Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015 Ran by KYoung at 2015-07-11 08:43:50 Running from C:\Users\KYoung\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2624593926-3331388892-475130418-500 - Administrator - Disabled) ASPNET (S-1-5-21-2624593926-3331388892-475130418-1004 - Limited - Enabled) Guest (S-1-5-21-2624593926-3331388892-475130418-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2624593926-3331388892-475130418-1002 - Limited - Enabled) KYoung (S-1-5-21-2624593926-3331388892-475130418-1001 - Administrator - Enabled) => C:\Users\KYoung ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Maximum Security (Disabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0} AS: Trend Micro Maximum Security (Disabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 767 Captain (767-300 Base Pack) (HKLM-x32\...\767CAPTAIN) (Version: 1.5.00 - © 1999-2011 Captain Sim) 777 Captain (777-200) 1.3 (HKLM-x32\...\x772) (Version: 1.3.00 - © 1999-2013 Captain Sim) 777 Captain (777-200) 1.50 (HKLM-x32\...\x772_fsx) (Version: 1.5.00 - © 1999-2014 Captain Sim) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_e7e6bb3ae60aaa1c5b11aa97d8f15b0) (Version: 1.0 - Adobe Systems Incorporated) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.11 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated) Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_7e74552a59eaf9fafd13f90894ac9bd) (Version: 4.0 - Adobe Systems Incorporated) Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated) Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated) Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden Advanced Searchbar (HKLM-x32\...\Advanced Searchbar) (Version: 3.36 - Advanced Search Technologies, Inc.) AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden A-PDF Restrictions Remover (HKLM-x32\...\A-PDF Restrictions Remover_is1) (Version: - A-PDF Solution) Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Applian Director (HKLM-x32\...\Applian Director2.2) (Version: 2.2 - Applian Technologies Inc.) Applian Director (HKLM-x32\...\Applian Director3.0) (Version: 3.0 - Applian Technologies Inc.) Aventail Access Manager (HKU\S-1-5-21-2624593926-3331388892-475130418-1001\...\{72552C46-944B-4E16-BBC8-0D85F31C1800}) (Version: 10.54.42 - SonicWALL Inc) Aventail Access Manager (x32 Version: 10.54.42 - SonicWALL Inc) Hidden Aventail OPSWAT End Point Control (x32 Version: 10.54.41 - SonicWALL Inc) Hidden Aventail Web Proxy Agent (HKLM-x32\...\{9B0B46B3-10DF-4ADA-9501-0129D784563D}) (Version: 10.54.41 - SonicWALL Inc) Aventail Webifiers (HKLM-x32\...\{54D44AD1-A083-48B9-BD6F-AFD517B7C775}) (Version: 10.54.41 - SonicWALL Inc) Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery) AVS Audio Converter 7.3 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.3.1.535 - Online Media Technologies Ltd.) AVS Audio Editor 7.3 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.) AVS Audio Recorder version 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version: - Online Media Technologies Ltd.) AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version: - Online Media Technologies Ltd.) AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.2.532 - Online Media Technologies Ltd.) AVS Document Converter 2.3.2 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.3.2.233 - Online Media Technologies Ltd.) AVS DVD Copy version 4.1.2 (HKLM-x32\...\AVS DVD Copy_is1) (Version: - Online Media Technologies Ltd.) AVS Image Converter 2.3.3.249 (HKLM-x32\...\AVS Image Converter_is1) (Version: 2.3.3.249 - Online Media Technologies Ltd.) AVS Media Player 4.2.3.106 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.3.106 - Online Media Technologies Ltd.) AVS Photo Editor 2.3.1.144 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.1.144 - Online Media Technologies Ltd.) AVS Registry Cleaner 2.3.4.261 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 2.3.4.261 - Online Media Technologies Ltd.) AVS Registry Cleaner version 2.2 (HKLM-x32\...\AVSRegistryCleaner_is1) (Version: - Online Media Technologies Ltd.) AVS Ringtone Maker version 1.6 (HKLM-x32\...\AVS Ringtone Maker 1.6_is1) (Version: - Online Media Technologies Ltd.) AVS Screen Capture version 2.0.2 (HKLM-x32\...\AVS Screen Capture_is1) (Version: - Online Media Technologies Ltd.) AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS Video Converter 9.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.1.1.568 - Online Media Technologies Ltd.) AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.) AVS Video Recorder 2.5 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.5.6.87 - Online Media Technologies Ltd.) AVS Video ReMaker 4.3.2.166 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.2.166 - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.) Basketball Statwiz Upgrade 4.15 (HKLM-x32\...