Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What does my Log mean?Do I need to do something?


  • This topic is locked This topic is locked
5 replies to this topic

#1 sabrinaward1979

sabrinaward1979

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 11 July 2014 - 08:06 PM

I ran combofix, my brother in law is a media technology computer guy and told me that is was a great program. So attached is my log, do I need to do something next?

 

 

Thanks!!

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 16 July 2014 - 01:30 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 sabrinaward1979

sabrinaward1979
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 17 July 2014 - 09:35 AM

OK, I did everything you said. It seems to have helped. Pasted below are the logs you requested. If there is something else that I can do to make it run a little faster please let me know or of any other problems that I am unaware of.

 

Thank you for all your help!

You are awesome!

 

 

 

LOG

 

 

# AdwCleaner v3.215 - Report created 16/07/2014 at 19:43:19
# Updated 09/07/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : sabrina - SABRINA-PC
# Running from : C:\Users\sabrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HM8NNWLJ\adwcleaner_3.215.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\SearchProtect
[!] Folder Deleted : C:\ProgramData\ParetoLogic
[!] Folder Deleted : C:\Program Files (x86)\BearShare Applications
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Users\Lena\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\Lena\AppData\LocalLow\MixiDJ_V30
[!] Folder Deleted : C:\Users\mallory\AppData\LocalLow\AskToolbar
[!] Folder Deleted : C:\Users\mallory\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\mallory\AppData\LocalLow\MixiDJ_V30
[!] Folder Deleted : C:\Users\sabrina\AppData\Roaming\DriverCure
[!] Folder Deleted : C:\Users\sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\bearsharemediabartb
Key Deleted : HKLM\Software\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[ File : C:\Users\mallory\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[ File : C:\Users\sabrina\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : fdkednngfjmpnljkolbapdednncafhen

*************************

AdwCleaner[R0].txt - [4943 octets] - [16/07/2014 19:40:16]
AdwCleaner[S0].txt - [4711 octets] - [16/07/2014 19:43:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4771 octets] ##########

 

LOG

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by sabrina (administrator) on SABRINA-PC on 17-07-2014 09:12:32
Running from C:\Users\sabrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IG3OHNU9
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [462336 2008-12-22] (IDT, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe [438403 2008-02-19] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296056 2012-06-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1517215259-1916542005-2966445014-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1517215259-1916542005-2966445014-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-25] (Google Inc.)
HKU\S-1-5-21-1517215259-1916542005-2966445014-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1517215259-1916542005-2966445014-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1517215259-1916542005-2966445014-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\mallory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
GroupPolicyUsers\S-1-5-21-1517215259-1916542005-2966445014-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1517215259-1916542005-2966445014-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {A693764E-D8C1-4F63-AC1E-4DEB55CAA8EC} URL = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {2C910865-F63A-46E7-A70C-45B662B33D04} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {2C910865-F63A-46E7-A70C-45B662B33D04} URL = https://www.google.com/search?q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} -  No File
Toolbar: HKCU - No Name - {167D9323-F7CC-48F5-948A-6F012831A69F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.62

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\sabrina\AppData\Local\Roblox\Versions\version-1112937d32504d8c\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\sabrina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\sabrina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-02]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-26]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz
FF Extension: WordCaptureX - C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz [2012-02-10]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Reader Application Detector) - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\sabrina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\sabrina\AppData\Local\Roblox\Versions\version-14fe283fc52248e5\\NPRobloxProxy.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-06-14]
CHR Extension: (Skype Click to Call) - C:\Users\sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-02-13]
CHR Extension: (Google Wallet) - C:\Users\sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WhiteSmokeTranslator [2012-02-10]

