Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015 Ran by DON at 2015-07-16 18:44:16 Running from C:\Users\DON\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3674742494-2999520443-3398800312-500 - Administrator - Disabled) DON (S-1-5-21-3674742494-2999520443-3398800312-1000 - Administrator - Enabled) => C:\Users\DON Guest (S-1-5-21-3674742494-2999520443-3398800312-501 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Dell System Detect (HKU\S-1-5-21-3674742494-2999520443-3398800312-1000\...\73f463568823ebbe) (Version: 6.3.0.6 - Dell) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - ) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 pl)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla) Recover Keys (HKLM-x32\...\Recover Keys_is1) (Version: 8.0.3.113 - Recover Keys) Roxio File Backup (Version: 1.3.0 - Roxio) Hidden Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3674742494-2999520443-3398800312-1000\...\Spotify) (Version: 0.9.10.21.g22fbdb39 - Spotify AB) UTAX TA Product Library (HKLM\...\UTAX TA Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation) VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3674742494-2999520443-3398800312-1000_Classes\CLSID\{57B13C80-C59C-4981-8870-4A209C1B7589}\InprocServer32 -> C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions) CustomCLSID: HKU\S-1-5-21-3674742494-2999520443-3398800312-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll () ==================== Restore Points ========================= 16-01-2015 13:56:55 Windows Update 27-01-2015 20:49:40 Windows Update 28-01-2015 09:05:22 Windows Update 29-01-2015 08:56:19 Windows Update 29-01-2015 21:50:55 Windows Update 07-02-2015 18:27:41 Scheduled Checkpoint 01-03-2015 13:46:50 Scheduled Checkpoint 20-04-2015 19:43:18 Scheduled Checkpoint 28-04-2015 18:00:35 Scheduled Checkpoint 12-07-2015 14:28:05 Removed YTD Toolbar v10.7. 15-07-2015 06:34:44 Windows Update 16-07-2015 15:35:20 Installed WinZip 19.5 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {05B199B3-BD53-4095-BBAA-7C0FE29A7C35} - System32\Tasks\{1D1B2DC0-020E-4882-B85C-554CC1727780} => pcalua.exe -a D:\Setup.exe -d D:\ Task: {0E394ED5-DC81-4822-8E5E-E4D1FD33AF10} - System32\Tasks\{89BD8B34-DEE4-4E68-96C5-2B7B125E885B} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?source=lightinstaller&LastError=1638 Task: {0EDE2075-0AC9-43FC-BF98-C2A965EB142A} - System32\Tasks\ReclaimerUpdateXML_DON => C:\Users\DON\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-12] (RealNetworks, Inc.) Task: {19501AD6-2E95-4624-8FC9-5C248A2CCB6A} - System32\Tasks\AffiliatedUpdate => C:\Users\DON\AppData\Roaming\AFFILI~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {1CA1C98E-1713-4C6F-9356-4643B0CE732B} - System32\Tasks\{66FE8832-068D-4C8E-8237-279DD4A94DEF} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?source=lightinstaller&LastError=1638 Task: {1CAFBC20-2E25-4485-8C4C-185F8D327174} - System32\Tasks\{E7472E04-EDE8-4791-8AD0-309EDCEDAD3E} => Firefox.exe http://ui.skype.com/ui/0/6.18.60.106/pl/go/help.faq.installer?LastError=1638 Task: {291E6592-6714-4C49-83FC-FB6E187F94FC} - System32\Tasks\RNUpgradeHelperLogonPrompt_DON => C:\Users\DON\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-12] (RealNetworks, Inc.) Task: {49F9B34A-E017-4766-A68A-BCBA6A50E130} - System32\Tasks\b8e2dbf6-f651-4529-84b2-6113f5365cc5-4 => C:\Program Files (x86)\MediaPlayerplus\b8e2dbf6-f651-4529-84b2-6113f5365cc5-4.exe [2014-04-03] (Freeven) <==== ATTENTION Task: {4B1F2A32-1BB4-4304-9A8B-1F68B3854772} - System32\Tasks\{A39C8C5E-7BF4-4397-B871-E94C3EADECF9} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?source=lightinstaller&LastError=1638 Task: {518C5091-0F07-4192-B49A-60B02DFFD3DC} - System32\Tasks\b8e2dbf6-f651-4529-84b2-6113f5365cc5-5 => C:\Program Files (x86)\MediaPlayerplus\b8e2dbf6-f651-4529-84b2-6113f5365cc5-5.exe [2014-04-03] (Freeven) <==== ATTENTION Task: {5523FFD8-2948-4DA3-98FD-09F41A1C31DE} - System32\Tasks\{76CDE6CC-0E9E-4A74-B9A3-D2A099BC5E27} => Iexplore.exe http://ui.skype.com/ui/0/6.18.60.106/en/go/help.faq.installer?LastError=1638 Task: {579520F7-4477-45FC-A4F5-75598821476C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {59371D20-5FD2-4C0A-8386-957321DCCB01} - System32\Tasks\ReclaimerUpdateFiles_DON => C:\Users\DON\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-12] (RealNetworks, Inc.) Task: {69D9F105-3B88-40B0-8244-B5531B377952} - System32\Tasks\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-5 => C:\Program Files (x86)\Freeven pro\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-5.exe <==== ATTENTION Task: {74A9F8A2-D9AF-422C-A626-BD36E6AE1483} - System32\Tasks\RNUpgradeHelperResumePrompt_DON => C:\Users\DON\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-12] (RealNetworks, Inc.) Task: {785D0F1A-94F1-4CFE-A0AC-D956B5A76BE4} - System32\Tasks\{DF437F4D-5E67-4D19-A8EA-2A85290B06B7} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?LastError=1638 Task: {7B35D655-7B04-451B-B94B-0351ECAD0854} - System32\Tasks\{4B61DF04-FA32-44DA-8F16-86494583A6F5} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?source=lightinstaller&LastError=1638 Task: {82947D5B-BA22-4C87-8FB6-89D965CFC070} - System32\Tasks\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-4 => C:\Program Files (x86)\Freeven pro\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-4.exe <==== ATTENTION Task: {8435CC90-3A9A-481E-886B-2FB5DA8BB181} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3674742494-2999520443-3398800312-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {9A536D27-2386-4E35-AA13-0E041DCD3611} - System32\Tasks\b8e2dbf6-f651-4529-84b2-6113f5365cc5-3 => C:\Program Files (x86)\MediaPlayerplus\b8e2dbf6-f651-4529-84b2-6113f5365cc5-3.exe [2014-04-03] (Freeven) <==== ATTENTION Task: {9DBDB9E7-43E8-47AF-9A5F-7F2C6C41A37B} - System32\Tasks\SoftPlanet Software Assistant => C:\Program Files (x86)\SoftPlanet Software Assistant\spassist.exe [2013-12-09] (Secure Download Ltd.) Task: {A60DBB5B-DF7F-48CC-9009-CFD87895E41D} - System32\Tasks\{461593F8-1F25-47CC-BC3B-7F3AD060DB0F} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?source=lightinstaller&LastError=1638 Task: {B0B9E6FC-C158-46FD-8D36-A05E280A84B0} - System32\Tasks\{89BAF6CB-EE6F-4D8B-A463-DBC1066A98BF} => Iexplore.exe http://ui.skype.com/ui/0/6.18.60.106/en/go/help.faq.installer?LastError=1638 Task: {B5DF329A-2C7F-4033-99A7-A1E58B5A9635} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3674742494-2999520443-3398800312-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {B98FF139-DD48-4F58-8A6D-DBC07647DBAE} - System32\Tasks\{370AC80F-1FB4-41BB-9B4E-291B11551633} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.5.0.158&LastError=404 Task: {BF0C410F-5894-4F62-98ED-1DD7B19EF95B} - System32\Tasks\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-1 => C:\Program Files (x86)\Freeven pro\Freeven pro-codedownloader.exe <==== ATTENTION Task: {C971E6FA-3FE8-4ADC-8CD9-7F031BB3A083} - System32\Tasks\b8e2dbf6-f651-4529-84b2-6113f5365cc5-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe [2014-04-03] (Freeven) <==== ATTENTION Task: {CECC50A5-CAF2-4B12-A569-E184D2C7CDB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.) Task: {D075A481-8903-4A76-A469-CD7CD6A00745} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe Task: {D95DDAE0-4492-4F51-9CDF-A89F327F8BBF} - System32\Tasks\{64C9DB15-FD58-4BBC-971E-AE50C84FBE7B} => Iexplore.exe http://ui.skype.com/ui/0/6.18.60.106/en/go/help.faq.installer?LastError=1638 Task: {E3EF408A-872F-4B23-B91E-E54261103792} - System32\Tasks\{8C095CBF-FC3F-4A2B-9120-49DC4C5A2339} => Iexplore.exe http://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638 Task: {E5644DD2-93AA-4B97-9C0C-A6E5CC53B8E3} - System32\Tasks\{67032755-BE8C-4466-ABDC-86853B828C5D} => Iexplore.exe http://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?source=lightinstaller&LastError=1638 Task: {EF39399B-A3B4-40FF-AE1A-3E5F1BAFAA14} - System32\Tasks\{590302A3-78FB-466D-9C64-64A7503AC631} => pcalua.exe -a "C:\Program Files (x86)\Uninstall Information\97\3867\uninstall.exe" -c /PUninstall="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\77Zip" /reg=32 /cid=97 Task: {EFCC2284-7485-4CA1-A39F-5FAC2A42F1D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.) Task: {FBFF3DCC-E1DB-4E91-B632-F27498B3C9FB} - System32\Tasks\{F4FE0AA3-6AE0-4EC8-853B-1E6807F2C84F} => Iexplore.exe http://ui.skype.com/ui/0/6.5.0.158/en/abandoninstall?source=lightinstaller&page=tsMain Task: {FE15DC0F-64DC-4022-8A76-A7E8D6D75C54} - System32\Tasks\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-3 => C:\Program Files (x86)\Freeven pro\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-3.exe <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-1.job => C:\Program Files (x86)\Freeven pro\Freeven pro-codedownloader.exeǷ/uMuOzh /sNKZj=task /OvIGnaBN='Freeven pro' /vsBcw=54248 /ngHiv='001360' /qwhUEGjCC='0' /DHBkRFBBQ='0' /FgNeiA=C75207F273AA41FBB201F00076BAE99DIE /QDFYVzaq=82287b0e7be6dcdbad6d18279e527843 /HWHvH=1_34_3_28 /EpSyG=1.34.3.28 /oublx=1396544465 /hTCzxE=http:/stats.clientdataservice.com /hTrLUIn=http:/errors.clientdataservice.com /KfknWrgZ=http:/js.clientdataservice.com /HiGrK=ie /CtKvl /wMcTp='http:/update.clientdataservice.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION Task: C:\Windows\Tasks\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-3.job => C:\Program Files (x86)\Freeven pro\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-3.exe <==== ATTENTION Task: C:\Windows\Tasks\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-4.job => C:\Program Files (x86)\Freeven pro\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-4.exe͟/IvDTEXs /OvIGnaBN='Freeven pro' /ZZEHiqn C:\Program Files (x86)\Freeven pro\54248.xpi' /vsBcw=54248 /ngHiv='001360' /qwhUEGjCC='0' /DHBkRFBBQ='0' /FgNeiA=C75207F273AA41FBB201F00076BAE99DIE /QDFYVzaq=82287b0e7be6dcdbad6d18279e527843 /HWHvH=1_34_3_28 /EpSyG=1.34.3.28 /oublx=1396544465 /hTCzxE=http:/stats.clientdataservice.com /hTrLUIn=http:/errors.clientdataservice.com /cArMgMMj=300 /lFbAt=a0046b9b-fdb9-497f-a4b1-2a108ad6007a@5cdf80b7-0420-4bb7-b3c0-e188e6f4fb8a.com /RvXTb=0.94 /ztJazWqJ=aa0046b9bfdb9497fa4b12a108ad6007a5cdf80b704204bb7b3c0e188e6f4fb8acom54248 /pYRPZiEK=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/54248.rdf /aFQmrsZZo='Freeven pro' /fJzztV='Feven Shopping Companion' /hfPlBG='Freeven' /HiGrK=ie /CtKvl /zkZRtaHsz /SRDGOHri /wMcTp='http:/update.clientdataservice.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION Task: C:\Windows\Tasks\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-5.job => C:\Program Files (x86)\Freeven pro\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-5.exeȜ/CUqnW /OvIGnaBN='Freeven pro' /vsBcw=54248 /ngHiv='001360' /qwhUEGjCC='0' /DHBkRFBBQ='0' /FgNeiA=C75207F273AA41FBB201F00076BAE99DIE /QDFYVzaq=82287b0e7be6dcdbad6d18279e527843 /HWHvH=1_34_3_28 /oublx=1396544465 /hTCzxE=http:/stats.clientdataservice.com /hTrLUIn=http:/errors.clientdataservice.com /tRiQJy=http:/ipgeoapi.com/ /eljTXyB=http:/update.clientdataservice.com /AcNPifRpi=9 /lZLxxOQND=http:/stats.mstatsserv.com /wMcTp='http:/update.clientdataservice.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION Task: C:\Windows\Tasks\AffiliatedUpdate.job => 0x01060100A88C1267BFA33948A258497AA95CB9C04600EA000000000044440000200000000014730F0000000003130400002000010000000000000000000000000000000000003C0043003A005C00550073006500720073005C0044004F004E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C0041004600460049004C0049007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B0000000000040044004F004E0000000000000008000313040000000000010030000000D2070300070000000000000000000100A00500003C0000000000000001000000010000000000000000000000 Task: C:\Windows\Tasks\b8e2dbf6-f651-4529-84b2-6113f5365cc5-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exeȗ/uMuOzh /sNKZj=task /OvIGnaBN='MediaPlayerplus' /vsBcw=54246 /ngHiv='001359' /qwhUEGjCC='verticals-ads,shopping,intext' /DHBkRFBBQ='0' /FgNeiA=051250BA9AFE4940BDCC23100D6CE7C2IE /QDFYVzaq=2bb925c143c728caab2d1a0d698d7d33 /HWHvH=1_34_3_28 /EpSyG=1.34.3.28 /oublx=1396544496 /hTCzxE=http:/stats.clientdataservice.com /hTrLUIn=http:/errors.clientdataservice.com /KfknWrgZ=http:/js.clientdataservice.com /HiGrK=ie /CtKvl /wMcTp='http:/update.clientdataservice.