Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unicoupons


  • This topic is locked This topic is locked
2 replies to this topic

#1 silverseamstress1125

silverseamstress1125

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 22 September 2014 - 05:16 PM

I looked through to see if I could find anything to help first, but the thread I found was incomplete.  I downloaded the Farbar recovery scan tool, and followed the other directions.  This is the text from both of the results, can anyone help me please???

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Faydra4 (administrator) on BUTTERCUPPC on 22-09-2014 12:25:08
Running from C:\Users\Faydra4\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Users\Faydra4\AppData\Local\fst_us_86\upfst_us_86.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(iMesh, Inc) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-08-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-09-11] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.)
HKLM-x32\...\Run: [fst_us_86] => "C:\Program Files (x86)\fst_us_86\fst_us_86.exe"
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\RunOnce: [upfst_us_86.exe] => C:\Users\Faydra4\AppData\Local\fst_us_86\upfst_us_86.exe [3267536 2014-06-02] ()
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2198833249-3730487086-3131359828-1002\...\Run: [iMesh] => C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe [31010816 2013-11-20] (iMesh, Inc)
HKU\S-1-5-21-2198833249-3730487086-3131359828-1002\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-2198833249-3730487086-3131359828-1002\...\Run: [PriceMeterW] => "C:\Users\Faydra4\AppData\Local\PriceMeter\pricemeterw.exe"
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Plugin HKCU: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll (iMesh)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://groovorio.com/?f=1&a=grv_tuto8_14_34&cd=2XzuyEtN2Y1L1Qzu0AtDtB0B0BzzyDtD0AyEtAyEyByB0AyEtN0D0Tzu0SzyyByCtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V2Z2Y2Z1Fzz1VtCyE1VtAyEtN1L1G1B1V1N2Y1L1Qzu2StDtBzzyD0F0EtBzytG0Czy0FyCtGzztB0CyEtGyDzz0EyBtGtCtA0B0B0DtD0DyBtDtBtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyD0FtCzzyDyE0CtGyC0C0C0BtGyE0ByEtAtG0A0AtB0FtG0AyCtCyByDyEzz0B0A0DyE0B2Q&cr=709827998&ir=
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Profile: C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-27]
CHR Extension: (Google Drive) - C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Groovorio New Tab) - C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm [2014-09-02]
CHR Extension: (YouTube) - C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-27]
CHR Extension: (Search Plus) - C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdpohbejnbclggljmoijjcpdhbaaijfm [2014-07-11]
CHR Extension: (Search) - C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-27]
CHR Extension: (Tampermonkey) - C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-05-27]
CHR Extension: (Just Pin It) - C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe [2014-06-27]
CHR Extension: (Doa Power Tools Plus IV by TLC) - C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgkjpfofcfabmfflmlknaeiihlnmnmjc [2014-05-27]
CHR Extension: (Google Wallet) - C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-27]
CHR Extension: (Gmail) - C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-27]
CHR Extension: (unicoupons) - C:\ProgramData\aoliolonmeklbiknakjddmfmdpjlkohg\ [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-08-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-08-30] (Cherished Technololgy LIMITED)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 Update ToggleMark; "C:\Program Files (x86)\ToggleMark\updateToggleMark.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-11] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-11] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys [61120 2014-06-02] (StdLib)
R1 {9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64; C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64.sys [61120 2014-08-30] (StdLib)
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}w64; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w64.sys [61120 2014-07-05] (StdLib)
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files (x86)\Music Toolbar\Datamngr\x64\setmgrc2.cfg [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 12:25 - 2014-09-22 12:26 - 00020793 _____ () C:\Users\Faydra4\Downloads\FRST.txt
2014-09-22 12:24 - 2014-09-22 12:25 - 00000000 ____D () C:\FRST
2014-09-22 12:24 - 2014-09-22 12:24 - 02105856 _____ (Farbar) C:\Users\Faydra4\Downloads\FRST64.exe
2014-09-22 12:22 - 2014-09-22 12:23 - 01097728 _____ (Farbar) C:\Users\Faydra4\Downloads\FRST (1).exe