==================== Services (Whitelisted) =================

R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [10408 2010-10-08] (Microsoft) [File not signed]
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [88576 2008-12-22] (Andrea Electronics Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe [281600 2008-12-22] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S1 bcqfhwei; \??\C:\Windows\system32\drivers\bcqfhwei.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-17 09:12 - 2014-07-17 09:12 - 00000000 ____D () C:\FRST
2014-07-16 19:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-16 19:40 - 2014-07-16 19:44 - 00000000 ____D () C:\AdwCleaner
2014-07-11 20:32 - 2014-07-11 20:32 - 00016910 _____ () C:\ComboFix.txt
2014-07-11 19:57 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-11 19:57 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-11 19:57 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-11 19:57 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-11 19:57 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-11 19:57 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-11 19:57 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-11 19:57 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-11 19:52 - 2014-07-11 20:32 - 00000000 ____D () C:\Qoobox
2014-07-11 19:51 - 2014-07-11 20:27 - 00000000 ____D () C:\Windows\erdnt
2014-07-11 19:49 - 2014-07-11 19:50 - 00610798 _____ (Max Secure Software) C:\Users\sabrina\Desktop\MaxSDDMnew.exe
2014-07-10 22:52 - 2014-07-17 08:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 22:51 - 2014-07-10 22:51 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-10 22:51 - 2014-07-10 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-10 22:51 - 2014-07-10 22:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-10 22:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-10 22:51 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-10 21:24 - 2014-07-10 21:24 - 00000912 _____ () C:\Users\sabrina\Desktop\JCC Transcript - Shortcut.lnk
2014-07-09 20:47 - 2014-06-07 00:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 20:47 - 2014-06-06 23:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 20:47 - 2014-06-06 22:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 20:47 - 2014-06-06 22:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 20:47 - 2014-06-06 22:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 20:47 - 2014-06-06 22:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 20:47 - 2014-06-06 22:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 20:47 - 2014-06-06 22:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 20:47 - 2014-06-06 22:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 20:47 - 2014-06-06 22:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 20:47 - 2014-06-06 22:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 20:47 - 2014-06-06 22:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 20:47 - 2014-06-06 22:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 20:47 - 2014-06-06 22:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 20:47 - 2014-06-06 22:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 20:47 - 2014-06-06 22:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 20:47 - 2014-06-06 22:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 20:47 - 2014-06-06 22:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 20:47 - 2014-06-06 22:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 20:47 - 2014-06-06 22:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 20:47 - 2014-06-06 22:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 20:47 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 20:47 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 20:47 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 20:47 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 20:47 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 20:47 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 20:47 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-09 20:47 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 20:47 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 20:47 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 20:47 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 20:47 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 20:47 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 20:47 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 20:47 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-09 20:47 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 20:47 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 20:47 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-09 20:47 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 20:47 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-09 20:47 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 20:46 - 2014-06-06 20:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 20:46 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 20:46 - 2014-06-06 03:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 20:46 - 2014-05-30 03:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-06-26 14:09 - 2014-06-26 14:09 - 00003008 _____ () C:\Windows\System32\Tasks\{A35760FC-1DEE-4B1A-8E19-BE0810A63FD9}
2014-06-26 14:09 - 2014-06-26 14:09 - 00003008 _____ () C:\Windows\System32\Tasks\{1CF2EFB8-C7FA-4F7E-886B-DB175BC45108}
2014-06-22 13:58 - 2014-06-22 13:59 - 04990544 _____ (Adobe Systems Inc.) C:\Users\sabrina\Downloads\Shockwave_Installer_Slim.exe

