Jump to content

PUP in registry key and files - what should I do?


Recommended Posts

Hi, I think I've posted this in the right place this time.

 

My computer's been crashing recently, (and some of my social media accounts were hacked, which I wondered if it might be related). I ran a Malwarebytes scan and it found lots of PUP items in several registry keys and other files.

 

I'm not sure what I can/should quarantine safely and whether I should go on to delete anything in addition to this.

 

I have attached the Malwarebytes log, and also the FRST and Addition logs.

 

I have also copied and pasted the FRST and Addition files below.

 

I know very little about all this so any help is much appreciated!

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Nabeelah (administrator) on NABEELAH-PC on 19-05-2014 22:38:00
Running from C:\Users\Nabeelah\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Spotify Ltd) C:\Users\Nabeelah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Flux Software LLC) C:\Users\Nabeelah\AppData\Local\FluxSoftware\Flux\flux.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\Nabeelah\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google) C:\Users\Nabeelah\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12661352 2011-08-01] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2776872 2011-08-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\Run: [spotify Web Helper] => C:\Users\Nabeelah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\Run: [Google Update] => C:\Users\Nabeelah\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-15] (Google Inc.)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\Run: [f.lux] => C:\Users\Nabeelah\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\MountPoints2: {39f968aa-2e3f-11e2-a186-88532e9280d7} - F:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\MountPoints2: {a457c32e-8bc1-11e2-91d7-88532e9280d7} - F:\KODAK_Camera_Setup_App.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Nabeelah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nabeelah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110824&tt=4912_4&babsrc=SP_ss&mntrId=30817e0700000000000088532e9280d4
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Nabeelah\AppData\Roaming\Mozilla\Firefox\Profiles\rrdgv0s2.default
FF user.js: detected! => C:\Users\Nabeelah\AppData\Roaming\Mozilla\Firefox\Profiles\rrdgv0s2.default\user.js
FF NewTab: hxxp://search.babylon.com/?affID=110824&tt=4912_4&babsrc=NT_ss&mntrId=30817e0700000000000088532e9280d4
FF SearchEngineOrder.1: Search the web (Babylon)
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.babylon.com/?affID=110824&tt=4912_4&babsrc=HP_ss&mntrId=30817e0700000000000088532e9280d4
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Nabeelah\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Nabeelah\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Nabeelah\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Nabeelah\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nabeelah\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nabeelah\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Nabeelah\AppData\Roaming\Mozilla\Firefox\Profiles\rrdgv0s2.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Nabeelah\AppData\Roaming\Mozilla\Firefox\Profiles\rrdgv0s2.default\searchplugins\mngr.xml
FF Extension: Add to Wishpot - C:\Users\Nabeelah\AppData\Roaming\Mozilla\Firefox\Profiles\rrdgv0s2.default\Extensions\jid0-rQAKfA8xtr968vDoIiJalXYS0q0@jetpack [2012-11-26]
FF Extension: feedly - C:\Users\Nabeelah\AppData\Roaming\Mozilla\Firefox\Profiles\rrdgv0s2.default\Extensions\feedly@devhd.xpi [2013-06-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-22]
FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension

