TechSpot

Vista - Pipe State Invalid, Host processes Closed ++

By Leaf3
Dec 31, 2013
  1. It seems I've got some tricky malware disrupting my computer. I've run malware bytes and spybot so far but am still experiencing some problems. To keep it short I've run through the basic steps suggested on this site and a few others and am still stumped. Something is definitely awry in my HKEYS and I need some assistance.

    • "Pipe state invalid" for nearly every program I try to open, will never let me "run as administrator" unless in safe mode then the error never occurs.
    • Upon startup I log in and everytime recieve this error report "host processes for windows services stopped working and was closed"
    • Attempting to use the windows search bar makes explorer crash
    • Unable to run cmd as admin unless in safe mode
    • sfc /scannow comes back clean
    • explorer crashes when trying to upload anything (downloads work fine)
    Much thanks to anyone who can help. Let me know what log to start off with to help track this thing down.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Leaf3

    Leaf3 TS Rookie Topic Starter

    Thanks for the fast reply!

    I am unable to install Avast, MS Security Essentials or Comodo Antivirus in safe mode. Launching regularly produces a "pipe state invalid" when trying to run the installer.

    *All scans were run in Safe Mode with Networking enabled

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.01.01.04

    Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18882
    Owner :: OWNER-PC [administrator]

    1/1/2014 10:53:41 AM
    mbam-log-2014-01-01 (10-53-41).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 201422
    Time elapsed: 5 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Owner\Downloads\7zip_bimo.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.

    (end)


    DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
    Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 10.7.2
    Run by Owner at 10:32:38 on 2014-01-01
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.1291 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8005B7C0362AA88BD8BB5750B0F226FA
    uProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111v2.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{1EDD0012-0400-4B0A-BD21-13A93992952C} : DHCPNameServer = 198.224.180.135 198.224.179.135
    TCP: Interfaces\{C76835F2-10EA-477D-96C4-6B5098208B66} : DHCPNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{E268677F-9CC3-41EE-8128-DF689F0EF440} : DHCPNameServer = 65.32.5.111 65.32.5.112
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\horn2gln.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.newworldbonsai.com/
    FF - plugin: c:\program files\adobe\adobe extension manager cs6\npAdobeExManDetectX64.dll
    FF - plugin: c:\program files\adobe\adobe extension manager cs6\npAdobeExManDetectX86.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
    FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
    FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\owner\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npo1d.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-11-24 13560]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-7-17 565352]
    R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-10-1 20384]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-7-17 210136]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-1-20 168880]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-1-20 167344]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-1-20 362640]
    R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-7-3 368128]
    R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2v.sys [2009-1-13 453120]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2013-1-20 203400]
    S2 SBSDWSCService;SBSD Security Center Service; [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-1-20 60480]
    S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2006-11-16 21504]
    S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2006-11-16 20480]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-11-27 30688]
    S3 htcusbnet;HTC USB-NDIS miniport;c:\windows\system32\drivers\htcusbnet.sys [2012-10-4 129024]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-29 942080]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-1-20 234824]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-1-20 65488]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-1-20 92192]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile="c:\windows\notepad.exe" "%1"
    FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
    FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs6\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs6\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-12-31 18:01:02 -------- d-----w- c:\program files\WinASO
    2013-12-31 16:17:26 -------- d-----w- c:\users\owner\appdata\roaming\Systweak
    2013-12-31 15:59:03 7328304 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{496d6f90-7217-4f73-86a1-17ee18f22e46}\mpengine.dll
    2013-12-31 02:12:28 49940480 ----a-w- c:\program files\GUT61E4.tmp
    2013-12-20 21:46:32 -------- d-----w- c:\program files\Mozilla Firefox(1)
    2013-12-08 17:02:09 -------- d-----w- c:\users\owner\appdata\local\LogMeIn Rescue Applet
    .
    ==================== Find3M ====================
    .
    2013-10-08 22:08:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-10-08 22:08:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    .
    ============= FINISH: 10:33:47.01 ===============
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  5. Leaf3

    Leaf3 TS Rookie Topic Starter

    FRST

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2014 01
    Ran by Owner (administrator) on OWNER-PC on 02-01-2014 20:46:07
    Running from C:\Users\Owner\Downloads
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Safe Mode (with Networking)