2014-09-22 12:22 - 2014-09-22 12:22 - 01097728 _____ (Farbar) C:\Users\Faydra4\Downloads\FRST.exe
2014-09-22 12:11 - 2014-09-22 12:11 - 00000000 ____D () C:\ProgramData\9F
2014-09-17 18:54 - 2014-09-21 20:24 - 00000004 _____ () C:\Users\Faydra4\AppData\Roaming\appdataFr2.bin
2014-09-17 17:38 - 2014-09-17 17:38 - 00000000 ____D () C:\Program Files (x86)\websavEr
2014-09-17 17:15 - 2014-09-17 18:33 - 00000000 ____D () C:\ProgramData\websavEr
2014-09-16 19:11 - 2014-09-16 19:11 - 00000000 ____D () C:\cb01218b1ae9c803a008c3ca
2014-09-13 16:26 - 2014-08-15 21:56 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 16:26 - 2014-08-15 21:54 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 16:26 - 2014-08-15 21:43 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 16:26 - 2014-08-15 21:25 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 16:26 - 2014-08-15 21:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-13 16:26 - 2014-08-15 21:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 16:26 - 2014-08-15 20:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-13 16:25 - 2014-08-15 21:32 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 16:25 - 2014-08-15 21:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-13 16:25 - 2014-08-15 21:18 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 16:25 - 2014-08-15 21:06 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 16:25 - 2014-08-15 21:05 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 16:25 - 2014-08-15 21:05 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 16:25 - 2014-08-15 21:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-13 16:25 - 2014-08-15 20:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-13 16:25 - 2014-08-15 20:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-13 16:25 - 2014-08-15 20:44 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-13 16:24 - 2014-08-15 22:40 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 16:24 - 2014-08-15 21:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-13 16:24 - 2014-08-15 20:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 16:24 - 2014-08-15 20:18 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 16:24 - 2014-08-15 20:12 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 16:23 - 2014-08-15 22:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 16:23 - 2014-08-15 21:18 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-13 16:23 - 2014-08-15 20:56 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 16:23 - 2014-08-15 20:34 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 16:23 - 2014-08-15 20:20 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-13 16:23 - 2014-08-15 20:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-13 16:22 - 2014-08-15 21:03 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 16:22 - 2014-08-15 20:53 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 16:22 - 2014-08-15 20:44 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-13 16:21 - 2014-08-15 22:04 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-13 16:21 - 2014-08-15 22:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 16:21 - 2014-08-15 21:45 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-13 16:21 - 2014-08-15 20:51 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 16:12 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-11 16:11 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-11 16:00 - 2014-08-01 20:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-08 19:53 - 2014-09-22 12:15 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2198833249-3730487086-3131359828-1002
2014-09-07 18:49 - 2014-09-07 18:49 - 00000000 ____D () C:\Program Files (x86)\unicoupons
2014-09-07 18:46 - 2014-09-07 18:46 - 00000000 ____D () C:\ProgramData\DealsFactor
2014-09-07 18:45 - 2014-09-08 19:47 - 00000000 ____D () C:\ProgramData\unicoupons
2014-09-07 18:42 - 2014-09-07 18:42 - 00000000 ____D () C:\ProgramData\aoliolonmeklbiknakjddmfmdpjlkohg
2014-09-05 21:15 - 2014-09-05 21:15 - 00144760 _____ (Premium Installer ) C:\Users\Faydra4\Downloads\Player-Chrome (1).exe
2014-09-02 22:04 - 2014-09-05 19:50 - 00000000 ____D () C:\Program Files (x86)\ToggleMark
2014-09-02 22:02 - 2014-09-02 22:02 - 00000000 ____D () C:\Program Files (x86)\reeaLdeaol
2014-09-02 21:01 - 2014-09-08 19:47 - 00000000 ____D () C:\ProgramData\reeaLdeaol
2014-08-30 18:18 - 2014-08-30 18:18 - 00000000 ____D () C:\Program Files (x86)\loess2pay
2014-08-30 18:17 - 2014-08-30 14:26 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64.sys