Chrome:
=======
CHR HomePage: hxxp://search.babylon.com/?affID=110824&tt=4912_4&babsrc=HP_ss&mntrId=30817e0700000000000088532e9280d4
CHR StartupUrls: "hxxp://search.babylon.com/?affID=110824&tt=4912_4&babsrc=HP_ss&mntrId=30817e0700000000000088532e9280d4"
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Nabeelah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-10-19]
CHR Extension: (YouTube) - C:\Users\Nabeelah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-19]
CHR Extension: (McAfee Security Scan+) - C:\Users\Nabeelah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-25]
CHR Extension: (Adblock Plus) - C:\Users\Nabeelah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-10-19]
CHR Extension: (Google Search) - C:\Users\Nabeelah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-19]
CHR Extension: (bitly | ♥  your bitmarks) - C:\Users\Nabeelah\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2013-05-06]
CHR Extension: (Google Wallet) - C:\Users\Nabeelah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Reader) - C:\Users\Nabeelah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2012-10-19]
CHR Extension: (Gmail) - C:\Users\Nabeelah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-19]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Nabeelah\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-08-08]
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.crx [2012-08-08]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-23] (Diskeeper Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2879176 2012-12-27] (Samsung Electronics CO., LTD.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-23] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-23] (Diskeeper Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-19 22:38 - 2014-05-19 22:38 - 00020008 _____ () C:\Users\Nabeelah\Downloads\FRST.txt
2014-05-19 22:37 - 2014-05-19 22:38 - 00000000 ____D () C:\FRST
2014-05-19 22:09 - 2014-05-19 22:37 - 02067456 _____ (Farbar) C:\Users\Nabeelah\Downloads\FRST64.exe
2014-05-19 22:01 - 2014-05-19 22:01 - 00015095 _____ () C:\Users\Nabeelah\Desktop\MBscan1.txt
2014-05-19 19:17 - 2014-05-19 19:18 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 19:16 - 2014-05-19 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 19:16 - 2014-05-19 19:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 19:16 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-18 23:54 - 2014-05-18 23:54 - 00107785 _____ () C:\Users\Nabeelah\Desktop\Backup of Aeon essay draft 3(2)(2).wbk
2014-05-18 23:38 - 2014-05-18 23:38 - 00000000 ___SH () C:\DkHyperbootSync
2014-05-18 11:56 - 2014-05-18 22:33 - 00109179 _____ () C:\Users\Nabeelah\Downloads\Backup of Aeon essay draft 3(2)(2).wbk
2014-05-18 11:56 - 2014-05-18 11:56 - 00107891 _____ () C:\Users\Nabeelah\Downloads\~WRL0697.tmp
2014-05-16 08:26 - 2014-05-06 05:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-16 08:26 - 2014-05-06 05:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-16 08:26 - 2014-05-06 04:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-16 08:26 - 2014-05-06 04:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-16 08:26 - 2014-05-06 04:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-16 08:26 - 2014-05-06 03:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-16 01:00 - 2014-05-16 01:00 - 00095990 _____ () C:\Users\Nabeelah\Desktop\Backup of Aeon essay draft 3(2).wbk
2014-05-15 20:11 - 2014-05-15 20:11 - 00086948 _____ () C:\Users\Nabeelah\Downloads\Backup of Aeon essay draft 3(1).wbk
2014-05-15 19:16 - 2014-05-09 07:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-15 19:16 - 2014-05-09 07:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-15 19:16 - 2014-04-12 03:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-15 19:16 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-15 19:16 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-15 19:16 - 2014-03-04 10:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-15 19:16 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-15 19:16 - 2014-03-04 10:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-15 19:16 - 2014-03-04 10:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-15 19:16 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-15 19:16 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-15 19:16 - 2014-03-04 10:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-15 19:16 - 2014-03-04 10:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-15 19:15 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-15 19:15 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-15 19:15 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-15 19:15 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-15 19:15 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-15 19:15 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-15 19:15 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-15 19:15 - 2014-04-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-15 19:15 - 2014-03-04 10:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-15 19:15 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-15 19:15 - 2014-03-04 10:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-15 19:15 - 2014-03-04 10:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-15 19:15 - 2014-03-04 10:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-15 19:15 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-15 19:15 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-15 19:15 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-15 19:15 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-15 19:15 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-15 19:15 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-15 19:15 - 2014-03-04 10:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-15 19:15 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-15 19:15 - 2014-03-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-15 19:15 - 2014-03-04 10:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-15 19:15 - 2014-03-04 10:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-15 19:15 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-15 19:15 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-15 19:15 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-15 19:15 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-15 19:15 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-15 19:15 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-15 19:15 - 2014-03-04 10:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-15 19:15 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-14 19:27 - 2014-05-14 22:50 - 00083099 _____ () C:\Users\Nabeelah\Downloads\Backup of Aeon essay draft 2(1)(1).wbk
2014-05-13 22:06 - 2014-05-13 22:06 - 00067919 _____ () C:\Users\Nabeelah\Downloads\Backup of Aeon essay draft 2(1).wbk
2014-05-13 22:06 - 2014-05-13 22:06 - 00053377 _____ () C:\Users\Nabeelah\Downloads\Backup of Brigid's edits essay(1).wbk
2014-05-09 21:54 - 2014-05-09 21:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 08:43 - 2014-05-16 09:02 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-05 11:25 - 2014-05-05 11:26 - 00262144 _____ () C:\windows\Minidump\050514-22027-01.dmp
2014-05-04 11:55 - 2014-05-04 11:55 - 00000000 ____D () C:\Users\Nabeelah\AppData\Roaming\DropboxMaster

