Inactive Vista - Pipe State Invalid, Host processes Closed ++

[Leaf3]

It seems I've got some tricky malware disrupting my computer. I've run malware bytes and spybot so far but am still experiencing some problems. To keep it short I've run through the basic steps suggested on this site and a few others and am still stumped. Something is definitely awry in my HKEYS and I need some assistance.

• "Pipe state invalid" for nearly every program I try to open, will never let me "run as administrator" unless in safe mode then the error never occurs.
• Upon startup I log in and everytime recieve this error report "host processes for windows services stopped working and was closed"
• Attempting to use the windows search bar makes explorer crash
• Unable to run cmd as admin unless in safe mode
  
• sfc /scannow comes back clean

• explorer crashes when trying to upload anything (downloads work fine)

Much thanks to anyone who can help. Let me know what log to start off with to help track this thing down.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Leaf3]

Thanks for the fast reply!

I am unable to install Avast, MS Security Essentials or Comodo Antivirus in safe mode. Launching regularly produces a "pipe state invalid" when trying to run the installer.

*All scans were run in Safe Mode with Networking enabled

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.01.04

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18882
Owner :: OWNER-PC [administrator]

1/1/2014 10:53:41 AM
mbam-log-2014-01-01 (10-53-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201422
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Owner\Downloads\7zip_bimo.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.

(end)


DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 10.7.2
Run by Owner at 10:32:38 on 2014-01-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.1291 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8005B7C0362AA88BD8BB5750B0F226FA
uProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111v2.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{1EDD0012-0400-4B0A-BD21-13A93992952C} : DHCPNameServer = 198.224.180.135 198.224.179.135
TCP: Interfaces\{C76835F2-10EA-477D-96C4-6B5098208B66} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{E268677F-9CC3-41EE-8128-DF689F0EF440} : DHCPNameServer = 65.32.5.111 65.32.5.112
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\horn2gln.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.newworldbonsai.com/
FF - plugin: c:\program files\adobe\adobe extension manager cs6\npAdobeExManDetectX64.dll
FF - plugin: c:\program files\adobe\adobe extension manager cs6\npAdobeExManDetectX86.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-11-24 13560]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-7-17 565352]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-10-1 20384]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-7-17 210136]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-1-20 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-1-20 167344]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-1-20 362640]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-7-3 368128]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2v.sys [2009-1-13 453120]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2013-1-20 203400]
S2 SBSDWSCService;SBSD Security Center Service; [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-1-20 60480]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2006-11-16 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2006-11-16 20480]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-11-27 30688]
S3 htcusbnet;HTC USB-NDIS miniport;c:\windows\system32\drivers\htcusbnet.sys [2012-10-4 129024]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-29 942080]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-1-20 234824]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-1-20 65488]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-1-20 92192]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="c:\windows\notepad.exe" "%1"
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-12-31 18:01:02 -------- d-----w- c:\program files\WinASO
2013-12-31 16:17:26 -------- d-----w- c:\users\owner\appdata\roaming\Systweak
2013-12-31 15:59:03 7328304 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{496d6f90-7217-4f73-86a1-17ee18f22e46}\mpengine.dll
2013-12-31 02:12:28 49940480 ----a-w- c:\program files\GUT61E4.tmp
2013-12-20 21:46:32 -------- d-----w- c:\program files\Mozilla Firefox(1)
2013-12-08 17:02:09 -------- d-----w- c:\users\owner\appdata\local\LogMeIn Rescue Applet
.
==================== Find3M ====================
.
2013-10-08 22:08:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 22:08:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 10:33:47.01 ===============

 

[Broni]

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[Leaf3]

