FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2014 01
Ran by Owner (administrator) on OWNER-PC on 02-01-2014 20:46:07
Running from C:\Users\Owner\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) ===================
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-20] (Microsoft Corporation)
MountPoints2: {04512925-eafa-11e2-b983-001d92df1635} - E:\MotoCastSetup.exe -a
MountPoints2: {295e3f04-6993-11e2-bfd8-001d92df1635} - F:\MotoCastSetup.exe -a
MountPoints2: {4b4b0f26-8590-11e2-84b4-001d92df1635} - E:\MotoCastSetup.exe -a
MountPoints2: {7f09a31c-0f1c-11e2-be00-001d92df1635} - E:\TL-Bootstrap.exe
MountPoints2: {a227ada1-0e65-11e2-85a4-001d92df1635} - E:\TL-Bootstrap.exe
MountPoints2: {ea87a5cc-0dc9-11df-aa48-001d92df1635} - E:\LaunchU3.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://safesearchr.lavasoft.com/?so...retb&v=2_2&u=8005B7C0362AA88BD8BB5750B0F226FA
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x81566AB1606FCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
http://safesearchr.lavasoft.com/?so...5B7C0362AA88BD8BB5750B0F226FA&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
http://safesearchr.lavasoft.com/?so...5B7C0362AA88BD8BB5750B0F226FA&q={searchTerms}
SearchScopes: HKCU - {887D5E70-66D8-6D48-40A6-E70F2641A520} URL =
http://www.bing.com/search?q={searc...install_date=20110911&iesrc={referrer:source}
SearchScopes: HKCU - {C4E83934-81EF-45C9-8AAA-E236B7BDDDB2} URL =
http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\horn2gln.default
FF Homepage: hxxp://
www.newworldbonsai.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{F5735875-5BAC-4CC0-BF90-206B97D9FE99}] - C:\Users\Owner\AppData\Local\{F5735875-5BAC-4CC0-BF90-206B97D9FE99}
FF Extension: XULRunner - C:\Users\Owner\AppData\Local\{F5735875-5BAC-4CC0-BF90-206B97D9FE99}
Chrome:
=======
CHR HomePage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8005B7C0362AA88BD8BB5750B0F226FA
CHR RestoreOnStartup: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8005B7C0362AA88BD8BB5750B0F226FA", "hxxp://
www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (ijji Web Launching Plugin for FF) - C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll (NHN USA Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Hangouts) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1030.1304.1_0
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
========================== Services (Whitelisted) =================
S3 jswpsapi; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.)
S2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203400 2012-11-09] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [168880 2012-11-09] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [167344 2012-11-09] (McAfee, Inc.)
S3 npggsvc; C:\Windows\system32\GameMon.des [4085304 2010-10-12] (INCA Internet Co., Ltd.)
S2 SBSDWSCService;
==================== Drivers (Whitelisted) ====================
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-11-09] (McAfee, Inc.)
S3 DNIMp50; C:\Windows\System32\Drivers\DNIMp50.sys [21504 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 DNISp50; C:\Windows\System32\Drivers\DNISp50.sys [20480 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [30688 2012-10-24] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-11-24] (GFI Software)
S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [129024 2010-12-14] (HTC Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [132912 2012-11-09] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [234824 2012-11-09] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65488 2012-11-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [362640 2012-11-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565352 2012-11-09] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92192 2012-11-09] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210136 2012-11-09] (McAfee, Inc.)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [368128 2009-07-03] (Realtek)
U3 TrueSight; c:\windows\system32\drivers\TrueSight.sys [111872 2011-12-25] ()
R3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2v.sys [453120 2009-01-13] (Atheros Communications, Inc.)