==================== One Month Modified Files and Folders =======

2014-07-17 09:12 - 2014-07-17 09:12 - 00000000 ____D () C:\FRST
2014-07-17 09:10 - 2013-03-10 19:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 09:09 - 2009-03-10 23:59 - 01423625 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 08:36 - 2014-07-10 22:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 08:35 - 2011-04-25 18:36 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 08:28 - 2011-04-25 18:36 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 08:27 - 2011-04-02 10:48 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-17 08:27 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-17 08:27 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 08:27 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 07:43 - 2006-11-02 11:42 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-16 20:16 - 2013-06-05 07:32 - 00603294 _____ () C:\Windows\PFRO.log
2014-07-16 20:02 - 2013-06-04 19:03 - 00000000 ____D () C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2014-07-16 19:44 - 2014-07-16 19:40 - 00000000 ____D () C:\AdwCleaner
2014-07-16 19:34 - 2012-10-04 19:58 - 00000000 ____D () C:\Users\sabrina\AppData\Local\CrashDumps
2014-07-14 13:44 - 2013-08-04 22:05 - 00001157 _____ () C:\Users\sabrina\Desktop\ROBLOX Player.lnk
2014-07-14 13:44 - 2013-08-04 22:03 - 00000964 _____ () C:\Users\sabrina\Desktop\ROBLOX Studio 2013.lnk
2014-07-14 13:44 - 2013-08-04 22:03 - 00000000 ____D () C:\Users\sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-07-14 12:55 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-11 21:23 - 2012-02-10 17:45 - 00000000 ____D () C:\Program Files (x86)\WhiteSmokeTranslator
2014-07-11 20:43 - 2011-04-02 10:50 - 00059480 _____ () C:\Users\sabrina\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-11 20:41 - 2006-11-02 11:21 - 00272560 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 20:37 - 2012-11-01 22:15 - 00000000 ____D () C:\Users\sabrina\AppData\Local\Sony Corporation
2014-07-11 20:32 - 2014-07-11 20:32 - 00016910 _____ () C:\ComboFix.txt
2014-07-11 20:32 - 2014-07-11 19:52 - 00000000 ____D () C:\Qoobox
2014-07-11 20:32 - 2006-11-02 09:33 - 00000000 __RHD () C:\Users\Default
2014-07-11 20:27 - 2014-07-11 19:51 - 00000000 ____D () C:\Windows\erdnt
2014-07-11 20:25 - 2006-11-02 08:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-11 20:22 - 2011-04-02 10:47 - 00000000 ____D () C:\Users\sabrina
2014-07-11 19:50 - 2014-07-11 19:49 - 00610798 _____ (Max Secure Software) C:\Users\sabrina\Desktop\MaxSDDMnew.exe
2014-07-11 19:50 - 2011-08-19 07:01 - 00000000 ____D () C:\Users\sabrina\AppData\Roaming\GetRightToGo
2014-07-10 22:52 - 2012-06-25 21:42 - 00000000 ____D () C:\Users\sabrina\AppData\Roaming\Malwarebytes
2014-07-10 22:51 - 2014-07-10 22:51 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-10 22:51 - 2014-07-10 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-10 22:51 - 2014-07-10 22:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-10 22:51 - 2012-06-25 21:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 21:24 - 2014-07-10 21:24 - 00000912 _____ () C:\Users\sabrina\Desktop\JCC Transcript - Shortcut.lnk
2014-07-10 03:25 - 2006-11-02 11:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:07 - 2013-08-15 03:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:02 - 2006-11-02 08:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-08 21:28 - 2013-03-10 19:37 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 21:28 - 2013-03-10 19:37 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 21:28 - 2011-06-18 19:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 21:26 - 2014-05-14 21:27 - 10603008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-06 18:07 - 2011-06-29 20:46 - 00000000 ____D () C:\Users\sabrina\AppData\Roaming\Skype
2014-06-26 14:09 - 2014-06-26 14:09 - 00003008 _____ () C:\Windows\System32\Tasks\{A35760FC-1DEE-4B1A-8E19-BE0810A63FD9}
2014-06-26 14:09 - 2014-06-26 14:09 - 00003008 _____ () C:\Windows\System32\Tasks\{1CF2EFB8-C7FA-4F7E-886B-DB175BC45108}
2014-06-22 14:02 - 2011-04-03 15:15 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-06-22 13:59 - 2014-06-22 13:58 - 04990544 _____ (Adobe Systems Inc.) C:\Users\sabrina\Downloads\Shockwave_Installer_Slim.exe
2014-06-20 18:30 - 2011-04-25 18:36 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 18:30 - 2011-04-25 18:36 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Files to move or delete:
====================
C:\Users\sabrina\jagex_cl_runescape_LIVE.dat
C:\Users\sabrina\random.dat

Some content of TEMP:
====================
C:\Users\sabrina\AppData\Local\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-17 08:35

==================== End Of Log ============================

 

LOG

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by sabrina at 2014-07-17 09:15:03
Running from C:\Users\sabrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IG3OHNU9
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Absolute Notifier (HKLM-x32\...\{EBE939ED-4612-45FD-A39E-77AC199C4273}) (Version: 1.2.12.10 - Absolute Software)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Complete Care Consumer Service Agreement (HKLM-x32\...\{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}) (Version: 2.0.0 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0023 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.211 - Alps Electric)
Dell Video Chat (remove only) (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6551) - SightSpeed Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version:  - )
DELL0604 (x32 Version: 1.0.0 - WildTangent) Hidden
Dell-eBay (HKLM-x32\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Integrated Webcam Driver (1.06.03.0309)   (HKLM\...\Creative OA001) (Version: 1.06.03.0309 - Creative Technology Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
ITECIR (HKLM-x32\...\{F6BB6248-C507-46FE-8A35-1B16F35E0441}) (Version: 1.9 - ITE)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaBar (HKLM-x32\...\BearShare 2 MediaBar) (Version: 2.5.0.100449 - Musiclab, LLC) <==== ATTENTION
MediaDirect (HKLM-x32\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.7 - Nikon)
Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.8 - Dell Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ROBLOX Player for sabrina (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for sabrina (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
SecondLifeViewer2 (remove only) (HKLM-x32\...\SecondLifeViewer2) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom HOME 2.8.4.2596 (HKLM-x32\...\TomTom HOME) (Version: 2.8.4.2596 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.6.0 - Nikon)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.2 - Xvid Team)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A02B06 - ZTE Corporation)