    ==================== Processes (Whitelisted) ===================

    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-20] (Microsoft Corporation)
    MountPoints2: {04512925-eafa-11e2-b983-001d92df1635} - E:\MotoCastSetup.exe -a
    MountPoints2: {295e3f04-6993-11e2-bfd8-001d92df1635} - F:\MotoCastSetup.exe -a
    MountPoints2: {4b4b0f26-8590-11e2-84b4-001d92df1635} - E:\MotoCastSetup.exe -a
    MountPoints2: {7f09a31c-0f1c-11e2-be00-001d92df1635} - E:\TL-Bootstrap.exe
    MountPoints2: {a227ada1-0e65-11e2-85a4-001d92df1635} - E:\TL-Bootstrap.exe
    MountPoints2: {ea87a5cc-0dc9-11df-aa48-001d92df1635} - E:\LaunchU3.exe -a
    HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?so...retb&v=2_2&u=8005B7C0362AA88BD8BB5750B0F226FA
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x81566AB1606FCC01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://safesearchr.lavasoft.com/?so...5B7C0362AA88BD8BB5750B0F226FA&q={searchTerms}
    SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://safesearchr.lavasoft.com/?so...5B7C0362AA88BD8BB5750B0F226FA&q={searchTerms}
    SearchScopes: HKCU - {887D5E70-66D8-6D48-40A6-E70F2641A520} URL = http://www.bing.com/search?q={searc...install_date=20110911&iesrc={referrer:source}
    SearchScopes: HKCU - {C4E83934-81EF-45C9-8AAA-E236B7BDDDB2} URL = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
    BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\horn2gln.default
    FF Homepage: hxxp://www.newworldbonsai.com/
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=1.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF HKCU\...\Firefox\Extensions: [{F5735875-5BAC-4CC0-BF90-206B97D9FE99}] - C:\Users\Owner\AppData\Local\{F5735875-5BAC-4CC0-BF90-206B97D9FE99}
    FF Extension: XULRunner - C:\Users\Owner\AppData\Local\{F5735875-5BAC-4CC0-BF90-206B97D9FE99}

    Chrome:
    =======
    CHR HomePage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8005B7C0362AA88BD8BB5750B0F226FA
    CHR RestoreOnStartup: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8005B7C0362AA88BD8BB5750B0F226FA", "hxxp://www.google.com"
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    CHR Plugin: (ijji Web Launching Plugin for FF) - C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll (NHN USA Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
    CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll No File
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (Hangouts) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1030.1304.1_0
    CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

    ========================== Services (Whitelisted) =================

    S3 jswpsapi; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.)
    S2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
    S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203400 2012-11-09] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [168880 2012-11-09] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [167344 2012-11-09] (McAfee, Inc.)
    S3 npggsvc; C:\Windows\system32\GameMon.des [4085304 2010-10-12] (INCA Internet Co., Ltd.)
    S2 SBSDWSCService;

