Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01 Ran by Adams (2015-09-12 10:32:30) Running from C:\Users\Adams\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2010-04-25 21:39:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Adams (S-1-5-21-1025616775-32965946-2427245248-1001 - Administrator - Enabled) => C:\Users\Adams Administrator (S-1-5-21-1025616775-32965946-2427245248-500 - Administrator - Disabled) Guest (S-1-5-21-1025616775-32965946-2427245248-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1025616775-32965946-2427245248-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated) AnyPC Client (HKLM-x32\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.25 - Doctorsoft) Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros) BatteryLifeExtender (HKLM-x32\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung) Change Case (HKLM-x32\...\Change_Case) (Version: - ) ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix) cmd (HKLM\...\{c47364d8-3a89-4a96-83ca-ff8b61cec670}.sdb) (Version: - ) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3226 - CyberLink Corp.) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2511 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3604b - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3227 - CyberLink Corp.) CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3228e - CyberLink Corp.) CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2429 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304 - CyberLink Corp.) Duplicate Remover for Excel 1.7 (HKLM-x32\...\Duplicate Remover for Excel_is1) (Version: 1.7 - Add-in Express Ltd.) Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM-x32\...\{34B76DCB-BF7C-440F-B058-C84172C1E338}) (Version: 4.2.8 - Samsung) Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (HKLM-x32\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung) Free PS Convert driver 8.15 (HKLM-x32\...\Free PS Convert driver_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1003 - Intel Corporation) Ipswitch WS_FTP 12 (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.3 - Ipswitch) Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia) Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.) Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell) Merge Cells Wizard for Excel 2.2 (HKLM-x32\...\Merge Cells Wizard for Excel_is1) (Version: 2.2 - Add-in Express Ltd.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft IntelliPoint 7.0 (HKLM\...\{C74A84EC-7C5F-4C36-A4A6-381E516D643B}) (Version: 7.0.260.0 - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Software (HKLM-x32\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.) Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung) Samsung R-Series (HKLM-x32\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung) Samsung Support Center (HKLM-x32\...\{0A353130-D22C-41DD-8C67-1B02A05F2CE0}) (Version: 1.1.0 - Samsung) Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated) Trim Spaces for Microsoft Excel 1.1 (HKLM-x32\...\Trim Spaces for Microsoft Excel_is1) (Version: 1.1 - Add-in Express Ltd.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - ) Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Word to PDF Converter 3.00 (HKLM-x32\...\Word to PDF Converter_is1) (Version: - PDF-Convert, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 31-08-2015 09:47:18 Windows 7 Service Pack 1 01-09-2015 12:08:52 Windows Update 09-09-2015 09:30:23 Windows Update 11-09-2015 13:21:27 Windows Update 11-09-2015 15:30:31 JRT Pre-Junkware Removal ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2015-08-31 15:53 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {29EB21DB-3F7C-4AA7-818F-516FB300CBB6} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2009-05-26] (Microsoft Corporation) Task: {4F5DC897-BD95-4BC2-B238-5CB679979FEE} - System32\Tasks\{6C7D338A-2E1E-4972-A35D-4978246CF85D} => C:\Users\Adams\Desktop\avg_remover_stf_x64_2015_5501.exe [2015-09-11] (AVG Technologies CZ, s.r.o.) Task: {56658561-F04C-4303-BFA4-06049E44779C} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe Task: {56828BAB-2C2F-476F-BE58-0CE627AB7F81} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-18] (SEC) Task: {68F89948-D12A-40B8-B47F-A368D3ABBE99} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.) Task: {6B445E90-629C-4119-B274-D231A97410B1} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-12-14] (SAMSUNG Electronics) Task: {8118FAA4-9259-4804-85DE-690C643BBCE6} - System32\Tasks\APSchedulerC => C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe [2009-11-20] (DoctorSoft) Task: {882D04AF-C293-432A-A82C-08C804DF41D9} - System32\Tasks\{3210778E-5496-4C77-A527-F3271C956218} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Task: {9D5EE1DC-9316-45A3-B827-3BCBD0D7FF7B} - System32\Tasks\{682D6941-A475-423A-93C2-5474B3F39685} => C:\Users\Adams\Desktop\avg_remover_stf_x64_2015_5501.exe [2015-09-11] (AVG Technologies CZ, s.r.o.) Task: {BBCE28BD-9400-4571-8CEA-778FC5F89160} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {D59C3ED1-688E-4E7A-9AD0-63F099B6325B} - System32\Tasks\{8EB10212-CDB5-4C54-B0D9-CFF150C2548B} => C:\Users\Adams\Desktop\avg_remover_stf_x64_2015_5501.exe [2015-09-11] (AVG Technologies CZ, s.r.o.) Task: {D9AD9109-3147-4F59-B0C8-DB4BAC3BCD5D} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.) Task: {E0521E90-44FD-469D-8788-623FF4B52D99} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-18] (Samsung Electronics. Co. Ltd.) Task: {F1131011-D4EE-4B3D-B0C7-75E410B81970} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2010-04-26 11:30 - 2005-03-12 09:07 - 00087040 _____ () C:\WINDOWS\System32\pdfmonnt.dll 2011-07-01 11:00 - 2010-10-28 18:55 - 06550136 _____ () C:\Program Files\ipswitch\WS_FTP 12\res0409.dll 2010-02-02 23:11 - 2009-07-07 14:23 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2010-02-02 23:15 - 2006-08-11 23:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll 2009-12-04 03:59 - 2009-12-04 03:59 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-12-04 04:04 - 2009-12-04 04:04 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2011-07-01 11:00 - 2010-10-28 18:52 - 00948496 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\LIBEAY32.dll 2011-07-01 11:00 - 2010-10-28 18:52 - 00153360 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\SSLEAY32.dll 2011-07-01 11:00 - 2010-10-28 18:55 - 06551672 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\res0409.dll 2015-09-09 09:42 - 2015-08-27 20:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll 2015-09-09 09:42 - 2015-08-27 20:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\xxx.com -> www.xxx.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1025616775-32965946-2427245248-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Adams\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{26137D47-0CB0-49D3-9CDB-433443AAB396}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE FirewallRules: [{6FCD7834-50E4-42CA-B4B1-90A55BA864DE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE FirewallRules: [{6DC57B63-5F82-4C4B-B21F-B4ED8AE30B8F}] => (Allow) svchost.exe FirewallRules: [{418DB10E-6F9A-45EE-9EEE-25DA1D065349}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{9C755D83-ECBD-4C97-BAE6-1AF8B2AC4F18}] => (Allow) C:\Program Files (x86)\AVG\AVG9\avgemc.exe FirewallRules: [{B1084A64-360F-4130-BFE7-0A86997D1B85}] => (Allow) C:\Program Files (x86)\AVG\AVG9\avgupd.exe FirewallRules: [{9E3BA463-E4AE-404A-956C-B3C7E4402131}] => (Allow) C:\Program Files (x86)\AVG\AVG9\avgnsa.exe FirewallRules: [TCP Query User{8239AE58-5A7A-4CE7-B5D5-E7CFC5F180F0}C:\users\adams\appdata\local\temp\g2_626\g2viewer.exe] => (Allow) C:\users\adams\appdata\local\temp\g2_626\g2viewer.exe FirewallRules: [UDP Query User{F460941F-59B9-4E74-850D-7EEDCC4BDA00}C:\users\adams\appdata\local\temp\g2_626\g2viewer.exe] => (Allow) C:\users\adams\appdata\local\temp\g2_626\g2viewer.exe FirewallRules: [TCP Query User{7559F51F-A7C6-485A-AD7C-E56F25DE4756}C:\users\adams\appdata\local\temp\g2_626\g2viewer.exe] => (Allow) C:\users\adams\appdata\local\temp\g2_626\g2viewer.exe FirewallRules: [UDP Query User{289FE499-7570-4B89-8501-4E8BDDC532EF}C:\users\adams\appdata\local\temp\g2_626\g2viewer.exe] => (Allow) C:\users\adams\appdata\local\temp\g2_626\g2viewer.exe FirewallRules: [TCP Query User{57D71E0C-02DA-4284-99B0-2D449612FEF9}C:\program files (x86)\microsoft office\office12\excel.exe] => (Allow) C:\program files (x86)\microsoft office\office12\excel.exe FirewallRules: [UDP Query User{7A808B86-1B90-4456-BF88-32B0EDC79949}C:\program files (x86)\microsoft office\office12\excel.exe] => (Allow) C:\program files (x86)\microsoft office\office12\excel.exe FirewallRules: [TCP Query User{2A4F61AC-AC2F-4DAA-B1AA-E3C2C6AEF524}C:\users\adams\appdata\local\temp\g2_943\g2viewer.exe] => (Allow) C:\users\adams\appdata\local\temp\g2_943\g2viewer.exe FirewallRules: [UDP Query User{3787462F-FB42-4515-91C3-F11FBE6B6EFF}C:\users\adams\appdata\local\temp\g2_943\g2viewer.exe] => (Allow) C:\users\adams\appdata\local\temp\g2_943\g2viewer.exe FirewallRules: [TCP Query User{4724D3AE-6D7A-46AF-AC63-BA10519530B3}C:\users\adams\appdata\local\temp\g2_1337\g2viewer.exe] => (Allow) C:\users\adams\appdata\local\temp\g2_1337\g2viewer.exe FirewallRules: [UDP Query User{AF668C6A-9A95-453C-98EF-0DDB3CD4E34B}C:\users\adams\appdata\local\temp\g2_1337\g2viewer.exe] => (Allow) C:\users\adams\appdata\local\temp\g2_1337\g2viewer.exe FirewallRules: [TCP Query User{A9B48745-A43C-4886-AAF1-61DBBF027A36}C:\program files (x86)\ipswitch\ws_ftp 12\wsftpgui.exe] => (Allow) C:\program files (x86)\ipswitch\ws_ftp 12\wsftpgui.exe FirewallRules: [UDP Query User{998DD478-F817-4B0E-8E09-6EF9FE048853}C:\program files (x86)\ipswitch\ws_ftp 12\wsftpgui.exe] => (Allow) C:\program files (x86)\ipswitch\ws_ftp 12\wsftpgui.exe FirewallRules: [TCP Query User{700C3F65-997C-414F-9222-0876ECFEEA09}C:\users\adams\appdata\local\temp\g2_1606\g2viewer.exe] => (Allow) C:\users\adams\appdata\local\temp\g2_1606\g2viewer.exe FirewallRules: [UDP Query User{41AE2CEA-842D-4D9F-8B00-36B97F187635}C:\users\adams\appdata\local\temp\g2_1606\g2viewer.exe] => (Allow) C:\users\adams\appdata\local\temp\g2_1606\g2viewer.exe FirewallRules: [{03EC45BD-BC02-445A-BE1A-B6C9396D3AAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/31/2015 11:38:32 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/31/2015 10:29:15 AM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (3552) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error: (08/31/2015 10:28:45 AM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (2404) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error: (08/30/2015 05:13:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 44.0.2403.157, time stamp: 0x55d29eef Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00014f08 Faulting process id: 0x944 Faulting application start time: 0xchrome.exe0 Faulting application path: chrome.exe1 Faulting module path: chrome.exe2 Report Id: chrome.exe3 Error: (08/30/2015 05:12:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 44.0.2403.157, time stamp: 0x55d29eef Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00014f08 Faulting process id: 0xe1c Faulting application start time: 0xchrome.exe0 Faulting application path: chrome.exe1 Faulting module path: chrome.exe2 Report Id: chrome.exe3 Error: (08/30/2015 05:11:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 44.0.2403.157, time stamp: 0x55d29eef Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00014f08 Faulting process id: 0x13e0 Faulting application start time: 0xchrome.exe0 Faulting application path: chrome.exe1 Faulting module path: chrome.exe2 Report Id: chrome.exe3 Error: (08/29/2015 02:16:02 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. Error: (08/29/2015 01:00:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL. System Error: The system cannot find the file specified. . Error: (08/29/2015 01:00:30 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {4aad14f1-42e0-4013-8d7d-d3dc10206997} Error: (08/29/2015 11:22:44 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. System errors: ============= Error: (09/11/2015 03:51:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Rezip service terminated unexpectedly. It has done this 1 time(s). Error: (09/11/2015 03:34:20 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR2. Error: (09/11/2015 03:34:18 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR2. Error: (09/11/2015 03:31:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (09/11/2015 03:31:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (09/11/2015 03:31:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/11/2015 03:31:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s). Error: (09/11/2015 03:31:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Rezip service terminated unexpectedly. It has done this 1 time(s). Error: (09/11/2015 03:31:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (09/11/2015 03:31:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). Microsoft Office: ========================= CodeIntegrity: =================================== Date: 2015-08-31 15:53:30.284 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-08-31 15:53:30.237 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-08-29 12:19:08.400 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-29 11:12:10.375 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-29 11:12:10.328 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-29 11:12:10.250 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-29 11:12:10.188 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-29 10:47:32.795 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 14:50:40.069 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. Date: 2015-08-28 14:50:40.006 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz Percentage of memory in use: 70% Total physical RAM: 3956.55 MB Available physical RAM: 1173.42 MB Total Virtual: 7911.28 MB Available Virtual: 5133.25 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:21.37 GB) NTFS Drive d: (New Volume) (Fixed) (Total:350.22 GB) (Free:350.12 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 8C4416FD) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=450 MB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=350.2 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================