==================== Restore Points  =========================

15-06-2014 04:00:01 Scheduled Checkpoint
16-06-2014 04:00:00 Scheduled Checkpoint
16-06-2014 07:36:00 Windows Update
17-06-2014 04:00:01 Scheduled Checkpoint
18-06-2014 04:00:01 Scheduled Checkpoint
19-06-2014 04:00:01 Scheduled Checkpoint
20-06-2014 04:00:01 Scheduled Checkpoint
20-06-2014 06:15:24 Windows Update
21-06-2014 04:00:02 Scheduled Checkpoint
22-06-2014 04:00:01 Scheduled Checkpoint
24-06-2014 22:41:51 Windows Update
28-06-2014 11:48:45 Windows Update
01-07-2014 11:56:07 Windows Update
05-07-2014 11:48:47 Windows Update
09-07-2014 01:44:45 Windows Update
10-07-2014 07:00:14 Windows Update
11-07-2014 01:33:25 Windows Update
11-07-2014 01:41:00 Windows Update
12-07-2014 00:36:10 Removed Reader for PC.
14-07-2014 16:43:14 Windows Update
16-07-2014 23:58:12 Removed SpyHunter
17-07-2014 00:00:43 Removed SpyHunter
17-07-2014 11:32:48 Windows Update

==================== Hosts content: ==========================

2006-11-02 08:34 - 2014-07-11 20:25 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {2014D347-CA43-4F45-897F-57FDEA911A4C} - System32\Tasks\RunAsStdUser Task => C:\Users\sabrina\AppData\Local\blueturtlegamesSA\bin\1.0.3.0\BlueTurtleGamesSA.exe
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {31B32DFF-CB4E-48C7-9A92-28089583560E} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {31F08EA2-1582-4DD1-AFC7-BF8F9D0910B4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {349B626C-FC4F-40DE-81D7-4D2243F66C33} - System32\Tasks\{A35760FC-1DEE-4B1A-8E19-BE0810A63FD9} => Iexplore.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar
Task: {36666B19-CAF8-4F8C-AF35-A95805D4D4CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {3A99590A-59E4-4DE4-87DB-976512285D85} - System32\Tasks\4917 => Wscript.exe C:\Users\sabrina\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {3B3D3D16-0F5C-43F4-8370-62FC409E2F70} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1517215259-1916542005-2966445014-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {5717445D-62F1-4FB4-ACBE-BD2002A2A1DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {6E1801D4-B827-413E-9B02-03EA1DD22EF7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1517215259-1916542005-2966445014-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {832867E9-8E5F-4537-9143-8283DE370669} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1517215259-1916542005-2966445014-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {939DA81F-A8A4-48C9-8B2B-D86D8BA4D219} - System32\Tasks\{1CF2EFB8-C7FA-4F7E-886B-DB175BC45108} => Iexplore.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar
Task: {9CB7195E-DFC9-45A7-BEF3-AEA7C43488AB} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
Task: {BE1F2C51-AA10-435E-91BF-E0893BC3D2E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {C19BBEEA-BB46-4B34-9629-77556BD3FF74} - System32\Tasks\{B1A3A781-1E0F-44B7-9C37-7340577DE379} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {D0FC1B5D-29AC-4890-AC8C-2D9C61B27ECD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E2816640-C422-43A4-BA7A-34B1F3320340} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1517215259-1916542005-2966445014-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {E49B477F-6E99-4C7A-BA9E-0510F7E1FDCF} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F27A700D-2399-4465-8225-F76ACCEAD52F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-15 05:01 - 2014-02-15 05:01 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\0f48d9153765cbcf00b5d108df293b96\VistaBridgeLibrary.ni.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\ProgramData\TEMP:FF9C44FE

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvid\CheckUpdate.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2014 08:27:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2014 08:27:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname sabrina-PC.local already in use; will try sabrina-PC-2.local instead

Error: (07/17/2014 08:27:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 sabrina-PC.local. Addr 192.168.1.100

Error: (07/17/2014 08:27:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.122:5353    4 Sabrina-PC.local. Addr 192.168.1.122

