:36 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Vic Kersey

Vic Kersey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 20 February 2014 - 09:03 AM

My wife and I are headed out for a few days vacation (aka holiday) and departure time is nearing.  I must delay the remaining checks until Sunday.  You been most helpful!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users