==================== One Month Modified Files and Folders =======

2014-05-19 22:38 - 2014-05-19 22:38 - 00020008 _____ () C:\Users\Nabeelah\Downloads\FRST.txt
2014-05-19 22:38 - 2014-05-19 22:37 - 00000000 ____D () C:\FRST
2014-05-19 22:37 - 2014-05-19 22:09 - 02067456 _____ (Farbar) C:\Users\Nabeelah\Downloads\FRST64.exe
2014-05-19 22:16 - 2013-02-24 18:27 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000UA.job
2014-05-19 22:05 - 2012-10-19 23:15 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-19 22:01 - 2014-05-19 22:01 - 00015095 _____ () C:\Users\Nabeelah\Desktop\MBscan1.txt
2014-05-19 22:00 - 2012-10-19 17:38 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-19 22:00 - 2011-11-20 02:59 - 01710663 _____ () C:\windows\WindowsUpdate.log
2014-05-19 21:27 - 2009-07-14 06:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-19 19:25 - 2009-07-14 05:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-19 19:25 - 2009-07-14 05:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-19 19:18 - 2014-05-19 19:17 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 19:16 - 2014-05-19 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 19:16 - 2014-05-19 19:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 19:16 - 2012-12-22 00:19 - 00000000 ____D () C:\Users\Nabeelah\AppData\Roaming\Malwarebytes
2014-05-19 19:16 - 2012-12-22 00:18 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-19 19:16 - 2012-12-22 00:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 19:16 - 2012-12-22 00:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-19 19:15 - 2013-01-25 16:31 - 00000000 ___RD () C:\Users\Nabeelah\Dropbox
2014-05-19 19:15 - 2013-01-25 16:29 - 00000000 ____D () C:\Users\Nabeelah\AppData\Roaming\Dropbox
2014-05-19 19:15 - 2012-10-19 18:20 - 00000000 ____D () C:\Users\Nabeelah\AppData\Roaming\Skype
2014-05-19 19:13 - 2012-12-22 00:07 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-05-19 19:11 - 2012-10-19 17:38 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-19 19:11 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-19 19:11 - 2009-07-14 05:51 - 00112787 _____ () C:\windows\setupact.log
2014-05-18 23:54 - 2014-05-18 23:54 - 00107785 _____ () C:\Users\Nabeelah\Desktop\Backup of Aeon essay draft 3(2)(2).wbk
2014-05-18 23:38 - 2014-05-18 23:38 - 00000000 ___SH () C:\DkHyperbootSync
2014-05-18 23:27 - 2013-02-24 18:27 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000Core.job
2014-05-18 22:33 - 2014-05-18 11:56 - 00109179 _____ () C:\Users\Nabeelah\Downloads\Backup of Aeon essay draft 3(2)(2).wbk
2014-05-18 11:56 - 2014-05-18 11:56 - 00107891 _____ () C:\Users\Nabeelah\Downloads\~WRL0697.tmp
2014-05-18 10:33 - 2012-10-19 18:08 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-05-16 23:46 - 2012-12-03 13:08 - 00000000 ____D () C:\Users\Nabeelah\AppData\Roaming\Spotify
2014-05-16 20:15 - 2012-12-03 13:08 - 00000000 ____D () C:\Users\Nabeelah\AppData\Local\Spotify
2014-05-16 19:28 - 2012-10-29 21:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 19:25 - 2012-10-19 16:52 - 00000000 ___RD () C:\Users\Nabeelah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 19:25 - 2012-10-19 16:52 - 00000000 ___RD () C:\Users\Nabeelah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 09:02 - 2014-05-07 08:43 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-16 08:26 - 2012-10-19 17:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 08:25 - 2013-07-14 02:15 - 00000000 ____D () C:\windows\system32\MRT
2014-05-16 08:22 - 2012-11-15 00:01 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-16 01:00 - 2014-05-16 01:00 - 00095990 _____ () C:\Users\Nabeelah\Desktop\Backup of Aeon essay draft 3(2).wbk
2014-05-15 20:11 - 2014-05-15 20:11 - 00086948 _____ () C:\Users\Nabeelah\Downloads\Backup of Aeon essay draft 3(1).wbk
2014-05-15 19:21 - 2013-01-25 16:31 - 00001029 _____ () C:\Users\Nabeelah\Desktop\Dropbox.lnk
2014-05-15 19:21 - 2013-01-25 16:30 - 00000000 ____D () C:\Users\Nabeelah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-14 22:50 - 2014-05-14 19:27 - 00083099 _____ () C:\Users\Nabeelah\Downloads\Backup of Aeon essay draft 2(1)(1).wbk
2014-05-13 22:06 - 2014-05-13 22:06 - 00067919 _____ () C:\Users\Nabeelah\Downloads\Backup of Aeon essay draft 2(1).wbk
2014-05-13 22:06 - 2014-05-13 22:06 - 00053377 _____ () C:\Users\Nabeelah\Downloads\Backup of Brigid's edits essay(1).wbk
2014-05-13 20:05 - 2012-10-19 23:15 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 20:05 - 2012-10-19 23:15 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 20:05 - 2012-10-19 23:15 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 20:49 - 2012-10-19 17:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 20:49 - 2010-11-21 04:47 - 00411426 _____ () C:\windows\PFRO.log
2014-05-10 10:53 - 2014-03-29 13:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-05-09 23:40 - 2012-11-26 10:25 - 00000000 ____D () C:\Users\Nabeelah\AppData\Local\CrashDumps
2014-05-09 21:54 - 2014-05-09 21:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 07:14 - 2014-05-15 19:16 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 07:11 - 2014-05-15 19:16 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-08 23:11 - 2013-02-24 18:27 - 00003896 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000UA
2014-05-08 23:11 - 2013-02-24 18:27 - 00003500 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000Core
2014-05-08 22:54 - 2012-10-19 17:38 - 00003898 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 22:54 - 2012-10-19 17:38 - 00003646 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 05:40 - 2014-05-16 08:26 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 05:17 - 2014-05-16 08:26 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 04:25 - 2014-05-16 08:26 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-06 04:07 - 2014-05-16 08:26 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-06 04:00 - 2014-05-16 08:26 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-06 03:10 - 2014-05-16 08:26 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-05 19:08 - 2013-05-21 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-05 11:26 - 2014-05-05 11:25 - 00262144 _____ () C:\windows\Minidump\050514-22027-01.dmp
2014-05-05 11:25 - 2012-11-01 17:13 - 694937069 _____ () C:\windows\MEMORY.DMP
2014-05-05 11:25 - 2012-11-01 17:13 - 00000000 ____D () C:\windows\Minidump
2014-05-04 12:48 - 2012-11-04 21:56 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-04 11:55 - 2014-05-04 11:55 - 00000000 ____D () C:\Users\Nabeelah\AppData\Roaming\DropboxMaster
2014-04-30 14:12 - 2012-10-19 17:30 - 00000000 ____D () C:\Users\Nabeelah\AppData\Roaming\Mozilla