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-02 20:46 - 2014-01-02 20:46 - 00014038 _____ C:\Users\Owner\Downloads\FRST.txt
2014-01-02 20:45 - 2014-01-02 20:45 - 01064581 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2014-01-02 20:45 - 2014-01-02 20:45 - 00000000 ____D C:\FRST
2014-01-01 15:12 - 2014-01-01 15:12 - 01133552 _____ C:\Users\Owner\Downloads\SteamSetup.exe
2014-01-01 13:24 - 2014-01-01 13:36 - 00000000 ____D C:\Users\Owner\Downloads\El Guincho - Pop Negro
2014-01-01 10:42 - 2014-01-01 10:42 - 00002243 _____ C:\Windows\epplauncher.mif
2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Program Files\7-Zip
2014-01-01 10:41 - 2014-01-01 10:42 - 00000000 ____D C:\Program Files\FileAssociationManager
2014-01-01 10:41 - 2014-01-01 10:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FileAssociationManager
2014-01-01 10:39 - 2014-01-01 10:39 - 11125072 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
2014-01-01 10:39 - 2014-01-01 10:39 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\glltgduv.sys
2014-01-01 10:38 - 2014-01-01 10:38 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\lwyvhorq.sys
2014-01-01 10:37 - 2014-01-01 10:37 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\fxiscwfs.sys
2014-01-01 10:37 - 2014-01-01 10:37 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-01 10:35 - 2014-01-01 10:35 - 00002926 _____ C:\Users\Owner\Desktop\attach.txt
2014-01-01 10:35 - 2014-01-01 10:33 - 00010022 _____ C:\Users\Owner\Desktop\dds.txt
2014-01-01 10:31 - 2014-01-01 10:33 - 91412976 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
2013-12-31 15:57 - 2013-12-31 15:57 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2013-12-31 15:46 - 2013-12-31 15:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-31 15:23 - 2013-12-31 14:53 - 00444820 ____R C:\Windows\system32\Drivers\etc\hosts.20131231-152353.backup
2013-12-31 14:53 - 2011-12-25 14:11 - 00439893 _____ C:\Windows\system32\Drivers\etc\hosts.20131231-145308.backup
2013-12-31 14:21 - 2014-01-01 11:01 - 00001124 _____ C:\Windows\PFRO.log
2013-12-31 14:19 - 2013-12-31 14:19 - 00001108 _____ C:\Windows\KB2845142.log
2013-12-31 14:18 - 2013-12-31 14:19 - 00175936 _____ C:\Windows\WindowsUpdate.log
2013-12-31 13:33 - 2013-12-31 13:33 - 00001338 _____ C:\Users\Owner\Documents\cc_20131231_133321.reg
2013-12-31 13:32 - 2013-12-31 13:32 - 00294698 _____ C:\Users\Owner\Documents\cc_20131231_133236.reg
2013-12-31 13:30 - 2013-12-31 13:30 - 04645232 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup409.exe
2013-12-31 13:07 - 2013-12-31 13:07 - 15063488 _____ (Systweak Software ) C:\Users\Owner\Downloads\aso3setup_d_com_asoupdate.exe
2013-12-31 13:01 - 2013-12-31 13:01 - 00000973 _____ C:\Users\Owner\Desktop\WinASO Registry Optimizer.lnk
2013-12-31 13:01 - 2013-12-31 13:01 - 00000000 ____D C:\Program Files\WinASO
2013-12-31 13:00 - 2013-12-31 13:00 - 07989624 _____ (X.M.Y International LLC ) C:\Users\Owner\Downloads\WinASO_RO_v4.8.4.exe
2013-12-31 11:17 - 2013-12-31 13:13 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Systweak
2013-12-31 11:16 - 2013-12-31 11:16 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-31 11:10 - 2013-12-31 11:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf0642c23263e9.job
2013-12-31 11:08 - 2013-12-31 14:47 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000Core1cf06427a9611a7.job
2013-12-31 11:01 - 2013-12-31 11:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-31 11:01 - 2013-12-31 11:01 - 00109144 _____ () C:\Users\Owner\Downloads\Setup.exe
2013-12-30 21:28 - 2013-12-30 21:28 - 00000092 _____ C:\Users\Owner\AppData\Roaming\mbam.context.scan
2013-12-30 21:12 - 2013-12-30 21:12 - 49940480 _____ C:\Program Files\GUT61E4.tmp
2013-12-20 16:46 - 2013-12-20 16:46 - 00000000 ____D C:\Program Files\Mozilla Firefox(1)
2013-12-11 12:33 - 2013-12-11 12:37 - 00000000 ____D C:\Users\Owner\Downloads\No. 12 Person Pitch [2007]
2013-12-08 12:02 - 2013-12-08 15:46 - 00000000 ____D C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
==================== One Month Modified Files and Folders =======
2014-01-02 20:46 - 2014-01-02 20:46 - 00014038 _____ C:\Users\Owner\Downloads\FRST.txt
2014-01-02 20:45 - 2014-01-02 20:45 - 01064581 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2014-01-02 20:45 - 2014-01-02 20:45 - 00000000 ____D C:\FRST