    ==================== Drivers (Whitelisted) ====================

    S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-11-09] (McAfee, Inc.)
    S3 DNIMp50; C:\Windows\System32\Drivers\DNIMp50.sys [21504 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 DNISp50; C:\Windows\System32\Drivers\DNISp50.sys [20480 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [30688 2012-10-24] (GFI Software)
    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-11-24] (GFI Software)
    S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [129024 2010-12-14] (HTC Corporation)
    S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [132912 2012-11-09] (McAfee, Inc.)
    S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [234824 2012-11-09] (McAfee, Inc.)
    S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65488 2012-11-09] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [362640 2012-11-09] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565352 2012-11-09] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92192 2012-11-09] (McAfee, Inc.)
    R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210136 2012-11-09] (McAfee, Inc.)
    R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [368128 2009-07-03] (Realtek)
    U3 TrueSight; c:\windows\system32\drivers\TrueSight.sys [111872 2011-12-25] ()
    R3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2v.sys [453120 2009-01-13] (Atheros Communications, Inc.)
    S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
    S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
    S0 Lbd; system32\DRIVERS\Lbd.sys [x]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
    S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-01-02 20:46 - 2014-01-02 20:46 - 00014038 _____ C:\Users\Owner\Downloads\FRST.txt
    2014-01-02 20:45 - 2014-01-02 20:45 - 01064581 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
    2014-01-02 20:45 - 2014-01-02 20:45 - 00000000 ____D C:\FRST
    2014-01-01 15:12 - 2014-01-01 15:12 - 01133552 _____ C:\Users\Owner\Downloads\SteamSetup.exe
    2014-01-01 13:24 - 2014-01-01 13:36 - 00000000 ____D C:\Users\Owner\Downloads\El Guincho - Pop Negro
    2014-01-01 10:42 - 2014-01-01 10:42 - 00002243 _____ C:\Windows\epplauncher.mif
    2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
    2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
    2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Program Files\7-Zip
    2014-01-01 10:41 - 2014-01-01 10:42 - 00000000 ____D C:\Program Files\FileAssociationManager
    2014-01-01 10:41 - 2014-01-01 10:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FileAssociationManager
    2014-01-01 10:39 - 2014-01-01 10:39 - 11125072 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
    2014-01-01 10:39 - 2014-01-01 10:39 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\glltgduv.sys
    2014-01-01 10:38 - 2014-01-01 10:38 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\lwyvhorq.sys
    2014-01-01 10:37 - 2014-01-01 10:37 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\fxiscwfs.sys
    2014-01-01 10:37 - 2014-01-01 10:37 - 00000000 ____D C:\ProgramData\AVAST Software
    2014-01-01 10:35 - 2014-01-01 10:35 - 00002926 _____ C:\Users\Owner\Desktop\attach.txt
    2014-01-01 10:35 - 2014-01-01 10:33 - 00010022 _____ C:\Users\Owner\Desktop\dds.txt
    2014-01-01 10:31 - 2014-01-01 10:33 - 91412976 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
    2013-12-31 15:57 - 2013-12-31 15:57 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
    2013-12-31 15:46 - 2013-12-31 15:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-12-31 15:23 - 2013-12-31 14:53 - 00444820 ____R C:\Windows\system32\Drivers\etc\hosts.20131231-152353.backup
    2013-12-31 14:53 - 2011-12-25 14:11 - 00439893 _____ C:\Windows\system32\Drivers\etc\hosts.20131231-145308.backup
    2013-12-31 14:21 - 2014-01-01 11:01 - 00001124 _____ C:\Windows\PFRO.log
    2013-12-31 14:19 - 2013-12-31 14:19 - 00001108 _____ C:\Windows\KB2845142.log
    2013-12-31 14:18 - 2013-12-31 14:19 - 00175936 _____ C:\Windows\WindowsUpdate.log
    2013-12-31 13:33 - 2013-12-31 13:33 - 00001338 _____ C:\Users\Owner\Documents\cc_20131231_133321.reg
    2013-12-31 13:32 - 2013-12-31 13:32 - 00294698 _____ C:\Users\Owner\Documents\cc_20131231_133236.reg
    2013-12-31 13:30 - 2013-12-31 13:30 - 04645232 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup409.exe
    2013-12-31 13:07 - 2013-12-31 13:07 - 15063488 _____ (Systweak Software ) C:\Users\Owner\Downloads\aso3setup_d_com_asoupdate.exe
    2013-12-31 13:01 - 2013-12-31 13:01 - 00000973 _____ C:\Users\Owner\Desktop\WinASO Registry Optimizer.lnk
    2013-12-31 13:01 - 2013-12-31 13:01 - 00000000 ____D C:\Program Files\WinASO
    2013-12-31 13:00 - 2013-12-31 13:00 - 07989624 _____ (X.M.Y International LLC ) C:\Users\Owner\Downloads\WinASO_RO_v4.8.4.exe
    2013-12-31 11:17 - 2013-12-31 13:13 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Systweak
    2013-12-31 11:16 - 2013-12-31 11:16 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-12-31 11:10 - 2013-12-31 11:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf0642c23263e9.job
    2013-12-31 11:08 - 2013-12-31 14:47 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000Core1cf06427a9611a7.job
    2013-12-31 11:01 - 2013-12-31 11:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
    2013-12-31 11:01 - 2013-12-31 11:01 - 00109144 _____ () C:\Users\Owner\Downloads\Setup.exe
    2013-12-30 21:28 - 2013-12-30 21:28 - 00000092 _____ C:\Users\Owner\AppData\Roaming\mbam.context.scan
    2013-12-30 21:12 - 2013-12-30 21:12 - 49940480 _____ C:\Program Files\GUT61E4.tmp
    2013-12-20 16:46 - 2013-12-20 16:46 - 00000000 ____D C:\Program Files\Mozilla Firefox(1)
    2013-12-11 12:33 - 2013-12-11 12:37 - 00000000 ____D C:\Users\Owner\Downloads\No. 12 Person Pitch [2007]
    2013-12-08 12:02 - 2013-12-08 15:46 - 00000000 ____D C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet

    ==================== One Month Modified Files and Folders =======

    2014-01-02 20:46 - 2014-01-02 20:46 - 00014038 _____ C:\Users\Owner\Downloads\FRST.txt
    2014-01-02 20:45 - 2014-01-02 20:45 - 01064581 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
    2014-01-02 20:45 - 2014-01-02 20:45 - 00000000 ____D C:\FRST
    2014-01-02 20:42 - 2006-11-02 05:33 - 00768506 _____ C:\Windows\system32\PerfStringBackup.INI
    2014-01-02 20:20 - 2006-11-02 07:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-02 20:20 - 2006-11-02 07:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-02 18:21 - 2010-05-23 16:34 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
    2014-01-02 18:21 - 2009-09-02 12:03 - 00087339 _____ C:\ProgramData\nvModes.dat
    2014-01-02 18:21 - 2009-09-02 12:03 - 00087339 _____ C:\ProgramData\nvModes.001
    2014-01-02 18:21 - 2009-09-02 11:59 - 00000000 ____D C:\ProgramData\NVIDIA
    2014-01-02 18:21 - 2006-11-02 08:01 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2014-01-02 18:20 - 2013-09-22 16:50 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000UA.job
    2014-01-02 18:20 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-01 15:12 - 2014-01-01 15:12 - 01133552 _____ C:\Users\Owner\Downloads\SteamSetup.exe
    2014-01-01 14:05 - 2009-09-02 15:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
    2014-01-01 13:36 - 2014-01-01 13:24 - 00000000 ____D C:\Users\Owner\Downloads\El Guincho - Pop Negro
    2014-01-01 11:05 - 2009-09-02 15:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
    2014-01-01 11:01 - 2013-12-31 14:21 - 00001124 _____ C:\Windows\PFRO.log
    2014-01-01 11:01 - 2013-01-28 20:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2014-01-01 11:01 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\L2Schemas
    2014-01-01 10:42 - 2014-01-01 10:42 - 00002243 _____ C:\Windows\epplauncher.mif
    2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
    2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
    2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Program Files\7-Zip
    2014-01-01 10:42 - 2014-01-01 10:41 - 00000000 ____D C:\Program Files\FileAssociationManager
    2014-01-01 10:41 - 2014-01-01 10:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FileAssociationManager
    2014-01-01 10:39 - 2014-01-01 10:39 - 11125072 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
    2014-01-01 10:39 - 2014-01-01 10:39 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\glltgduv.sys
    2014-01-01 10:38 - 2014-01-01 10:38 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\lwyvhorq.sys
    2014-01-01 10:37 - 2014-01-01 10:37 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\fxiscwfs.sys
    2014-01-01 10:37 - 2014-01-01 10:37 - 00000000 ____D C:\ProgramData\AVAST Software
    2014-01-01 10:35 - 2014-01-01 10:35 - 00002926 _____ C:\Users\Owner\Desktop\attach.txt
    2014-01-01 10:33 - 2014-01-01 10:35 - 00010022 _____ C:\Users\Owner\Desktop\dds.txt
    2014-01-01 10:33 - 2014-01-01 10:31 - 91412976 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
    2013-12-31 15:57 - 2013-12-31 15:57 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