Error: (07/17/2014 08:27:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname sabrina-PC.local already in use; will try sabrina-PC-2.local instead

Error: (07/17/2014 08:27:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 sabrina-PC.local. Addr 169.254.210.248

Error: (07/17/2014 08:27:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.122:5353    4 Sabrina-PC.local. Addr 192.168.1.122

Error: (07/17/2014 07:35:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: fc4
Start Time: 01cfa1b2fe67f591
Termination Time: 16

Error: (07/16/2014 08:24:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 08:23:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname sabrina-PC.local already in use; will try sabrina-PC-2.local instead

System errors:
=============
Error: (07/17/2014 09:13:15 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "GWSERVER       :0" could not be registered on the interface with IP address 192.168.1.100.
The computer with the IP address 192.168.1.50 did not allow the name to be claimed by
this computer.

Error: (07/17/2014 09:12:21 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "SCOTT-PC       :0" could not be registered on the interface with IP address 192.168.1.100.
The computer with the IP address 192.168.1.138 did not allow the name to be claimed by
this computer.

Error: (07/17/2014 09:11:37 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "SABRINA-PC     :0" could not be registered on the interface with IP address 192.168.1.100.
The computer with the IP address 192.168.1.122 did not allow the name to be claimed by
this computer.

Error: (07/17/2014 09:11:37 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "GWSTAFF-PC     :0" could not be registered on the interface with IP address 192.168.1.100.
The computer with the IP address 192.168.1.121 did not allow the name to be claimed by
this computer.

Error: (07/17/2014 09:11:19 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "TERESA-PC      :0" could not be registered on the interface with IP address 192.168.1.100.
The computer with the IP address 192.168.1.113 did not allow the name to be claimed by
this computer.

Error: (07/17/2014 09:11:00 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "RNPD178FA      :0" could not be registered on the interface with IP address 192.168.1.100.
The computer with the IP address 192.168.1.5 did not allow the name to be claimed by
this computer.

Error: (07/17/2014 09:10:45 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "BEN-PC         :0" could not be registered on the interface with IP address 192.168.1.100.
The computer with the IP address 192.168.1.103 did not allow the name to be claimed by
this computer.

Error: (07/17/2014 09:02:36 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "GWSERVER       :0" could not be registered on the interface with IP address 192.168.1.100.
The computer with the IP address 192.168.1.50 did not allow the name to be claimed by
this computer.

Error: (07/17/2014 09:01:40 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "SCOTT-PC       :0" could not be registered on the interface with IP address 192.168.1.100.
The computer with the IP address 192.168.1.138 did not allow the name to be claimed by
this computer.

Error: (07/17/2014 09:00:59 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "GWSTAFF-PC     :0" could not be registered on the interface with IP address 192.168.1.100.
The computer with the IP address 192.168.1.121 did not allow the name to be claimed by
this computer.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-17 09:14:51.420
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 09:14:50.936
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 09:14:50.437
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 09:14:49.938
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 09:14:49.174
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 09:14:48.690
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 09:14:48.191
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 09:14:47.692
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 08:50:30.324
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-17 08:50:29.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 4027.98 MB
Available physical RAM: 2401.79 MB
Total Pagefile: 8263.24 MB
Available Pagefile: 6478.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:222.81 GB) (Free:112.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:1.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=223 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 17 July 2014 - 10:05 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
GroupPolicyUsers\S-1-5-21-1517215259-1916542005-2966445014-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1517215259-1916542005-2966445014-1001\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {9565115D-C7D6-46D3-BD63-B67B481A4368} -  No File
Toolbar: HKCU - No Name - {167D9323-F7CC-48F5-948A-6F012831A69F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\sabrina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Reader Application Detector) - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll No File
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\sabrina\AppData\Local\Roblox\Versions\version-14fe283fc52248e5\\NPRobloxProxy.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
S1 bcqfhwei; \??\C:\Windows\system32\drivers\bcqfhwei.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
Task: {3A99590A-59E4-4DE4-87DB-976512285D85} - System32\Tasks\4917 => Wscript.exe C:\Users\sabrina\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {31B32DFF-CB4E-48C7-9A92-28089583560E} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
MediaBar (HKLM-x32\...\BearShare 2 MediaBar) (Version: 2.5.0.100449 - Musiclab, LLC) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\ProgramData\TEMP:FF9C44FE

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is it now?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 23 July 2014 - 09:33 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 29 July 2014 - 08:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users