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION Task: C:\Windows\Tasks\b8e2dbf6-f651-4529-84b2-6113f5365cc5-3.job => C:\Program Files (x86)\MediaPlayerplus\b8e2dbf6-f651-4529-84b2-6113f5365cc5-3.exe <==== ATTENTION Task: C:\Windows\Tasks\b8e2dbf6-f651-4529-84b2-6113f5365cc5-4.job => C:\Program Files (x86)\MediaPlayerplus\b8e2dbf6-f651-4529-84b2-6113f5365cc5-4.exe΋/IvDTEXs /OvIGnaBN='MediaPlayerplus' /ZZEHiqn C:\Program Files (x86)\MediaPlayerplus\54246.xpi' /vsBcw=54246 /ngHiv='001359' /qwhUEGjCC='verticals-ads,shopping,intext' /DHBkRFBBQ='0' /FgNeiA=051250BA9AFE4940BDCC23100D6CE7C2IE /QDFYVzaq=2bb925c143c728caab2d1a0d698d7d33 /HWHvH=1_34_3_28 /EpSyG=1.34.3.28 /oublx=1396544496 /hTCzxE=http:/stats.clientdataservice.com /hTrLUIn=http:/errors.clientdataservice.com /cArMgMMj=300 /lFbAt=a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com /RvXTb=0.94 /ztJazWqJ=aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246 /pYRPZiEK=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/54246.rdf /aFQmrsZZo='MediaPlayerplus' /fJzztV='MediaPlayerEnhance Extension' /hfPlBG='Freeven' /HiGrK=ie /CtKvl /zkZRtaHsz /SRDGOHri /wMcTp='http:/update.clientdataservice.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION Task: C:\Windows\Tasks\b8e2dbf6-f651-4529-84b2-6113f5365cc5-5.job => C:\Program Files (x86)\MediaPlayerplus\b8e2dbf6-f651-4529-84b2-6113f5365cc5-5.exeȼ/CUqnW /OvIGnaBN='MediaPlayerplus' /vsBcw=54246 /ngHiv='001359' /qwhUEGjCC='verticals-ads,shopping,intext' /DHBkRFBBQ='0' /FgNeiA=051250BA9AFE4940BDCC23100D6CE7C2IE /QDFYVzaq=2bb925c143c728caab2d1a0d698d7d33 /HWHvH=1_34_3_28 /oublx=1396544496 /hTCzxE=http:/stats.clientdataservice.com /hTrLUIn=http:/errors.clientdataservice.com /tRiQJy=http:/ipgeoapi.com/ /eljTXyB=http:/update.clientdataservice.com /AcNPifRpi=9 /lZLxxOQND=http:/stats.mstatsserv.com /wMcTp='http:/update.clientdataservice.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3674742494-2999520443-3398800312-1000\...\dell.com -> dell.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3674742494-2999520443-3398800312-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DON\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.43.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{712C63EB-2556-42FF-9766-6678F80AF69B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{3640FC82-E895-4638-9932-945B3B05E821}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{53DB8EB5-12E9-473F-868D-F52E8EAFAF2D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F6518962-68FB-4F1F-B081-DA5588800820}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{2CB3EE76-21B4-4051-89D3-9194C0D34D68}C:\users\don\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\don\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{B92C1405-5EA4-48C4-A24F-1602524A85C7}C:\users\don\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\don\appdata\roaming\spotify\spotify.exe FirewallRules: [{B65C3C6A-08F4-4C3A-AA20-9AFD2C162A69}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{65587D81-1EF6-4D2C-B842-961117AD2170}C:\users\don\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\don\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{F0483732-8939-499C-8F45-49BF3F49516A}C:\users\don\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\don\appdata\roaming\spotify\spotify.exe FirewallRules: [{4DC2AC09-9ACF-42E6-B2DB-EA809694B7AE}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe FirewallRules: [{8BA30F86-33AB-471B-A54E-064FA64DD6C5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{1782A94E-DC38-42C0-A7A9-74E192AE6461}C:\program files (x86)\ezcast\ezcast.exe] => (Allow) C:\program files (x86)\ezcast\ezcast.exe FirewallRules: [UDP Query User{AA7726DF-9AA9-44D5-8683-781D4B694CCB}C:\program files (x86)\ezcast\ezcast.exe] => (Allow) C:\program files (x86)\ezcast\ezcast.exe FirewallRules: [{1EF86637-DC06-43AF-9786-6641CF675B40}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A81C9022-E02E-4834-B10E-0311283D2E15}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F7E2E873-5E33-4E8E-852F-56603C884072}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/16/2015 01:32:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1859844 Error: (07/16/2015 