2014-01-02 20:42 - 2006-11-02 05:33 - 00768506 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-02 20:20 - 2006-11-02 07:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-02 20:20 - 2006-11-02 07:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-02 18:21 - 2010-05-23 16:34 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-02 18:21 - 2009-09-02 12:03 - 00087339 _____ C:\ProgramData\nvModes.dat
2014-01-02 18:21 - 2009-09-02 12:03 - 00087339 _____ C:\ProgramData\nvModes.001
2014-01-02 18:21 - 2009-09-02 11:59 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-02 18:21 - 2006-11-02 08:01 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-02 18:20 - 2013-09-22 16:50 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000UA.job
2014-01-02 18:20 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 15:12 - 2014-01-01 15:12 - 01133552 _____ C:\Users\Owner\Downloads\SteamSetup.exe
2014-01-01 14:05 - 2009-09-02 15:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2014-01-01 13:36 - 2014-01-01 13:24 - 00000000 ____D C:\Users\Owner\Downloads\El Guincho - Pop Negro
2014-01-01 11:05 - 2009-09-02 15:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2014-01-01 11:01 - 2013-12-31 14:21 - 00001124 _____ C:\Windows\PFRO.log
2014-01-01 11:01 - 2013-01-28 20:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-01 11:01 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\L2Schemas
2014-01-01 10:42 - 2014-01-01 10:42 - 00002243 _____ C:\Windows\epplauncher.mif
2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-01 10:42 - 2014-01-01 10:42 - 00000000 ____D C:\Program Files\7-Zip
2014-01-01 10:42 - 2014-01-01 10:41 - 00000000 ____D C:\Program Files\FileAssociationManager
2014-01-01 10:41 - 2014-01-01 10:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FileAssociationManager
2014-01-01 10:39 - 2014-01-01 10:39 - 11125072 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
2014-01-01 10:39 - 2014-01-01 10:39 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\glltgduv.sys
2014-01-01 10:38 - 2014-01-01 10:38 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\lwyvhorq.sys
2014-01-01 10:37 - 2014-01-01 10:37 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\fxiscwfs.sys
2014-01-01 10:37 - 2014-01-01 10:37 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-01 10:35 - 2014-01-01 10:35 - 00002926 _____ C:\Users\Owner\Desktop\attach.txt
2014-01-01 10:33 - 2014-01-01 10:35 - 00010022 _____ C:\Users\Owner\Desktop\dds.txt
2014-01-01 10:33 - 2014-01-01 10:31 - 91412976 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
2013-12-31 15:57 - 2013-12-31 15:57 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2013-12-31 15:46 - 2013-12-31 15:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-31 15:30 - 2013-01-26 14:11 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-31 15:30 - 2012-11-21 14:54 - 00000384 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2013-12-31 14:53 - 2013-12-31 15:23 - 00444820 ____R C:\Windows\system32\Drivers\etc\hosts.20131231-152353.backup
2013-12-31 14:48 - 2011-12-25 14:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-31 14:47 - 2013-12-31 11:08 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3443490662-1885682164-805799577-1000Core1cf06427a9611a7.job
2013-12-31 14:47 - 2013-04-07 21:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-31 14:47 - 2012-11-24 11:24 - 00000944 _____ C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2013-12-31 14:19 - 2013-12-31 14:19 - 00001108 _____ C:\Windows\KB2845142.log
2013-12-31 14:19 - 2013-12-31 14:18 - 00175936 _____ C:\Windows\WindowsUpdate.log
2013-12-31 13:33 - 2013-12-31 13:33 - 00001338 _____ C:\Users\Owner\Documents\cc_20131231_133321.reg
2013-12-31 13:32 - 2013-12-31 13:32 - 00294698 _____ C:\Users\Owner\Documents\cc_20131231_133236.reg
2013-12-31 13:31 - 2009-09-02 14:55 - 00000000 ____D C:\Windows\Panther
2013-12-31 13:30 - 2013-12-31 13:30 - 04645232 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup409.exe
2013-12-31 13:25 - 2009-09-02 11:51 - 00001356 _____ C:\Users\Owner\AppData\Local\d3d9caps.dat
2013-12-31 13:13 - 2013-12-31 11:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Systweak
2013-12-31 13:09 - 2009-09-02 11:03 - 00000000 ____D C:\Users\Owner
2013-12-31 13:07 - 2013-12-31 13:07 - 15063488 _____ (Systweak Software ) C:\Users\Owner\Downloads\aso3setup_d_com_asoupdate.exe