2014-08-30 18:10 - 2014-08-30 18:10 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-08-30 18:09 - 2014-09-01 22:00 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-08-27 21:37 - 2014-08-22 20:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 12:27 - 2014-05-27 22:09 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 12:26 - 2014-09-22 12:25 - 00020793 _____ () C:\Users\Faydra4\Downloads\FRST.txt
2014-09-22 12:25 - 2014-09-22 12:24 - 00000000 ____D () C:\FRST
2014-09-22 12:24 - 2014-09-22 12:24 - 02105856 _____ (Farbar) C:\Users\Faydra4\Downloads\FRST64.exe
2014-09-22 12:23 - 2014-09-22 12:22 - 01097728 _____ (Farbar) C:\Users\Faydra4\Downloads\FRST (1).exe
2014-09-22 12:22 - 2014-09-22 12:22 - 01097728 _____ (Farbar) C:\Users\Faydra4\Downloads\FRST.exe
2014-09-22 12:15 - 2014-09-08 19:53 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2198833249-3730487086-3131359828-1002
2014-09-22 12:13 - 2014-06-05 23:14 - 00000000 ____D () C:\Users\Faydra4\AppData\Local\fst_us_86
2014-09-22 12:13 - 2014-05-21 22:00 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F1161470-891A-42E7-9363-09166EDC9AFD}
2014-09-22 12:11 - 2014-09-22 12:11 - 00000000 ____D () C:\ProgramData\9F
2014-09-22 12:11 - 2014-05-21 22:02 - 00000000 ____D () C:\Users\Faydra4\Documents\Youcam
2014-09-22 12:10 - 2014-05-27 22:09 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 12:10 - 2014-05-22 02:54 - 00000000 ___DO () C:\Users\Faydra4\SkyDrive
2014-09-22 12:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-22 00:46 - 2014-04-25 15:32 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-09-22 00:03 - 2014-05-30 16:19 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForFaydra4
2014-09-22 00:03 - 2014-05-30 16:19 - 00000364 _____ () C:\Windows\Tasks\HPCeeScheduleForFaydra4.job
2014-09-21 21:48 - 2014-05-21 21:59 - 01584327 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 20:43 - 2014-05-27 22:15 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-21 20:28 - 2013-08-26 02:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-21 20:24 - 2014-09-17 18:54 - 00000004 _____ () C:\Users\Faydra4\AppData\Roaming\appdataFr2.bin
2014-09-21 20:20 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 23:27 - 2014-05-21 21:59 - 00000000 ____D () C:\Users\Faydra4
2014-09-18 13:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-17 18:33 - 2014-09-17 17:15 - 00000000 ____D () C:\ProgramData\websavEr
2014-09-17 17:38 - 2014-09-17 17:38 - 00000000 ____D () C:\Program Files (x86)\websavEr
2014-09-17 17:38 - 2014-06-27 12:59 - 00000000 ____D () C:\ProgramData\3ad55e4f1efa41a3
2014-09-17 17:35 - 2014-06-05 01:33 - 00000000 ____D () C:\Users\Faydra4\AppData\Roaming\Systweak
2014-09-17 17:30 - 2014-06-05 23:22 - 00000000 ____D () C:\Users\Faydra4\AppData\Roaming\Activeris
2014-09-16 20:17 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-16 19:11 - 2014-09-16 19:11 - 00000000 ____D () C:\cb01218b1ae9c803a008c3ca
2014-09-16 19:11 - 2014-05-25 14:10 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-16 19:11 - 2014-05-25 14:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-15 19:43 - 2013-08-22 10:46 - 00030245 _____ () C:\Windows\setupact.log
2014-09-13 16:36 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-09-08 19:47 - 2014-09-07 18:45 - 00000000 ____D () C:\ProgramData\unicoupons
2014-09-08 19:47 - 2014-09-02 21:01 - 00000000 ____D () C:\ProgramData\reeaLdeaol
2014-09-08 19:47 - 2013-08-26 02:01 - 00019760 _____ () C:\Windows\PFRO.log
2014-09-07 18:49 - 2014-09-07 18:49 - 00000000 ____D () C:\Program Files (x86)\unicoupons
2014-09-07 18:46 - 2014-09-07 18:46 - 00000000 ____D () C:\ProgramData\DealsFactor
2014-09-07 18:42 - 2014-09-07 18:42 - 00000000 ____D () C:\ProgramData\aoliolonmeklbiknakjddmfmdpjlkohg
2014-09-07 02:22 - 2014-05-21 21:59 - 00000000 ____D () C:\Users\Faydra4\AppData\Local\Packages
2014-09-05 21:15 - 2014-09-05 21:15 - 00144760 _____ (Premium Installer ) C:\Users\Faydra4\Downloads\Player-Chrome (1).exe
2014-09-05 19:50 - 2014-09-02 22:04 - 00000000 ____D () C:\Program Files (x86)\ToggleMark
2014-09-02 22:02 - 2014-09-02 22:02 - 00000000 ____D () C:\Program Files (x86)\reeaLdeaol
2014-09-02 16:06 - 2014-08-18 20:09 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 16:06 - 2014-08-18 20:09 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-01 22:01 - 2013-08-22 10:44 - 00346744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-01 22:00 - 2014-08-30 18:09 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-01 22:00 - 2014-07-11 12:27 - 00000000 ____D () C:\ProgramData\loess2pay
2014-08-30 18:18 - 2014-08-30 18:18 - 00000000 ____D () C:\Program Files (x86)\loess2pay
2014-08-30 18:17 - 2013-08-22 09:25 - 00000226 _____ () C:\Windows\win.ini
2014-08-30 18:10 - 2014-08-30 18:10 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-08-30 14:26 - 2014-08-30 18:17 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64.sys
 