\Basketball Statwiz Upgrade 4.15) (Version: - ) BERNINA Embroidery Software 5.0W (HKLM-x32\...\{1919D96B-79F5-465E-8D81-1C22C9A7CD57}) (Version: 5.0.0085 - BERNINA) BERNINA Universal Communication Server (HKLM-x32\...\{CF27C964-3902-4CA3-9C71-B0EAEB302AB5}) (Version: 1.1.2 - BERNINA) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Canon MF Toolbox 4.9.1.1.mf12 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf12 - CANON INC.) Color Network ScanGear Ver.2.71 (HKLM-x32\...\{4E5CA273-5771-450A-AFDD-C58DAD9205DC}) (Version: 2.71.0000 - CANON INC.) Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.1 - Corel Corporation) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated) Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation) Dell Dock (Version: 2.0 - Stardock Corporation) Hidden Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Digital Aviation Reference Library (HKLM-x32\...\{9930D15E-94E7-4F3E-9203-15BCC66799F3}) (Version: 4.5 - ) Digital Copy (HKLM-x32\...\Digital Copy) (Version: - ) Diskeeper 2010 (HKLM\...\{512CBDBD-E880-4D78-8A4F-D06624EDE2CE}) (Version: 14.0.915.64 - Diskeeper Corporation) DVDFab Passkey 8.2.4.1 (12/06/2015) (HKLM-x32\...\DVDFab Passkey 8_is1) (Version: - Fengtao Software Inc.) Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden Embroidery Software (x32 Version: 5.0.0035 - BERNINA) Hidden EN (x32 Version: 13.1 - Corel Corporation) Hidden Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - ) Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - ) FLV and Media Player (3.2.0.3) (HKLM-x32\...\FLV and Media Player) (Version: 3.2.0.3 - Applian Technologies) FontNav (x32 Version: 5.0 - Corel Corporation) Hidden Freecorder 5 (HKLM-x32\...\Freecorder5.1) (Version: 5.1 - Applian Technologies Inc.) Freecorder 5 (HKLM-x32\...\Freecorder5.11) (Version: 5.11 - Applian Technologies Inc.) Freecorder Toolbar (HKLM-x32\...\Freecorder Toolbar) (Version: 6.8.5.1 - Freecorder) <==== ATTENTION Freecorder Toolbar (HKLM-x32\...\freecordertoolbar) (Version: 5.0.0.0 - ) <==== ATTENTION Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden HanaConnect (HKLM-x32\...\{CC1040C7-6626-44A9-8450-689EB32E9106}) (Version: 1.0.0 - HanaMobile) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation) iSpring Presenter 5 (HKLM\...\{2B2DB9C6-7D97-489E-815B-EA910CD2786F}) (Version: 5.7.0 - iSpring Solutions Inc.) iSpring Presenter 5 (HKLM-x32\...\{D212E07E-E2DF-45B0-BB88-984F69BA0841}) (Version: 5.7.0 - iSpring Solutions Inc.) iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios) Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MP3 Magic 2.02 (HKLM-x32\...\MP3_Magic_2.0) (Version: - ) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower) Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation) NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation) NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) ParetoLogic PC Health Advisor (HKLM-x32\...\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}) (Version: 3.1.7.0 - ParetoLogic, Inc.) PC Tools Registry Mechanic 11.1 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.1 - PC Tools) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Plantronics CSR Driver (64-bit) (Version: 3.1.50883.11482 - Plantronics, Inc.) Hidden Plantronics CsrDfu Installer (x32 Version: 3.1.50883.11482 - Plantronics, Inc.) Hidden Plantronics HidDfu Installer (x32 Version: 3.1.50883.11482 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater (HKLM-x32\...\{782cbc1e-3ae8-4a3f-9b3a-fa2206396621}) (Version: 3.1.50883.11482 - Plantronics, Inc.) Plantronics MyHeadset Updater (x32 Version: 3.1.50883.11482 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater Device Handlers (32-bit) (x32 Version: 3.1.50883.11482 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater DFU Handlers (32-bit) (x32 Version: 3.1.50883.11482 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater Install Check (x32 Version: 3.1.50883.11482 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater MLS (Version: 3.0.0.0 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater Runtime (x32 Version: 3.1.50883.11482 - Plantronics, Inc.) Hidden Plantronics MyHeadset Updater Startup (x32 Version: 3.1.50883.11482 - Plantronics, Inc.) Hidden QuickBooks (x32 Version: 25.0.4005.2506 - Intuit Inc.) Hidden QuickBooks Premier: Accountant Edition 2015 (HKLM-x32\...\{D58E14D8-963A-4CCD-852E-065655D45004}) (Version: 25.0.4005.2506 - Intuit Inc.) QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.) Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.8.1 - Intuit) QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.) RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5953 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Replay Converter 4 (HKLM-x32\...\Replay Converter 4) (Version: 4.40 - Applian Technologies Inc.) Replay Media Catcher 5 (5.0.1.54) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.54 - Applian Technologies) Replay Media Splitter 2.2.1409.56 (HKLM-x32\...\Replay_Media_Splitter_1.2) (Version: 2.2.1409.56 - Applian Technologies Inc.) Replay Music 5 (HKLM-x32\...\ReplayMusic5.60) (Version: 5.60 - Applian Technologies Inc.) Replay Music 6 (HKLM-x32\...\ReplayMusic6.00) (Version: 6.00 - Applian Technologies Inc.) Replay Music 6 (HKLM-x32\...\ReplayMusic6.10) (Version: 6.10 - Applian Technologies Inc.) Replay Radio 9 (9.0.1.46) (HKLM-x32\...\Replay Radio 9) (Version: 9.0.1.46 - Applian Technologies) Replay Telecorder for Skype 1.3.0.23 (HKLM-x32\...\Replay Telecorder for Skype_is1) (Version: 1.3.0.23 - Applian Technologies Inc.) Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.2) (Version: 7.2 - Applian Technologies Inc.) Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.4) (Version: 7.4 - Applian Technologies Inc.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft) SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.) Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Trend Micro DirectPass (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.9.1176 - Trend Micro Inc.) Trend Micro DirectPass (Version: 1.3.0.5013 - Trend Micro Inc.) Hidden Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 8.0 - Trend Micro Inc.) Trend Micro Titanium (Version: 8.0 - Trend Micro Inc.) Hidden TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc) Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden VBA (x32 Version: 6.2 - Corel Corporation) Hidden VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.) VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.) VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden Video Padlock (HKLM-x32\...\Video Padlock1.20) (Version: 1.20 - Applian Technologies Inc.) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) Zinio Alert Messenger (HKLM-x32\...\ZinioAlertMessenger.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2570 - Zinio LLC) Zinio Alert Messenger (x32 Version: 4.0.2570 - Zinio LLC) Hidden Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.2.3972 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.3972 - Zinio LLC) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2624593926-3331388892-475130418-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> No File path ==================== Restore Points ========================= 27-06-2015 10:52:36 ComboFix created restore point 27-06-2015 11:44:23 avast! antivirus system restore point 27-06-2015 11:53:18 Revo Uninstaller's restore point - iSEEK AnswerWorks English Runtime 27-06-2015 11:53:43 Removed iSEEK AnswerWorks English Runtime 27-06-2015 11:58:59 Device Driver Package Install: Avast Network Service 27-06-2015 23:16:31 Revo Uninstaller's restore point - Avast Premier 27-06-2015 23:32:48 Revo Uninstaller's restore point - Avast Premier 27-06-2015 23:33:44 avast! antivirus system restore point ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2015-06-27 11:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1471CF59-8A09-4478-A46F-34D54EF40BAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-01] (Adobe Systems Incorporated) Task: {16CE81E2-F42B-4B0A-9D1E-0EB1E6487F37} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2624593926-3331388892-475130418-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {36C9BBD1-5436-49F8-AB45-C05CA0532576} - System32\Tasks\{02B9FA5B-CE2A-4D0D-9C36-1B1D074FB3F3} => pcalua.exe -a "D:\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\7e74552a59eaf9fafd13f90894ac9bd" -c -silent Task: {557F271B-5FB9-4939-BB21-9DBAA0A2985C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2624593926-3331388892-475130418-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {5C64C9C8-7C07-4481-AF0F-9C0E43498C8C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {6B1744D8-8151-49BA-AC60-4492DFFB50C3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {782B8801-B3C4-434E-A01F-B893ECA1F748} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {8177E847-9204-433D-BCF4-77CF8A5E4509} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {81F3D4BD-6307-4898-AEB3-8650FD4B5AD3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {8A93AC80-F940-4825-9A51-FA21C799FB0C} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-22] (Microsoft Corporation) Task: {90582F24-BEB2-441E-93FB-B9B87502D52F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] () Task: {984A4151-6FAC-4AAE-9A4E-1008276AFA16} - System32\Tasks\{1892543C-5C25-404E-83E5-DC8E7A0CCD45} => pcalua.exe -a D:\setup.exe -d D:\ Task: {BA4031DD-A06A-498A-8B05-AE0D40898BF0} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2624593926-3331388892-475130418-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {BBB2BC7A-B293-4527-BCC6-6C593AEB4693} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {CD6C1CC9-1E3C-42FF-83E5-3E236A8B15E3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {E0C6FABE-3F3B-498B-8AAD-A2AFC30E0BFF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {E4570609-1536-49D5-84DB-CE1E454A7F58} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2624593926-3331388892-475130418-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {EBCB8459-1592-435F-BC72-1867D663EBD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {F720E088-E358-49B5-89CE-6561FCA39792} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe [2015-05-04] (Trend Micro Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Windows\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe Task: C:\Windows\Tasks\PC Health Advisor Defrag.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe Task: C:\Windows\Tasks\PC Health Advisor.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe Task: C:\Windows\Tasks\Trend Micro Inspect of Platinum.job => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe ==================== Loaded Modules (Whitelisted) ============== 2013-05-04 12:36 - 2015-02-03 22:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-06-28 00:07 - 2014-07-09 12:03 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll 2015-06-28 00:07 - 2014-07-09 12:02 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll 2015-06-28 00:07 - 2014-07-09 12:03 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll 2015-06-28 00:07 - 2014-07-09 12:03 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll 2015-06-28 00:07 - 2014-07-09 12:02 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll 2015-06-28 00:17 - 2015-05-04 02:23 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll 2015-06-28 00:17 - 2015-05-04 02:23 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll 2015-06-28 00:17 - 2015-05-04 02:23 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll 2015-06-28 00:17 - 2015-05-04 02:23 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll 2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2011-11-23 13:42 - 2011-05-28 23:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2015-06-28 00:05 - 2014-07-20 15:05 - 00065560 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2011-11-22 19:00 - 2009-10-02 15:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-05-29 18:40 - 2015-05-05 03:19 - 00039424 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc110-mt-1_49.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData:iSpring Presenter 5 AlternateDataStreams: C:\ProgramData:iSpring Pro 6 AlternateDataStreams: C:\Users\All Users:iSpring Presenter 5 AlternateDataStreams: C:\Users\All Users:iSpring Pro 6 AlternateDataStreams: C:\ProgramData\Application Data:iSpring Presenter 5 AlternateDataStreams: C:\ProgramData\Application Data:iSpring Pro 6 AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 AlternateDataStreams: C:\Users\KYoung\Application Data:iSpring Presenter 5 AlternateDataStreams: C:\Users\KYoung\Application Data:iSpring Pro 6 AlternateDataStreams: C:\Users\KYoung\AppData\Roaming:iSpring Presenter 5 AlternateDataStreams: C:\Users\KYoung\AppData\Roaming:iSpring Pro 6 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2624593926-3331388892-475130418-1001\...\intuit.com -> hxxps://ttlc.intuit.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2624593926-3331388892-475130418-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\KYoung\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: DockLoginService => 2 MSCONFIG\Services: IDriverT => 3 MSCONFIG\Services: iphlpsvc => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: PCToolsSSDMonitorSvc => 2 MSCONFIG\Services: rpcapd => 3 MSCONFIG\Services: Skype C2C Service => 2 MSCONFIG\Services: UniversalCommunicationServer => 2 MSCONFIG\startupfolder: C:^Users^KYoung^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup MSCONFIG\startupfolder: C:^Users^KYoung^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupfolder: C:^Users^KYoung^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Zinio Alert Messenger.lnk => C:\Windows\pss\Zinio Alert Messenger.lnk.Startup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeBridge => "C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: Adobe_ID0ENQBO => C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE MSCONFIG\startupreg: Adobe_ID0EYTHM => C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DVDFab Passkey => "C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe" MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: ISUSPM Startup => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: Nvtmru => MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: replay_telecorder_skype => C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe /start_context sys_auto MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: ShwiconXP9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6697DDBA-6123-487D-838A-16FAA3FCA0EF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{75957DB6-F70C-4CC5-9273-B120D6DCD035}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{EC306251-0F97-487A-84D2-289B91CB0EBA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{1422A6F9-06E9-4468-97CF-9513522DF9F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{20637FA7-9A92-4028-A630-A613DD2EA3C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{579BA0F5-9400-490B-95A2-2E030BB96566}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{AEA6941E-D8B7-4D57-9B29-4A5794AB083A}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jrmcp.exe FirewallRules: [{D208A4D4-083F-454B-896C-16F2EB32D87D}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jrmcp.exe FirewallRules: [{04DC8AE3-5CAD-4DDF-93D6-CF8A26CBF531}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jbp.exe FirewallRules: [{9335D80E-F661-4842-AE92-941F9319B5A6}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jbp.exe FirewallRules: [{A98CC9D5-ED4D-43AC-AE76-AD2F12F01D26}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jwmpp.exe FirewallRules: [{404A4EAE-AE3C-4F7C-A161-0E58A0E17401}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\jwmpp.exe FirewallRules: [{3840B2B0-2C34-4635-8DFE-06E27BCA60B1}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\ffmpeg.exe FirewallRules: [{B4615131-EE8E-4192-9215-654694190FCE}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\ffmpeg.exe FirewallRules: [{33F03351-97E6-4643-82E4-C5E6D49A6935}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\aria2c.exe FirewallRules: [{2BBA1A55-190E-42C9-9770-A6D3A7B64676}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\aria2c.exe FirewallRules: [{6AEB2D87-5A63-42DD-AC66-ABF0D2C90F0F}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\qtCopy.exe FirewallRules: [{B650C1F2-9E7C-4C4A-BFD0-32DD4AA0AB51}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\qtCopy.exe FirewallRules: [{5037CAF1-2D1E-4E40-8C92-4B9750E3F3C2}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Radio 9\jrrp.exe FirewallRules: [{8FFE1297-9394-4495-87FE-3B15CF0FB630}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Radio 9\jrrp.exe FirewallRules: [{EB77D26E-E24A-475A-81AC-6663DF40BA8C}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Radio 9\jbp.exe FirewallRules: [{9571CA5A-CC4F-4E03-92C4-4FA81A477647}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Radio 9\jbp.exe FirewallRules: [{73AAA5A0-64CE-42C5-98CE-3B0675AFC55F}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Radio 9\jwmpp.exe FirewallRules: [{9C482438-88FA-4A14-AE06-638F4CB99B19}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Radio 9\jwmpp.exe FirewallRules: [TCP Query User{6E9684D5-D4E1-475C-8E5D-8EED3E07320C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{A726988B-3840-45AF-8428-4319EBF8865E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{672B15F3-57F8-4022-86F5-58D48E718EDB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{E4ACF1D4-41AB-4A9E-B264-B64F4188A4D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9B3A3EF9-2094-4DD9-9E1C-E3539D320351}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe ==================== Faulty Device Manager Devices ============= Name: Ancillary Function Driver for Winsock Description: Ancillary Function Driver for Winsock Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AFD Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: HTTP Description: HTTP Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: HTTP Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/11/2015 08:44:01 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code). Error: (07/11/2015 08:43:56 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code). Error: (07/11/2015 08:43:51 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code). Error: (07/11/2015 08:43:46 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code). Error: (07/11/2015 08:43:41 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code). Error: (07/11/2015 08:43:36 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code). Error: (07/11/2015 08:43:31 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code). Error: (07/11/2015 08:43:25 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code). Error: (07/11/2015 08:43:20 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code). Error: (07/11/2015 08:43:15 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Windows Mobile-based device failed to connect due to Fatal (0x80004005) failure (see data for failure code). System errors: ============= Error: (07/11/2015 08:42:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1068 Error: (07/11/2015 08:42:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: %%577 Error: (07/11/2015 08:42:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Ancillary Function Driver for Winsock service failed to start due to the following error: %%577 Error: (07/11/2015 08:42:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1068 Error: (07/11/2015 08:42:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: %%577 Error: (07/11/2015 08:42:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Ancillary Function Driver for Winsock service failed to start due to the following error: %%577 Error: (07/11/2015 08:42:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1068 Error: (07/11/2015 08:42:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: %%577 Error: (07/11/2015 08:42:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Ancillary Function Driver for Winsock service failed to start due to the following error: %%577 Error: (07/11/2015 08:42:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1068 Microsoft Office: ========================= Error: (07/11/2015 08:44:01 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Fatal (0x80004005) Error: (07/11/2015 08:43:56 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Fatal (0x80004005) Error: (07/11/2015 08:43:51 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Fatal (0x80004005) Error: (07/11/2015 08:43:46 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Fatal (0x80004005) Error: (07/11/2015 08:43:41 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Fatal (0x80004005) Error: (07/11/2015 08:43:36 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Fatal (0x80004005) Error: (07/11/2015 08:43:31 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Fatal (0x80004005) Error: (07/11/2015 08:43:25 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Fatal (0x80004005) Error: (07/11/2015 08:43:20 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Fatal (0x80004005) Error: (07/11/2015 08:43:15 AM) (Source: WcesComm) (EventID: 7) (User: ) Description: Fatal (0x80004005) CodeIntegrity Errors: =================================== Date: 2015-07-11 08:43:48.519 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AFD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-11 08:43:48.489 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AFD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-11 08:43:48.469 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AFD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-11 08:43:48.439 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AFD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-11 08:43:48.299 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AFD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-11 08:43:48.269 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AFD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-11 08:43:48.239 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AFD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-11 08:43:48.219 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AFD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-11 08:43:12.319 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AFD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-11 08:43:12.289 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AFD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz Percentage of memory in use: 32% Total physical RAM: 8151.08 MB Available physical RAM: 5471.22 MB Total Pagefile: 16300.36 MB Available Pagefile: 13557.7 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:920.86 GB) (Free:321.22 GB) NTFS Drive l: () (Removable) (Total:0.49 GB) (Free:0.27 GB) FAT Drive n: (Seagate Expansion Drive) (Fixed) (Total:2794.51 GB) (Free:1716.68 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 0E259418) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=10.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=920.9 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 5. ======================================================== Disk: 10 (Size: 500 MB) (Disk ID: 12BA1E44) Partition 1: (Active) - (Size=499 MB) - (Type=06) ==================== End of log ============================