2013-12-31 13:01 - 2013-12-31 13:01 - 00000973 _____ C:\Users\Owner\Desktop\WinASO Registry Optimizer.lnk
2013-12-31 13:01 - 2013-12-31 13:01 - 00000000 ____D C:\Program Files\WinASO
2013-12-31 13:00 - 2013-12-31 13:00 - 07989624 _____ (X.M.Y International LLC ) C:\Users\Owner\Downloads\WinASO_RO_v4.8.4.exe
2013-12-31 12:23 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\tapi
2013-12-31 11:53 - 2009-11-11 14:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2013-12-31 11:53 - 2009-09-04 23:56 - 00000000 ____D C:\Windows\Minidump
2013-12-31 11:52 - 2013-02-08 18:43 - 00000000 ____D C:\Users\Owner\Documents\My Books
2013-12-31 11:19 - 2013-01-28 20:41 - 00000846 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-31 11:16 - 2013-12-31 11:16 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-31 11:16 - 2011-12-25 15:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-31 11:10 - 2013-12-31 11:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf0642c23263e9.job
2013-12-31 11:02 - 2013-12-31 11:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-31 11:01 - 2013-12-31 11:01 - 00109144 _____ () C:\Users\Owner\Downloads\Setup.exe
2013-12-31 10:53 - 2006-11-02 05:22 - 47185920 _____ C:\Windows\system32\config\software_previous
2013-12-31 10:53 - 2006-11-02 05:22 - 24117248 _____ C:\Windows\system32\config\components_previous
2013-12-31 10:53 - 2006-11-02 05:22 - 20709376 _____ C:\Windows\system32\config\system_previous
2013-12-31 10:53 - 2006-11-02 05:22 - 05505024 _____ C:\Windows\system32\config\default_previous
2013-12-31 10:53 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-12-31 10:53 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-12-31 10:52 - 2013-09-04 13:58 - 00000000 ____D C:\Program Files\Citrix
2013-12-31 10:52 - 2013-08-25 17:57 - 00000000 ____D C:\Program Files\Audacity
2013-12-31 10:52 - 2013-07-18 19:34 - 00000000 ____D C:\Users\Owner\Downloads\Naruto
2013-12-31 10:52 - 2013-06-14 20:34 - 00000000 ____D C:\Users\Owner\Downloads\Enigma Discography (1990-2010) [Mp3][
WwW.LoKoTorrents.CoM]
2013-12-31 10:52 - 2013-03-29 21:08 - 00000000 ____D C:\Users\Owner\Downloads\Seven Samurai 1954 Restored 720p BRRip x264 AAC-BeLLBoY (Kingdom-Release)
2013-12-31 10:52 - 2013-01-20 16:30 - 00000000 ____D C:\Program Files\McAfee
2013-12-31 10:52 - 2012-08-01 15:32 - 00000000 ____D C:\Users\Owner\Downloads\Gossamer
2013-12-31 10:52 - 2012-07-23 17:56 - 00000000 ____D C:\Users\Owner\Downloads\Casa de mi Padre 2012 BRRip 720p x264 AAC - KiNGDOM
2013-12-31 10:52 - 2012-06-13 14:26 - 00000000 ____D C:\Users\Owner\Downloads\Heatmiser
2013-12-31 10:52 - 2012-04-25 19:19 - 00000000 ____D C:\Users\Owner\Downloads\Richard Strauss
2013-12-31 10:52 - 2012-04-13 19:37 - 00000000 ____D C:\Riot Games
2013-12-31 10:52 - 2010-08-01 14:15 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-31 10:52 - 2009-10-25 19:52 - 00000000 ____D C:\Windows\system32\Adobe
2013-12-31 10:52 - 2009-09-12 09:17 - 00000000 ____D C:\Users\Owner\Downloads\Björk
2013-12-31 10:52 - 2009-09-02 16:05 - 00000000 ____D C:\Users\Owner\Downloads\Bright Eyes Complete Discography
2013-12-31 10:52 - 2009-09-02 11:55 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-31 10:52 - 2009-09-02 11:16 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-31 10:52 - 2009-09-02 11:16 - 00000000 ____D C:\Program Files\Adobe
2013-12-31 10:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\spool
2013-12-31 10:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-12-31 10:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
2013-12-30 21:28 - 2013-12-30 21:28 - 00000092 _____ C:\Users\Owner\AppData\Roaming\mbam.context.scan
2013-12-30 21:12 - 2013-12-30 21:12 - 49940480 _____ C:\Program Files\GUT61E4.tmp
2013-12-30 21:09 - 2009-09-02 11:04 - 00134992 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-30 20:27 - 2010-08-25 21:11 - 00000000 ____D C:\Users\Owner\Downloads\Flashbulb - Temp;
2013-12-20 16:46 - 2013-12-20 16:46 - 00000000 ____D C:\Program Files\Mozilla Firefox(1)
2013-12-17 17:14 - 2013-10-28 12:43 - 00000000 ____D C:\Users\Owner\Documents\StrategicManagement
2013-12-11 12:37 - 2013-12-11 12:33 - 00000000 ____D C:\Users\Owner\Downloads\No. 12 Person Pitch [2007]
2013-12-08 15:46 - 2013-12-08 12:02 - 00000000 ____D C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-02 18:26
==================== End Of Log ============================