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2014 01
Ran by Owner (administrator) on OWNER-PC on 02-01-2014 20:46:07
Running from C:\Users\Owner\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-20] (Microsoft Corporation)
MountPoints2: {04512925-eafa-11e2-b983-001d92df1635} - E:\MotoCastSetup.exe -a
MountPoints2: {295e3f04-6993-11e2-bfd8-001d92df1635} - F:\MotoCastSetup.exe -a
MountPoints2: {4b4b0f26-8590-11e2-84b4-001d92df1635} - E:\MotoCastSetup.exe -a
MountPoints2: {7f09a31c-0f1c-11e2-be00-001d92df1635} - E:\TL-Bootstrap.exe
MountPoints2: {a227ada1-0e65-11e2-85a4-001d92df1635} - E:\TL-Bootstrap.exe
MountPoints2: {ea87a5cc-0dc9-11df-aa48-001d92df1635} - E:\LaunchU3.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?so...retb&v=2_2&u=8005B7C0362AA88BD8BB5750B0F226FA
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x81566AB1606FCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://safesearchr.lavasoft.com/?so...5B7C0362AA88BD8BB5750B0F226FA&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://safesearchr.lavasoft.com/?so...5B7C0362AA88BD8BB5750B0F226FA&q={searchTerms}
SearchScopes: HKCU - {887D5E70-66D8-6D48-40A6-E70F2641A520} URL = http://www.bing.com/search?q={searc...install_date=20110911&iesrc={referrer:source}
SearchScopes: HKCU - {C4E83934-81EF-45C9-8AAA-E236B7BDDDB2} URL = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\horn2gln.default
FF Homepage: hxxp://www.newworldbonsai.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{F5735875-5BAC-4CC0-BF90-206B97D9FE99}] - C:\Users\Owner\AppData\Local\{F5735875-5BAC-4CC0-BF90-206B97D9FE99}
FF Extension: XULRunner - C:\Users\Owner\AppData\Local\{F5735875-5BAC-4CC0-BF90-206B97D9FE99}

Chrome:
=======
CHR HomePage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8005B7C0362AA88BD8BB5750B0F226FA
CHR RestoreOnStartup: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8005B7C0362AA88BD8BB5750B0F226FA", "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (ijji Web Launching Plugin for FF) - C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll (NHN USA Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Hangouts) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1030.1304.1_0
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

S3 jswpsapi; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.)
S2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203400 2012-11-09] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [168880 2012-11-09] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [167344 2012-11-09] (McAfee, Inc.)
S3 npggsvc; C:\Windows\system32\GameMon.des [4085304 2010-10-12] (INCA Internet Co., Ltd.)
S2 SBSDWSCService;