    2013-12-31 15:46 - 2013-12-31 15:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-12-31 15:30 - 2013-01-26 14:11 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-12-31 15:30 - 2012-11-21 14:54 - 00000384 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2013-12-31 14:53 - 2013-12-31 15:23 - 00444820 ____R C:\Windows\system32\Drivers\etc\hosts.20131231-152353.backup
    2013-12-31 14:48 - 2011-12-25 14:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2013-12-31 14:47 - 2013-12-31 11:08 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000Core1cf06427a9611a7.job
    2013-12-31 14:47 - 2013-04-07 21:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-12-31 14:47 - 2012-11-24 11:24 - 00000944 _____ C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
    2013-12-31 14:19 - 2013-12-31 14:19 - 00001108 _____ C:\Windows\KB2845142.log
    2013-12-31 14:19 - 2013-12-31 14:18 - 00175936 _____ C:\Windows\WindowsUpdate.log
    2013-12-31 13:33 - 2013-12-31 13:33 - 00001338 _____ C:\Users\Owner\Documents\cc_20131231_133321.reg
    2013-12-31 13:32 - 2013-12-31 13:32 - 00294698 _____ C:\Users\Owner\Documents\cc_20131231_133236.reg
    2013-12-31 13:31 - 2009-09-02 14:55 - 00000000 ____D C:\Windows\Panther
    2013-12-31 13:30 - 2013-12-31 13:30 - 04645232 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup409.exe
    2013-12-31 13:25 - 2009-09-02 11:51 - 00001356 _____ C:\Users\Owner\AppData\Local\d3d9caps.dat
    2013-12-31 13:13 - 2013-12-31 11:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Systweak
    2013-12-31 13:09 - 2009-09-02 11:03 - 00000000 ____D C:\Users\Owner
    2013-12-31 13:07 - 2013-12-31 13:07 - 15063488 _____ (Systweak Software ) C:\Users\Owner\Downloads\aso3setup_d_com_asoupdate.exe
    2013-12-31 13:01 - 2013-12-31 13:01 - 00000973 _____ C:\Users\Owner\Desktop\WinASO Registry Optimizer.lnk
    2013-12-31 13:01 - 2013-12-31 13:01 - 00000000 ____D C:\Program Files\WinASO
    2013-12-31 13:00 - 2013-12-31 13:00 - 07989624 _____ (X.M.Y International LLC ) C:\Users\Owner\Downloads\WinASO_RO_v4.8.4.exe
    2013-12-31 12:23 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\tapi
    2013-12-31 11:53 - 2009-11-11 14:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
    2013-12-31 11:53 - 2009-09-04 23:56 - 00000000 ____D C:\Windows\Minidump
    2013-12-31 11:52 - 2013-02-08 18:43 - 00000000 ____D C:\Users\Owner\Documents\My Books
    2013-12-31 11:19 - 2013-01-28 20:41 - 00000846 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2013-12-31 11:16 - 2013-12-31 11:16 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-12-31 11:16 - 2011-12-25 15:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-12-31 11:10 - 2013-12-31 11:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf0642c23263e9.job
    2013-12-31 11:02 - 2013-12-31 11:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
    2013-12-31 11:01 - 2013-12-31 11:01 - 00109144 _____ () C:\Users\Owner\Downloads\Setup.exe
    2013-12-31 10:53 - 2006-11-02 05:22 - 47185920 _____ C:\Windows\system32\config\software_previous
    2013-12-31 10:53 - 2006-11-02 05:22 - 24117248 _____ C:\Windows\system32\config\components_previous
    2013-12-31 10:53 - 2006-11-02 05:22 - 20709376 _____ C:\Windows\system32\config\system_previous
    2013-12-31 10:53 - 2006-11-02 05:22 - 05505024 _____ C:\Windows\system32\config\default_previous
    2013-12-31 10:53 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security_previous
    2013-12-31 10:53 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
    2013-12-31 10:52 - 2013-09-04 13:58 - 00000000 ____D C:\Program Files\Citrix
    2013-12-31 10:52 - 2013-08-25 17:57 - 00000000 ____D C:\Program Files\Audacity
    2013-12-31 10:52 - 2013-07-18 19:34 - 00000000 ____D C:\Users\Owner\Downloads\Naruto
    2013-12-31 10:52 - 2013-06-14 20:34 - 00000000 ____D C:\Users\Owner\Downloads\Enigma Discography (1990-2010) [Mp3][WwW.LoKoTorrents.CoM]
    2013-12-31 10:52 - 2013-03-29 21:08 - 00000000 ____D C:\Users\Owner\Downloads\Seven Samurai 1954 Restored 720p BRRip x264 AAC-BeLLBoY (Kingdom-Release)
    2013-12-31 10:52 - 2013-01-20 16:30 - 00000000 ____D C:\Program Files\McAfee
    2013-12-31 10:52 - 2012-08-01 15:32 - 00000000 ____D C:\Users\Owner\Downloads\Gossamer
    2013-12-31 10:52 - 2012-07-23 17:56 - 00000000 ____D C:\Users\Owner\Downloads\Casa de mi Padre 2012 BRRip 720p x264 AAC - KiNGDOM
    2013-12-31 10:52 - 2012-06-13 14:26 - 00000000 ____D C:\Users\Owner\Downloads\Heatmiser
    2013-12-31 10:52 - 2012-04-25 19:19 - 00000000 ____D C:\Users\Owner\Downloads\Richard Strauss
    2013-12-31 10:52 - 2012-04-13 19:37 - 00000000 ____D C:\Riot Games
    2013-12-31 10:52 - 2010-08-01 14:15 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2013-12-31 10:52 - 2009-10-25 19:52 - 00000000 ____D C:\Windows\system32\Adobe
    2013-12-31 10:52 - 2009-09-12 09:17 - 00000000 ____D C:\Users\Owner\Downloads\Björk
    2013-12-31 10:52 - 2009-09-02 16:05 - 00000000 ____D C:\Users\Owner\Downloads\Bright Eyes Complete Discography
    2013-12-31 10:52 - 2009-09-02 11:55 - 00000000 ____D C:\Windows\system32\Macromed
    2013-12-31 10:52 - 2009-09-02 11:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2013-12-31 10:52 - 2009-09-02 11:16 - 00000000 ____D C:\Program Files\Adobe
    2013-12-31 10:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\spool
    2013-12-31 10:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\Msdtc
    2013-12-31 10:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
    2013-12-30 21:28 - 2013-12-30 21:28 - 00000092 _____ C:\Users\Owner\AppData\Roaming\mbam.context.scan
    2013-12-30 21:12 - 2013-12-30 21:12 - 49940480 _____ C:\Program Files\GUT61E4.tmp
    2013-12-30 21:09 - 2009-09-02 11:04 - 00134992 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-12-30 20:27 - 2010-08-25 21:11 - 00000000 ____D C:\Users\Owner\Downloads\Flashbulb - Temp;
    2013-12-20 16:46 - 2013-12-20 16:46 - 00000000 ____D C:\Program Files\Mozilla Firefox(1)
    2013-12-17 17:14 - 2013-10-28 12:43 - 00000000 ____D C:\Users\Owner\Documents\StrategicManagement
    2013-12-11 12:37 - 2013-12-11 12:33 - 00000000 ____D C:\Users\Owner\Downloads\No. 12 Person Pitch [2007]
    2013-12-08 15:46 - 2013-12-08 12:02 - 00000000 ____D C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet

    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-01-02 18:26

    ==================== End Of Log ============================
     
  6. Leaf3

    Leaf3 TS Rookie Topic Starter

    Addition

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-01-2014 01
    Ran by Owner at 2014-01-02 20:46:45
    Running from C:\Users\Owner\Downloads
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Security Center ========================

    AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    µTorrent (Version: 3.3.1.30017 - BitTorrent Inc.)
    7-Zip 9.20 (Version: - )
    Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated)
    Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated) Hidden
    Adobe Dreamweaver CS6 (Version: 12 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (Version: 11.9.900.117 - Adobe Systems Incorporated)
    Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) Hidden
    Adobe Photoshop CS6 (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Reader 9.5.4 (Version: 9.5.4 - Adobe Systems Incorporated)
    Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Shockwave Player 11.5 (Version: 11.5.1.601 - Adobe Systems, Inc.)
    Adobe Widget Browser (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
    Adobe Widget Browser (Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
    Audacity 2.0.3 (Version: 2.0.3 - Audacity Team)
    AutoCAD 2004 (Version: 16.0.0.086 - Autodesk)
    Autodesk Express Viewer (Version: 3.1 - Autodesk, Inc.)
    Citrix online plug-in - web (Version: 12.0.0.6410 - Citrix Systems, Inc.)
    Citrix online plug-in (DV) (Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
    Citrix online plug-in (HDX) (Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
    Citrix online plug-in (USB) (Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
    Citrix online plug-in (Web) (Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
    Diablo II (Version: - )
    File Association Manager (Version: 0.5 - Amnis Technology Ltd)
    FL Studio 10 (Version: - Image-Line)
    Google Chrome (Version: 31.0.1650.63 - Google Inc.)
    Google Talk Plugin (Version: 4.9.1.16010 - Google)
    Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
    HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000 - Hewlett-Packard Company) Hidden
    HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000 - Hewlett-Packard Company) Hidden
    Java 7 Update 7 (Version: 7.0.70 - Oracle)
    Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 31 (Version: 6.0.310 - Oracle)
    League of Legends (Version: 1.25.000 - Riot Games) Hidden
    League of Legends (Version: 1.3 - Riot Games)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
    McAfee AntiVirus Plus (Version: - )
    Microsoft .NET Framework 1.1 (Version: - )
    Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
    Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
    Microsoft Silverlight (Version: 4.1.10329.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
    Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
    Mozilla Maintenance Service (Version: 26.0 - Mozilla)
    MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
    MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation)
    Nexon Game Manager (Version: - )
    NVIDIA Drivers (Version: 1.9 - NVIDIA Corporation)
    NVIDIA PhysX (Version: 9.12.0613 - NVIDIA Corporation)
    NVIDIA Stereoscopic 3D Driver (Version: 7.16.11.9062 - NVIDIA Corporation)
    OpenOffice.org 3.1 (Version: 3.1.9420 - OpenOffice.org)
    PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
    RangeMax Wireless-N USB Adapter WN111v2 (Version: 2.00.0000 - NETGEAR)
    Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
    Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
    Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01 - Microsoft Corporation)
    VitalSource Bookshelf (Version: 6.01.0018 - Ingram Content Group)
    VLC media player 1.0.3 (Version: 1.0.3 - VideoLAN Team)
    Warcraft III (Version: - )
    WinASO Registry Optimizer 4.8.4 (Version: - X.M.Y International LLC)
    Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
    Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
    Windows Live Essentials (Version: 14.0.8089.0726 - Microsoft Corporation)
    Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
    Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
    Windows Live Sign-in Assistant (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Upload Tool (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
    WinRAR archiver (Version: - )
    WModem Driver Installer (Version: 2.0.6.9 - HTC)
    WN111v2 (Version: 2.00.0000 - NETGEAR) Hidden

    ==================== Restore Points =========================

    16-10-2013 17:35:13 Scheduled Checkpoint
    17-10-2013 13:33:49 Scheduled Checkpoint
    18-10-2013 04:00:01 Scheduled Checkpoint
    18-10-2013 15:08:01 Windows Update
    19-10-2013 17:56:32 Scheduled Checkpoint
    21-10-2013 20:11:51 Scheduled Checkpoint
    22-10-2013 23:42:59 Scheduled Checkpoint
    23-10-2013 15:39:16 Windows Update
    24-10-2013 04:00:04 Scheduled Checkpoint
    24-10-2013 22:29:02 Scheduled Checkpoint
    25-10-2013 22:41:01 Windows Update
    27-10-2013 01:28:06 Scheduled Checkpoint
    27-10-2013 19:44:05 Scheduled Checkpoint
    28-10-2013 20:55:58 Scheduled Checkpoint
    29-10-2013 05:51:26 Windows Update
    29-10-2013 21:45:26 Scheduled Checkpoint
    30-10-2013 18:15:01 Scheduled Checkpoint
    31-10-2013 20:49:06 Scheduled Checkpoint
    01-11-2013 20:54:14 Windows Update
    02-11-2013 14:44:17 Scheduled Checkpoint
    19-12-2013 17:54:31 Removed VitalSource Bookshelf.