01:32:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1859844 Error: (07/16/2015 01:32:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/16/2015 01:01:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6115 Error: (07/16/2015 01:01:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6115 Error: (07/16/2015 01:01:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/16/2015 12:48:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/16/2015 10:27:33 AM) (Source: MsiInstaller) (EventID: 1024) (User: DELL) Description: Product: Adobe Reader XI (11.0.12) - Update 'Adobe Reader XI (11.0.12)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (07/16/2015 10:27:29 AM) (Source: MsiInstaller) (EventID: 11328) (User: DELL) Description: Product: Adobe Reader XI (11.0.12) -- Error 1328.Error applying patch to file C:\Config.Msi\PT3F08.tmp. It has probably been updated by other means, and can no longer be modified by this patch. For more information contact your patch vendor. System Error: -1072807676 Error: (07/16/2015 10:15:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. System errors: ============= Error: (07/16/2015 01:42:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.201.1747.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (07/16/2015 01:01:47 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: ) Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. Error: (07/16/2015 12:57:15 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.201.1747.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (07/16/2015 12:46:29 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE Error: (07/16/2015 10:27:05 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.201.1747.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (07/16/2015 10:12:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Modules Installer service terminated with the following error: %%16405 Error: (07/16/2015 10:09:26 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE Error: (07/16/2015 10:05:29 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE Error: (07/16/2015 10:03:33 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service. Error: (07/16/2015 10:03:01 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Windows Update service did not shut down properly after receiving a preshutdown control. Microsoft Office: ========================= Error: (08/18/2014 06:13:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19549 seconds with 4500 seconds of active time. This session ended with a crash. Error: (08/14/2014 09:36:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 350 seconds with 300 seconds of active time. This session ended with a crash. Error: (04/08/2014 01:26:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6763 seconds with 2580 seconds of active time. This session ended with a crash. Error: (03/20/2014 04:05:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/20/2014 04:05:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/13/2014 01:13:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 46 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/13/2014 01:12:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2015-04-18 20:10:23.784 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:19.946 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.156 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.141 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.141 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.125 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.109 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.094 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.078 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.063 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz Percentage of memory in use: 46% Total physical RAM: 4086.04 MB Available physical RAM: 2203.52 MB Total Virtual: 8170.29 MB Available Virtual: 5920.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:166.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 082019FC) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== End of log ============================