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-11-09] (McAfee, Inc.)
S3 DNIMp50; C:\Windows\System32\Drivers\DNIMp50.sys [21504 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 DNISp50; C:\Windows\System32\Drivers\DNISp50.sys [20480 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [30688 2012-10-24] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-11-24] (GFI Software)
S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [129024 2010-12-14] (HTC Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [132912 2012-11-09] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [234824 2012-11-09] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65488 2012-11-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [362640 2012-11-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565352 2012-11-09] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92192 2012-11-09] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210136 2012-11-09] (McAfee, Inc.)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [368128 2009-07-03] (Realtek)
U3 TrueSight; c:\windows\system32\drivers\TrueSight.sys [111872 2011-12-25] ()
R3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2v.sys [453120 2009-01-13] (Atheros Communications, Inc.)
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-02 20:46 - 2014-01-02 20:46 - 00014038 _____ C:\Users\Owner\Downloads\FRST.txt
2014-01-02 20:45 - 2014-01-02 20:45 - 01064581 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2014-01-02 20:45 - 2014-01-02 20:45 - 00000000 ____D C:\FRST
2014-01-01 15:12 - 2014-01-01 15:12 - 01133552 _____ C:\Users\Owner\Downloads\SteamSetup.exe
2014-01-01 13:24 - 2014-01-01 13:36 - 00000000 ____D C:\Users\Owner\Downloads\El Guincho - Pop Negro
2014-01-01 10:42 - 2014-01-01 10:42 - 00002243 _____ C:\Windows\epplauncher.mif
2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Program Files\7-Zip
2014-01-01 10:41 - 2014-01-01 10:42 - 00000000 ____D C:\Program Files\FileAssociationManager
2014-01-01 10:41 - 2014-01-01 10:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FileAssociationManager
2014-01-01 10:39 - 2014-01-01 10:39 - 11125072 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
2014-01-01 10:39 - 2014-01-01 10:39 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\glltgduv.sys
2014-01-01 10:38 - 2014-01-01 10:38 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\lwyvhorq.sys
2014-01-01 10:37 - 2014-01-01 10:37 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\fxiscwfs.sys
2014-01-01 10:37 - 2014-01-01 10:37 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-01 10:35 - 2014-01-01 10:35 - 00002926 _____ C:\Users\Owner\Desktop\attach.txt
2014-01-01 10:35 - 2014-01-01 10:33 - 00010022 _____ C:\Users\Owner\Desktop\dds.txt
2014-01-01 10:31 - 2014-01-01 10:33 - 91412976 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
2013-12-31 15:57 - 2013-12-31 15:57 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2013-12-31 15:46 - 2013-12-31 15:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-31 15:23 - 2013-12-31 14:53 - 00444820 ____R C:\Windows\system32\Drivers\etc\hosts.20131231-152353.backup
2013-12-31 14:53 - 2011-12-25 14:11 - 00439893 _____ C:\Windows\system32\Drivers\etc\hosts.20131231-145308.backup
2013-12-31 14:21 - 2014-01-01 11:01 - 00001124 _____ C:\Windows\PFRO.log
2013-12-31 14:19 - 2013-12-31 14:19 - 00001108 _____ C:\Windows\KB2845142.log
2013-12-31 14:18 - 2013-12-31 14:19 - 00175936 _____ C:\Windows\WindowsUpdate.log
2013-12-31 13:33 - 2013-12-31 13:33 - 00001338 _____ C:\Users\Owner\Documents\cc_20131231_133321.reg
2013-12-31 13:32 - 2013-12-31 13:32 - 00294698 _____ C:\Users\Owner\Documents\cc_20131231_133236.reg
2013-12-31 13:30 - 2013-12-31 13:30 - 04645232 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup409.exe
2013-12-31 13:07 - 2013-12-31 13:07 - 15063488 _____ (Systweak Software ) C:\Users\Owner\Downloads\aso3setup_d_com_asoupdate.exe
2013-12-31 13:01 - 2013-12-31 13:01 - 00000973 _____ C:\Users\Owner\Desktop\WinASO Registry Optimizer.lnk
2013-12-31 13:01 - 2013-12-31 13:01 - 00000000 ____D C:\Program Files\WinASO
2013-12-31 13:00 - 2013-12-31 13:00 - 07989624 _____ (X.M.Y International LLC ) C:\Users\Owner\Downloads\WinASO_RO_v4.8.4.exe
2013-12-31 11:17 - 2013-12-31 13:13 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Systweak
2013-12-31 11:16 - 2013-12-31 11:16 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-31 11:10 - 2013-12-31 11:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf0642c23263e9.job
2013-12-31 11:08 - 2013-12-31 14:47 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000Core1cf06427a9611a7.job
2013-12-31 11:01 - 2013-12-31 11:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-31 11:01 - 2013-12-31 11:01 - 00109144 _____ () C:\Users\Owner\Downloads\Setup.exe
2013-12-30 21:28 - 2013-12-30 21:28 - 00000092 _____ C:\Users\Owner\AppData\Roaming\mbam.context.scan
2013-12-30 21:12 - 2013-12-30 21:12 - 49940480 _____ C:\Program Files\GUT61E4.tmp
2013-12-20 16:46 - 2013-12-20 16:46 - 00000000 ____D C:\Program Files\Mozilla Firefox(1)
2013-12-11 12:33 - 2013-12-11 12:37 - 00000000 ____D C:\Users\Owner\Downloads\No. 12 Person Pitch [2007]
2013-12-08 12:02 - 2013-12-08 15:46 - 00000000 ____D C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet

==================== One Month Modified Files and Folders =======

2014-01-02 20:46 - 2014-01-02 20:46 - 00014038 _____ C:\Users\Owner\Downloads\FRST.txt
2014-01-02 20:45 - 2014-01-02 20:45 - 01064581 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2014-01-02 20:45 - 2014-01-02 20:45 - 00000000 ____D C:\FRST
2014-01-02 20:42 - 2006-11-02 05:33 - 00768506 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-02 20:20 - 2006-11-02 07:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-02 20:20 - 2006-11-02 07:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-02 18:21 - 2010-05-23 16:34 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-02 18:21 - 2009-09-02 12:03 - 00087339 _____ C:\ProgramData\nvModes.dat
2014-01-02 18:21 - 2009-09-02 12:03 - 00087339 _____ C:\ProgramData\nvModes.001
2014-01-02 18:21 - 2009-09-02 11:59 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-02 18:21 - 2006-11-02 08:01 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-02 18:20 - 2013-09-22 16:50 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000UA.job
2014-01-02 18:20 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 15:12 - 2014-01-01 15:12 - 01133552 _____ C:\Users\Owner\Downloads\SteamSetup.exe
2014-01-01 14:05 - 2009-09-02 15:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2014-01-01 13:36 - 2014-01-01 13:24 - 00000000 ____D C:\Users\Owner\Downloads\El Guincho - Pop Negro
2014-01-01 11:05 - 2009-09-02 15:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2014-01-01 11:01 - 2013-12-31 14:21 - 00001124 _____ C:\Windows\PFRO.log
2014-01-01 11:01 - 2013-01-28 20:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-01 11:01 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\L2Schemas
2014-01-01 10:42 - 2014-01-01 10:42 - 00002243 _____ C:\Windows\epplauncher.mif
2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Program Files\7-Zip
2014-01-01 10:42 - 2014-01-01 10:41 - 00000000 ____D C:\Program Files\FileAssociationManager
2014-01-01 10:41 - 2014-01-01 10:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FileAssociationManager
2014-01-01 10:39 - 2014-01-01 10:39 - 11125072 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
2014-01-01 10:39 - 2014-01-01 10:39 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\glltgduv.sys
2014-01-01 10:38 - 2014-01-01 10:38 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\lwyvhorq.sys
2014-01-01 10:37 - 2014-01-01 10:37 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\fxiscwfs.sys
2014-01-01 10:37 - 2014-01-01 10:37 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-01 10:35 - 2014-01-01 10:35 - 00002926 _____ C:\Users\Owner\Desktop\attach.txt
2014-01-01 10:33 - 2014-01-01 10:35 - 00010022 _____ C:\Users\Owner\Desktop\dds.txt
2014-01-01 10:33 - 2014-01-01 10:31 - 91412976 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
2013-12-31 15:57 - 2013-12-31 15:57 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2013-12-31 15:46 - 2013-12-31 15:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-31 15:30 - 2013-01-26 14:11 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-31 15:30 - 2012-11-21 14:54 - 00000384 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2013-12-31 14:53 - 2013-12-31 15:23 - 00444820 ____R C:\Windows\system32\Drivers\etc\hosts.20131231-152353.backup
2013-12-31 14:48 - 2011-12-25 14:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-31 14:47 - 2013-12-31 11:08 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000Core1cf06427a9611a7.job
2013-12-31 14:47 - 2013-04-07 21:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-31 14:47 - 2012-11-24 11:24 - 00000944 _____ C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2013-12-31 14:19 - 2013-12-31 14:19 - 00001108 _____ C:\Windows\KB2845142.log
2013-12-31 14:19 - 2013-12-31 14:18 - 00175936 _____ C:\Windows\WindowsUpdate.log
2013-12-31 13:33 - 2013-12-31 13:33 - 00001338 _____ C:\Users\Owner\Documents\cc_20131231_133321.reg
2013-12-31 13:32 - 2013-12-31 13:32 - 00294698 _____ C:\Users\Owner\Documents\cc_20131231_133236.reg
2013-12-31 13:31 - 2009-09-02 14:55 - 00000000 ____D C:\Windows\Panther
2013-12-31 13:30 - 2013-12-31 13:30 - 04645232 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup409.exe
2013-12-31 13:25 - 2009-09-02 11:51 - 00001356 _____ C:\Users\Owner\AppData\Local\d3d9caps.dat
2013-12-31 13:13 - 2013-12-31 11:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Systweak
2013-12-31 13:09 - 2009-09-02 11:03 - 00000000 ____D C:\Users\Owner