Some content of TEMP:
====================
C:\Users\Nabeelah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcjpca2.dll
C:\Users\Nabeelah\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Nabeelah\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Nabeelah\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Nabeelah\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Nabeelah\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Nabeelah\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Nabeelah\AppData\Local\Temp\ose00000.exe
C:\Users\Nabeelah\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nabeelah\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-15 19:16] - [2014-03-04 10:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-11 11:56

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Nabeelah at 2014-05-19 22:38:46
Running from C:\Users\Nabeelah\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security (Disabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}

==================== Installed Programs ======================

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
AbleWord v2.1 (HKLM-x32\...\AbleWord_is1) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ATI Catalyst Install Manager (HKLM\...\{B194DC38-34A3-18E5-1B2C-409402CC6684}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
Babylon Chrome Toolbar (HKLM-x32\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.4 - Babylon Ltd) <==== ATTENTION
Babylon toolbar  (HKLM-x32\...\BabylonToolbar) (Version:  - BabylonToolbar) <==== ATTENTION
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version:  - )
Canon MG4100 series On-screen Manual (HKLM-x32\...\Canon MG4100 series On-screen Manual) (Version:  - )
Canon MG4100 series User Registration (HKLM-x32\...\Canon MG4100 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.0902.1044.17395 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0902.1044.17395 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0902.1044.17395 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0902.1044.17395 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help English (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help French (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help German (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0902.1043.17395 - ATI) Hidden
ccc-utility64 (Version: 2011.0902.1044.17395 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.1.1705 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.44 - Samsung)
ETDWare PS/2-X64 10.0.7.3_WHQL (HKLM\...\Elantech) (Version: 10.0.7.3 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}) (Version: 1.0.64 - Diskeeper Corporation)
f.lux (HKCU\...\Flux) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Interactive Guide (HKLM-x32\...\{CB383BE9-7518-4ABD-826E-8FC4695F7D52}) (Version: 1.2 - )
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
JPG to PDF Converter 1.1 (HKLM-x32\...\JPG to PDF Converter) (Version: 1.1 - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OutWit Hub 3.0.3.28 (x86 en-US) (HKLM-x32\...\OutWit Hub 3.0.3.28 (x86 en-US)) (Version: 3.0.3.28 - OutWit)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
S Agent (Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11044_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11044_11 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
SW Update (HKLM-x32\...\{F5B5BA56-8FEB-494B-84E6-C8DA9C2BEE50}) (Version: 2.1.6 - Samsung Electronics CO., LTD.)
Tableau Public 7.0 (HKLM-x32\...\{7A83AD4E-8C0E-4F56-85F8-E412E132D475}) (Version: 7.0.512 - Tableau Software)
TweetDeck (HKLM-x32\...\{F587CC88-D29F-40DA-9268-EEE18D2AF426}) (Version: 2.0.2 - Twitter, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.5 - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