    ==================== Hosts content: ==========================

    2006-11-02 05:23 - 2013-12-31 15:23 - 00450597 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    Task: {09C110B6-ED02-4500-A3A3-36C3092AD971} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-22] (Google Inc.)
    Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {3806C3BF-5B74-4420-B866-17ED5928D561} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
    Task: {6535A118-9881-4E41-8EF2-00020F570683} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
    Task: {6BC1E7B0-F4AE-4BD3-B8E6-074DB4593A4D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {6E08605F-FD68-422A-A62F-FE1ABBBD96FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
    Task: {90B4C925-8D45-4F4C-BBAE-6F25512C75E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-26] (Google Inc.)
    Task: {A2C66DAD-9091-4B8B-A347-1EE96F8AC12D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-22] (Google Inc.)
    Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
    Task: {A7EA38B8-7BAD-4708-AC30-EC8253C16CA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-26] (Google Inc.)
    Task: {C63DC208-479F-463F-A812-B9531C804D05} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)
    Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
    Task: C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
    Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf0642c23263e9.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000Core1cf06427a9611a7.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-12-31 15:46 - 2013-12-31 15:46 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
    2013-10-08 17:08 - 2013-10-08 17:08 - 16233864 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\TEMP:00817D45
    AlternateDataStreams: C:\Users\Owner\Downloads\Wake.Up.Ron.Burgundy.The.Lost.Movie.avi:TOC.WMV

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\12307363.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\12307363.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/02/2014 08:42:12 PM) (Source: EventSystem) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (01/02/2014 06:21:25 PM) (Source: Application Error) (User: )
    Description: Faulting application svchost.exe_ProfSvc, version 6.0.6001.18000, time stamp 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0x80000003, fault offset 0x00048b2e,
    process id 0x450, application start time 0xsvchost.exe_ProfSvc0.

    Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS\BING.XML> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS\AMAZONDOTCOM.XML> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\OMNI.JA> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\OMNI.JA> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{972CE4C6-7E08-4474-A285-3208198CE6FD}\INSTALL.RDF> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{972CE4C6-7E08-4474-A285-3208198CE6FD}\INSTALL.RDF> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)


    System errors:
    =============
    Error: (01/02/2014 08:42:16 PM) (Source: DCOM) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (01/02/2014 08:42:15 PM) (Source: DCOM) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (01/02/2014 08:42:13 PM) (Source: DCOM) (User: )
    Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

    Error: (01/02/2014 08:42:12 PM) (Source: DCOM) (User: )
    Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (01/02/2014 08:42:05 PM) (Source: DCOM) (User: )
    Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (01/02/2014 08:40:46 PM) (Source: Service Control Manager) (User: )
    Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068

    Error: (01/02/2014 08:39:59 PM) (Source: Service Control Manager) (User: )
    Description: ctxusbm
    Lbd
    spldr
    Wanarpv6

    Error: (01/02/2014 08:39:59 PM) (Source: Service Control Manager) (User: )
    Description: Computer BrowserServer%%1068

    Error: (01/02/2014 08:38:39 PM) (Source: EventLog) (User: )
    Description: The previous system shutdown at 8:36:51 PM on 1/2/2014 was unexpected.

    Error: (01/02/2014 06:22:02 PM) (Source: DCOM) (User: )
    Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}


    Microsoft Office Sessions:
    =========================
    Error: (01/02/2014 08:42:12 PM) (Source: EventSystem)(User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (01/02/2014 06:21:25 PM) (Source: Application Error)(User: )
    Description: svchost.exe_ProfSvc6.0.6001.1800047918b89ntdll.dll6.0.6002.1800549e038218000000300048b2e45001cf081149938b8a

    Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service)(User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)
    C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS\BING.XML

    Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service)(User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)
    C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS\AMAZONDOTCOM.XML

    Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service)(User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)
    C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS

    Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service)(User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)
    C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS

    Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service)(User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)
    C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\OMNI.JA

    Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service)(User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)
    C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\OMNI.JA

    Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service)(User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)
    C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{972CE4C6-7E08-4474-A285-3208198CE6FD}\INSTALL.RDF

    Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service)(User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)
    C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{972CE4C6-7E08-4474-A285-3208198CE6FD}\INSTALL.RDF


    CodeIntegrity Errors:
    ===================================
    Date: 2014-01-01 10:47:52.810
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 10:47:52.763
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 10:47:52.732
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 10:47:52.685
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 10:47:52.653
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 10:47:52.607
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-12-31 15:26:40.091
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-12-31 15:26:40.048
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-12-31 15:26:40.004
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-12-31 15:26:39.962
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 37%
    Total physical RAM: 2046.57 MB
    Available physical RAM: 1271.76 MB
    Total Pagefile: 4330.16 MB
    Available Pagefile: 3702.18 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1927.14 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:298.09 GB) (Free:150.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 59D19975)
    Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Nothing malicious there.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...