2013-12-31 13:07 - 2013-12-31 13:07 - 15063488 _____ (Systweak Software ) C:\Users\Owner\Downloads\aso3setup_d_com_asoupdate.exe
2013-12-31 13:01 - 2013-12-31 13:01 - 00000973 _____ C:\Users\Owner\Desktop\WinASO Registry Optimizer.lnk
2013-12-31 13:01 - 2013-12-31 13:01 - 00000000 ____D C:\Program Files\WinASO
2013-12-31 13:00 - 2013-12-31 13:00 - 07989624 _____ (X.M.Y International LLC ) C:\Users\Owner\Downloads\WinASO_RO_v4.8.4.exe
2013-12-31 12:23 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\tapi
2013-12-31 11:53 - 2009-11-11 14:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2013-12-31 11:53 - 2009-09-04 23:56 - 00000000 ____D C:\Windows\Minidump
2013-12-31 11:52 - 2013-02-08 18:43 - 00000000 ____D C:\Users\Owner\Documents\My Books
2013-12-31 11:19 - 2013-01-28 20:41 - 00000846 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-31 11:16 - 2013-12-31 11:16 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-31 11:16 - 2011-12-25 15:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-31 11:10 - 2013-12-31 11:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf0642c23263e9.job
2013-12-31 11:02 - 2013-12-31 11:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-31 11:01 - 2013-12-31 11:01 - 00109144 _____ () C:\Users\Owner\Downloads\Setup.exe
2013-12-31 10:53 - 2006-11-02 05:22 - 47185920 _____ C:\Windows\system32\config\software_previous
2013-12-31 10:53 - 2006-11-02 05:22 - 24117248 _____ C:\Windows\system32\config\components_previous
2013-12-31 10:53 - 2006-11-02 05:22 - 20709376 _____ C:\Windows\system32\config\system_previous
2013-12-31 10:53 - 2006-11-02 05:22 - 05505024 _____ C:\Windows\system32\config\default_previous
2013-12-31 10:53 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-12-31 10:53 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-12-31 10:52 - 2013-09-04 13:58 - 00000000 ____D C:\Program Files\Citrix
2013-12-31 10:52 - 2013-08-25 17:57 - 00000000 ____D C:\Program Files\Audacity
2013-12-31 10:52 - 2013-07-18 19:34 - 00000000 ____D C:\Users\Owner\Downloads\Naruto
2013-12-31 10:52 - 2013-06-14 20:34 - 00000000 ____D C:\Users\Owner\Downloads\Enigma Discography (1990-2010) [Mp3][WwW.LoKoTorrents.CoM]
2013-12-31 10:52 - 2013-03-29 21:08 - 00000000 ____D C:\Users\Owner\Downloads\Seven Samurai 1954 Restored 720p BRRip x264 AAC-BeLLBoY (Kingdom-Release)
2013-12-31 10:52 - 2013-01-20 16:30 - 00000000 ____D C:\Program Files\McAfee
2013-12-31 10:52 - 2012-08-01 15:32 - 00000000 ____D C:\Users\Owner\Downloads\Gossamer
2013-12-31 10:52 - 2012-07-23 17:56 - 00000000 ____D C:\Users\Owner\Downloads\Casa de mi Padre 2012 BRRip 720p x264 AAC - KiNGDOM
2013-12-31 10:52 - 2012-06-13 14:26 - 00000000 ____D C:\Users\Owner\Downloads\Heatmiser
2013-12-31 10:52 - 2012-04-25 19:19 - 00000000 ____D C:\Users\Owner\Downloads\Richard Strauss
2013-12-31 10:52 - 2012-04-13 19:37 - 00000000 ____D C:\Riot Games
2013-12-31 10:52 - 2010-08-01 14:15 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-31 10:52 - 2009-10-25 19:52 - 00000000 ____D C:\Windows\system32\Adobe
2013-12-31 10:52 - 2009-09-12 09:17 - 00000000 ____D C:\Users\Owner\Downloads\Björk
2013-12-31 10:52 - 2009-09-02 16:05 - 00000000 ____D C:\Users\Owner\Downloads\Bright Eyes Complete Discography
2013-12-31 10:52 - 2009-09-02 11:55 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-31 10:52 - 2009-09-02 11:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-31 10:52 - 2009-09-02 11:16 - 00000000 ____D C:\Program Files\Adobe
2013-12-31 10:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\spool
2013-12-31 10:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-12-31 10:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
2013-12-30 21:28 - 2013-12-30 21:28 - 00000092 _____ C:\Users\Owner\AppData\Roaming\mbam.context.scan
2013-12-30 21:12 - 2013-12-30 21:12 - 49940480 _____ C:\Program Files\GUT61E4.tmp
2013-12-30 21:09 - 2009-09-02 11:04 - 00134992 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-30 20:27 - 2010-08-25 21:11 - 00000000 ____D C:\Users\Owner\Downloads\Flashbulb - Temp;
2013-12-20 16:46 - 2013-12-20 16:46 - 00000000 ____D C:\Program Files\Mozilla Firefox(1)
2013-12-17 17:14 - 2013-10-28 12:43 - 00000000 ____D C:\Users\Owner\Documents\StrategicManagement
2013-12-11 12:37 - 2013-12-11 12:33 - 00000000 ____D C:\Users\Owner\Downloads\No. 12 Person Pitch [2007]
2013-12-08 15:46 - 2013-12-08 12:02 - 00000000 ____D C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-02 18:26