07-05-2014 07:43:03 Windows Update
15-05-2014 18:10:01 Windows Update
16-05-2014 07:19:36 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0A37AACB-6A39-4E2E-B9A5-3EE6156419CF} - System32\Tasks\KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2011-11-09] (Samsung)
Task: {0A8CDF95-23E9-429A-87FA-DDFB27900350} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-11-30] (Samsung Electronics Co., Ltd.)
Task: {138869AB-168B-4FCF-AABA-5692A5912E69} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19] (Google Inc.)
Task: {168962AF-7B77-40DA-8AE0-4797B12D6E64} - System32\Tasks\EPUpdater => C:\Users\Nabeelah\AppData\Roaming\BabMaint.exe [2013-02-09] () <==== ATTENTION
Task: {1C572912-21A8-47B8-83E9-16821F591E73} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-10-25] (Samsung Electronics CO., LTD.)
Task: {36AEFFE0-7691-4F37-B81E-B6C1E496B71F} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-10-12] (SAMSUNG Electronics)
Task: {3B61B99D-DC5E-4D1B-98FB-3D8B1E3AE6E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19] (Google Inc.)
Task: {4570A0CE-6053-457D-A3B9-8CCAD4D662EE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000Core => C:\Users\Nabeelah\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-15] (Google Inc.)
Task: {4A122E64-4768-4CE5-820D-DE948626675F} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {538859C9-4791-4379-8E4A-1C348D47990C} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A06\EPM.exe
Task: {7075C30A-48AE-4A22-B4C3-18091EE1F54F} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {7124549E-E97B-4E9B-9357-6ED543406F1E} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-11-30] (Samsung Electronics)
Task: {75409EB7-8491-4170-B4C4-BC5B8C455A1C} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-11-30] (Samsung Electronics Co., Ltd.)
Task: {78F52835-B936-4DF7-BA19-ED60D4A8D186} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {8661DDBB-1A4C-4197-B8BD-A75867E8D55E} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
Task: {8CF337A0-05D7-42C0-861C-310FF3E4E579} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
Task: {982C7C72-500B-408A-8605-0035884C279D} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-11-30] (Samsung Electronics Co., Ltd.)
Task: {9B4835B2-7A05-474A-9929-34769FADED0D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000UA => C:\Users\Nabeelah\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-15] (Google Inc.)
Task: {C245C41F-54EC-4FFE-B278-86FFA98D97D0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {FB9AB304-03F6-49A3-90A5-767DF7594D07} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {FC4DF834-065C-434C-9AEB-1EBA2335DC8F} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-11-30] (Samsung Electronics Co., Ltd.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000Core.job => C:\Users\Nabeelah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000UA.job => C:\Users\Nabeelah\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-15 09:46 - 2011-09-15 09:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-11-04 21:57 - 2011-02-07 08:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2011-09-15 09:46 - 2011-09-15 09:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-04-04 23:18 - 2011-04-04 23:18 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2011-11-20 03:06 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-05-19 19:16 - 2014-05-19 08:23 - 02292736 _____ () C:\Program Files\AVAST Software\Avast\defs\14051900\algo.dll
2011-11-20 03:18 - 2011-02-16 17:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2011-11-20 03:18 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2014-05-19 19:14 - 2014-05-19 19:14 - 00041984 _____ () c:\users\nabeelah\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcjpca2.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Nabeelah\AppData\Roaming\Dropbox\bin\libcef.dll
2011-11-20 03:22 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-05-09 21:54 - 2014-05-09 21:54 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter
Description: avast! SecureLine TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2014 09:43:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 29.0.1.5239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f4c

Start Time: 01cf73a0b929bbf4

Termination Time: 0

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: f8013982-df95-11e3-bd8a-88532e9280d7

Error: (05/19/2014 07:47:49 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (05/19/2014 07:11:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2014 11:51:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2014 10:16:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (05/18/2014 10:44:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 10:44:49 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (05/17/2014 10:20:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 07:26:47 PM) (Source: MsiInstaller) (EventID: 1024) (User: Nabeelah-PC)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/16/2014 07:23:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/19/2014 09:43:25 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/19/2014 09:41:24 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/19/2014 09:39:23 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/19/2014 09:38:13 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/19/2014 09:37:03 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/19/2014 09:34:53 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/19/2014 09:33:43 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/19/2014 09:33:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

Error: (05/19/2014 09:31:33 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (05/19/2014 09:29:32 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.


Microsoft Office Sessions:
=========================
Error: (01/02/2014 11:32:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 10808 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (01/02/2014 11:12:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 9624 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (04/28/2013 08:45:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4088 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (04/22/2013 06:19:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 8566 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (03/03/2013 04:05:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6926 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/03/2013 02:09:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1145 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (03/01/2013 11:29:05 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 622 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (03/01/2013 11:18:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3459 seconds with 2520 seconds of active time.  This session ended with a crash.

Error: (10/22/2012 02:26:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 213 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (10/22/2012 02:22:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 87 seconds with 60 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 8105.55 MB
Available physical RAM: 5595.13 MB
Total Pagefile: 16209.27 MB
Available Pagefile: 13462.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:178 GB) (Free:94.46 GB) NTFS
Drive d: () (Fixed) (Total:265.34 GB) (Free:265.24 GB) NTFS
Drive f: (STORE N GO) (Removable) (Total:7.45 GB) (Free:7.24 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 0D7D62F5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=178 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=22 GB) - (Type=27)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=7 GB) - (Type=73)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)

==================== End Of Log ============================

 

MBscan1.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

Welcome to the forum.

Please make sure you have created a new restore point and then back up the registry:
bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ---------------------------

    Please uninstall these from your add/remove programs:

    Babylon Chrome Toolbar
    Babylon toolbar


    --------------------------------

    Download the attached fixlist.txt to the same folder as FRST.exe.
    Run FRST.exe and click Fix only once and wait
    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ------------------------------------


    Clean out temp files:

    Download TFC from here and save it to your desktop.
    http://oldtimer.geekstogo.com/TFC.exe
    http://www.bleepingcomputer.com/download/tfc/dl/92/
    Close any open programs and Internet browsers.
    Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
    Please be patient as clearing out temp files may take a while.
    Once it completes you may be prompted to restart your computer, please do so.
    Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

    ----------------------------------------


    Please download AdwCleaner from HERE or HERE to your desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Last:

    If you're using Malwarebytes 2.0, please run a Threat Scan
    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
    Same for PUM (Potentially Unwanted Modifications)
    Quarantine All that's found

    Let me know....MrC


     
Link to post
Share on other sites

Thanks for this! I've run through the steps you outlined. Attached is the fixlog.txt file and also the log from AdwCleaner for review - I wasn't sure whether there were any files included in its results that I should keep.

 

Something strange has also happened since yesterday - I'm not sure if it happened at some point during my following the steps that you outlined, or whether anything I did had anything to do with it. Malwarebytes has stopped opening up when I double click on it. Yesterday it opened without problems but today, when I click, windows asks me for permission as usual and then it seems to be opening - the mouse turns into the circular 'doing something' icon - but then it suddenly goes back to being an arrow and Malwarebytes doesn't open. I tried doing this with Task Manager open on the processes tab, and noticed that although Malwarebytes launched as a process when I clicked on the icon, it is disappearing after a few seconds.

 

What should I do next? I really appreciate the help and advice.

 

 

Fixlog.txt

AdwCleanerR0.txt

Link to post
Share on other sites

Just to also add - it's still having trouble with becoming suddenly much slower and then eventually freezing after several hours of use. This has only happened since day before yesterday - not sure if it's connected to a virus or something.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.