Some content of TEMP:
====================
C:\Users\Faydra4\AppData\Local\Temp\1_Offer_4.exe
C:\Users\Faydra4\AppData\Local\Temp\6_Offer_14.exe
C:\Users\Faydra4\AppData\Local\Temp\amsetup_activeris_default_010414_installer.exe
C:\Users\Faydra4\AppData\Local\Temp\BackupSetup.exe
C:\Users\Faydra4\AppData\Local\Temp\CloudBackup4996.exe
C:\Users\Faydra4\AppData\Local\Temp\compete.exe
C:\Users\Faydra4\AppData\Local\Temp\Compete_setup.exe
C:\Users\Faydra4\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Faydra4\AppData\Local\Temp\coupon server.exe
C:\Users\Faydra4\AppData\Local\Temp\Extract.exe
C:\Users\Faydra4\AppData\Local\Temp\f.exe
C:\Users\Faydra4\AppData\Local\Temp\freesofttoday.exe
C:\Users\Faydra4\AppData\Local\Temp\hometab.exe
C:\Users\Faydra4\AppData\Local\Temp\HPConnectedMusicInstaller_100100126.exe
C:\Users\Faydra4\AppData\Local\Temp\media.exe
C:\Users\Faydra4\AppData\Local\Temp\newvideoplayersetup.exe
C:\Users\Faydra4\AppData\Local\Temp\nse9E27.exe
C:\Users\Faydra4\AppData\Local\Temp\nsm66FA.exe
C:\Users\Faydra4\AppData\Local\Temp\nsq571A.exe
C:\Users\Faydra4\AppData\Local\Temp\nsz7A06.exe
C:\Users\Faydra4\AppData\Local\Temp\optprosetup.exe
C:\Users\Faydra4\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Faydra4\AppData\Local\Temp\SP63599.exe
C:\Users\Faydra4\AppData\Local\Temp\sp64126.exe
C:\Users\Faydra4\AppData\Local\Temp\SP64569.exe
C:\Users\Faydra4\AppData\Local\Temp\tu17p84.exe
C:\Users\Faydra4\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Faydra4\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Faydra4\AppData\Local\Temp\_Buzz-ito34.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-17 21:04
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by Faydra4 at 2014-09-22 12:28:44
Running from C:\Users\Faydra4\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{4E16077A-F534-FAF4-8F33-D0E3FBB141EE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.4.3122 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.3202 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.1.3202 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
FrostWire 5.7.3 (HKLM-x32\...\FrostWire 5) (Version: 5.7.3.1 - FrostWire LLC)
fst_us_86 (HKLM-x32\...\fst_us_86_is1) (Version:  - fst) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{DF2F548F-336A-44BA-AD8F-94B45955AA79}) (Version: 1.3.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.5.12202 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 11.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP Support Assistant (x32 Version: 7.4.45.4 - Hewlett-Packard Company) Hidden
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A54CD4B8-3110-4B25-965A-4085D693B887}) (Version: 2.2.6 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iMesh (HKLM-x32\...\iMesh) (Version: 12.5.0.134600 - iMesh Inc) <==== ATTENTION
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Legend of Egypt: Jewels of the Gods (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.1 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
09-07-2014 19:36:31 Windows Update
26-07-2014 03:08:41 Scheduled Checkpoint
15-08-2014 15:46:34 Windows Update
30-08-2014 01:38:16 Windows Update
13-09-2014 19:58:43 Windows Update
16-09-2014 23:06:56 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2014-06-10 19:45 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {11FDD190-F2F6-4304-A786-FAE05CC71133} - System32\Tasks\pricemeterwatcher => C:\Users\Faydra4\AppData\Local\PriceMeter\pricemeterw.exe <==== ATTENTION
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2B207B78-D04C-4258-9227-0829D0B5AD74} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-27] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2CA8EA07-20CA-4CAB-9003-AD128ABE15F4} - System32\Tasks\HPCeeScheduleForFaydra4 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {3006CC55-4ED4-4C30-B125-69C5A23AAF1C} - System32\Tasks\pricemetertask => C:\Users\Faydra4\AppData\Local\PriceMeter\pricemeter.exe <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37EFF6C9-B3A5-4351-9FB5-8088E765A1B8} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3B9123C4-C79E-44AD-B74E-A5A3C21E74A6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-16] (Microsoft Corporation)
Task: {436A5C41-DA01-4314-B87F-D3E8FF3E0A94} - System32\Tasks\pricemeterdownloader => C:\Users\Faydra4\AppData\Local\PriceMeter\pricemeterd.exe <==== ATTENTION
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B7205FE-6CDE-4AD6-B6FD-80D436719B82} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {552E1A32-D60E-4E8E-9C4C-9D2FB01FFD4C} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {55DB8F7F-7A32-4C2A-BE18-FC626F1F62E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {69031E32-1866-4EB7-AFE8-1EA8291703F0} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6BF0B16F-EFA4-4229-BB42-D991A04BC16A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-27] (Google Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7C89B526-158A-4DA8-8AD0-CB6E7BE79C64} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8933C05B-D7CA-459B-BD42-E52E38BBABD7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A4334A89-7A8E-4A10-9058-CD6F8B879516} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {B417D30B-A2BD-4CB0-95D5-687F7A0878B7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-11] (Synaptics Incorporated)
Task: {B43FB227-AC08-4BE2-A487-80AABDE41AA9} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {B457D0F7-B330-484A-8B63-B70D31F82070} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {BF3DC967-88EA-48D1-8D9C-9A41A5F44193} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D9F85479-E34F-4DBD-AE7D-C65BE716BB76} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E53D48B8-C924-4274-916F-3E6E5A60F561} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EABE7C13-4C4E-4AAD-9679-652D1B5955E5} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFaydra4.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-30 22:47 - 2013-08-30 22:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-06-05 23:14 - 2014-06-02 11:06 - 03267536 _____ () C:\Users\Faydra4\AppData\Local\fst_us_86\upfst_us_86.exe
2014-06-17 14:00 - 2013-06-06 02:55 - 03213312 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avcodec-51.dll
2014-06-17 14:00 - 2013-06-06 02:55 - 00441856 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avformat-51.dll
2014-06-17 14:00 - 2013-06-06 02:55 - 00027648 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\avutil-49.dll
2014-06-17 14:00 - 2013-11-20 18:11 - 00777728 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\ResourcesLoc.dll
2014-06-17 14:00 - 2013-11-20 18:01 - 01550848 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\nickel.ocx
2014-06-17 14:00 - 2013-06-06 02:55 - 00150528 _____ () C:\Program Files (x86)\iMesh Applications\iMesh\ammp3.dll
2014-06-12 08:25 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 08:25 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 08:25 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 08:25 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 08:25 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-10 14:01 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Faydra4\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Faydra4\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/22/2014 00:46:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14860
 