==================== End Of Log ============================

 

[Leaf3]

Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-01-2014 01
Ran by Owner at 2014-01-02 20:46:45
Running from C:\Users\Owner\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (Version: 3.3.1.30017 - BitTorrent Inc.)
7-Zip 9.20 (Version: - )
Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS6 (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 (Version: 9.5.4 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.5 (Version: 11.5.1.601 - Adobe Systems, Inc.)
Adobe Widget Browser (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Audacity 2.0.3 (Version: 2.0.3 - Audacity Team)
AutoCAD 2004 (Version: 16.0.0.086 - Autodesk)
Autodesk Express Viewer (Version: 3.1 - Autodesk, Inc.)
Citrix online plug-in - web (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Diablo II (Version: - )
File Association Manager (Version: 0.5 - Amnis Technology Ltd)
FL Studio 10 (Version: - Image-Line)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Talk Plugin (Version: 4.9.1.16010 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000 - Hewlett-Packard Company) Hidden
HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000 - Hewlett-Packard Company) Hidden
Java 7 Update 7 (Version: 7.0.70 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (Version: 6.0.310 - Oracle)
League of Legends (Version: 1.25.000 - Riot Games) Hidden
League of Legends (Version: 1.3 - Riot Games)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee AntiVirus Plus (Version: - )
Microsoft .NET Framework 1.1 (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation)
Nexon Game Manager (Version: - )
NVIDIA Drivers (Version: 1.9 - NVIDIA Corporation)
NVIDIA PhysX (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.16.11.9062 - NVIDIA Corporation)
OpenOffice.org 3.1 (Version: 3.1.9420 - OpenOffice.org)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
RangeMax Wireless-N USB Adapter WN111v2 (Version: 2.00.0000 - NETGEAR)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01 - Microsoft Corporation)
VitalSource Bookshelf (Version: 6.01.0018 - Ingram Content Group)
VLC media player 1.0.3 (Version: 1.0.3 - VideoLAN Team)
Warcraft III (Version: - )
WinASO Registry Optimizer 4.8.4 (Version: - X.M.Y International LLC)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (Version: - )
WModem Driver Installer (Version: 2.0.6.9 - HTC)
WN111v2 (Version: 2.00.0000 - NETGEAR) Hidden

==================== Restore Points =========================

16-10-2013 17:35:13 Scheduled Checkpoint
17-10-2013 13:33:49 Scheduled Checkpoint
18-10-2013 04:00:01 Scheduled Checkpoint
18-10-2013 15:08:01 Windows Update
19-10-2013 17:56:32 Scheduled Checkpoint
21-10-2013 20:11:51 Scheduled Checkpoint
22-10-2013 23:42:59 Scheduled Checkpoint
23-10-2013 15:39:16 Windows Update
24-10-2013 04:00:04 Scheduled Checkpoint
24-10-2013 22:29:02 Scheduled Checkpoint
25-10-2013 22:41:01 Windows Update
27-10-2013 01:28:06 Scheduled Checkpoint
27-10-2013 19:44:05 Scheduled Checkpoint
28-10-2013 20:55:58 Scheduled Checkpoint
29-10-2013 05:51:26 Windows Update
29-10-2013 21:45:26 Scheduled Checkpoint
30-10-2013 18:15:01 Scheduled Checkpoint
31-10-2013 20:49:06 Scheduled Checkpoint
01-11-2013 20:54:14 Windows Update
02-11-2013 14:44:17 Scheduled Checkpoint
19-12-2013 17:54:31 Removed VitalSource Bookshelf.