Error: (09/22/2014 00:46:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14860
 
Error: (09/22/2014 00:46:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/19/2014 00:31:22 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (09/19/2014 00:09:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45746500
 
Error: (09/19/2014 00:09:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45746500
 
Error: (09/19/2014 00:09:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/18/2014 08:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24527203
 
Error: (09/18/2014 08:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24527203
 
Error: (09/18/2014 08:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (09/21/2014 08:20:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update ToggleMark service failed to start due to the following error: 
%%2
 
Error: (09/21/2014 08:19:25 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
Error: (09/21/2014 08:19:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:43:50 PM on ‎9/‎19/‎2014 was unexpected.
 
Error: (09/18/2014 11:54:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
 
Error: (09/17/2014 06:34:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update ToggleMark service failed to start due to the following error: 
%%2
 
Error: (09/17/2014 06:33:42 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
Error: (09/17/2014 06:34:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:09:44 PM on ‎9/‎17/‎2014 was unexpected.
 
Error: (09/16/2014 07:19:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Security Center service hung on starting.
 
Error: (09/16/2014 07:13:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update ToggleMark service failed to start due to the following error: 
%%2
 
Error: (09/16/2014 07:13:10 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
 
Microsoft Office Sessions:
=========================
Error: (09/22/2014 00:46:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14860
 
Error: (09/22/2014 00:46:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14860
 
Error: (09/22/2014 00:46:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/19/2014 00:31:22 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (09/19/2014 00:09:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45746500
 
Error: (09/19/2014 00:09:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45746500
 
Error: (09/19/2014 00:09:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/18/2014 08:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24527203
 
Error: (09/18/2014 08:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24527203
 
Error: (09/18/2014 08:33:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-20 13:05:25.551
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-06-20 13:05:25.082
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-06-18 21:22:34.151
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-06-18 21:22:33.514
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-06-18 21:07:23.073
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-06-18 21:07:22.620
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-1200 APU with Radeon™ HD Graphics 
Percentage of memory in use: 78%
Total physical RAM: 1756.13 MB
Available physical RAM: 375.71 MB
Total Pagefile: 3420.13 MB
Available Pagefile: 1696.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:279.27 GB) (Free:232.75 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.05 GB) (Free:1.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 31C11CF6)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 24 September 2014 - 08:34 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Edited by TB-Psychotic, 24 September 2014 - 08:34 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 13 October 2014 - 08:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users