==================== Hosts content: ==========================

2006-11-02 05:23 - 2013-12-31 15:23 - 00450597 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {09C110B6-ED02-4500-A3A3-36C3092AD971} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-22] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3806C3BF-5B74-4420-B866-17ED5928D561} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {6535A118-9881-4E41-8EF2-00020F570683} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
Task: {6BC1E7B0-F4AE-4BD3-B8E6-074DB4593A4D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6E08605F-FD68-422A-A62F-FE1ABBBD96FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {90B4C925-8D45-4F4C-BBAE-6F25512C75E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-26] (Google Inc.)
Task: {A2C66DAD-9091-4B8B-A347-1EE96F8AC12D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-22] (Google Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {A7EA38B8-7BAD-4708-AC30-EC8253C16CA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-26] (Google Inc.)
Task: {C63DC208-479F-463F-A812-B9531C804D05} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf0642c23263e9.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000Core1cf06427a9611a7.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-31 15:46 - 2013-12-31 15:46 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-08 17:08 - 2013-10-08 17:08 - 16233864 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:00817D45
AlternateDataStreams: C:\Users\Owner\Downloads\Wake.Up.Ron.Burgundy.The.Lost.Movie.avi:TOC.WMV

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\12307363.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\12307363.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2014 08:42:12 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/02/2014 06:21:25 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe_ProfSvc, version 6.0.6001.18000, time stamp 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0x80000003, fault offset 0x00048b2e,
process id 0x450, application start time 0xsvchost.exe_ProfSvc0.

Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS\BING.XML> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS\AMAZONDOTCOM.XML> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\OMNI.JA> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\OMNI.JA> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{972CE4C6-7E08-4474-A285-3208198CE6FD}\INSTALL.RDF> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{972CE4C6-7E08-4474-A285-3208198CE6FD}\INSTALL.RDF> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (01/02/2014 08:42:16 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/02/2014 08:42:15 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/02/2014 08:42:13 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (01/02/2014 08:42:12 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/02/2014 08:42:05 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/02/2014 08:40:46 PM) (Source: Service Control Manager) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068

Error: (01/02/2014 08:39:59 PM) (Source: Service Control Manager) (User: )
Description: ctxusbm
Lbd
spldr
Wanarpv6

Error: (01/02/2014 08:39:59 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (01/02/2014 08:38:39 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:36:51 PM on 1/2/2014 was unexpected.

Error: (01/02/2014 06:22:02 PM) (Source: DCOM) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}


Microsoft Office Sessions:
=========================
Error: (01/02/2014 08:42:12 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/02/2014 06:21:25 PM) (Source: Application Error)(User: )
Description: svchost.exe_ProfSvc6.0.6001.1800047918b89ntdll.dll6.0.6002.1800549e038218000000300048b2e45001cf081149938b8a

Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS\BING.XML

Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS\AMAZONDOTCOM.XML

Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS

Error: (01/01/2014 11:38:55 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS

Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\OMNI.JA

Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\OMNI.JA

Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{972CE4C6-7E08-4474-A285-3208198CE6FD}\INSTALL.RDF

Error: (01/01/2014 11:38:54 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{972CE4C6-7E08-4474-A285-3208198CE6FD}\INSTALL.RDF


CodeIntegrity Errors:
===================================
Date: 2014-01-01 10:47:52.810
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 10:47:52.763
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 10:47:52.732
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 10:47:52.685
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 10:47:52.653
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-01 10:47:52.607
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-31 15:26:40.091
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-31 15:26:40.048
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-31 15:26:40.004
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-31 15:26:39.962
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 2046.57 MB
Available physical RAM: 1271.76 MB
Total Pagefile: 4330.16 MB
Available Pagefile: 3702.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:150.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 59D19975)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Broni]

Nothing malicious there.

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck