Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015 Ran by DON at 2015-07-16 23:13:30 Running from C:\Users\DON\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3674742494-2999520443-3398800312-500 - Administrator - Disabled) DON (S-1-5-21-3674742494-2999520443-3398800312-1000 - Administrator - Enabled) => C:\Users\DON Guest (S-1-5-21-3674742494-2999520443-3398800312-501 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Dell System Detect (HKU\S-1-5-21-3674742494-2999520443-3398800312-1000\...\73f463568823ebbe) (Version: 6.3.0.6 - Dell) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - ) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 pl)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla) Recover Keys (HKLM-x32\...\Recover Keys_is1) (Version: 8.0.3.113 - Recover Keys) Roxio File Backup (Version: 1.3.0 - Roxio) Hidden Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3674742494-2999520443-3398800312-1000\...\Spotify) (Version: 0.9.10.21.g22fbdb39 - Spotify AB) VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3674742494-2999520443-3398800312-1000_Classes\CLSID\{57B13C80-C59C-4981-8870-4A209C1B7589}\InprocServer32 -> C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions) CustomCLSID: HKU\S-1-5-21-3674742494-2999520443-3398800312-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll () ==================== Restore Points ========================= 01-03-2015 13:46:50 Scheduled Checkpoint 20-04-2015 19:43:18 Scheduled Checkpoint 28-04-2015 18:00:35 Scheduled Checkpoint 12-07-2015 14:28:05 Removed YTD Toolbar v10.7. 15-07-2015 06:34:44 Windows Update 16-07-2015 15:35:20 Installed WinZip 19.5 16-07-2015 21:05:59 Removed Apple Application Support 16-07-2015 21:36:46 Removed iTunes 16-07-2015 21:47:08 Removed Apple Mobile Device Support 16-07-2015 21:49:03 Removed Apple Application Support 16-07-2015 22:03:31 Removed Java 7 Update 67 16-07-2015 22:08:37 Removed Bonjour 16-07-2015 22:51:14 Restore Point Created by FRST ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0EDE2075-0AC9-43FC-BF98-C2A965EB142A} - System32\Tasks\ReclaimerUpdateXML_DON => C:\Users\DON\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-12] (RealNetworks, Inc.) Task: {291E6592-6714-4C49-83FC-FB6E187F94FC} - System32\Tasks\RNUpgradeHelperLogonPrompt_DON => C:\Users\DON\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-12] (RealNetworks, Inc.) Task: {579520F7-4477-45FC-A4F5-75598821476C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {59371D20-5FD2-4C0A-8386-957321DCCB01} - System32\Tasks\ReclaimerUpdateFiles_DON => C:\Users\DON\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-12] (RealNetworks, Inc.) Task: {74A9F8A2-D9AF-422C-A626-BD36E6AE1483} - System32\Tasks\RNUpgradeHelperResumePrompt_DON => C:\Users\DON\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-12] (RealNetworks, Inc.) Task: {8435CC90-3A9A-481E-886B-2FB5DA8BB181} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3674742494-2999520443-3398800312-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {B5DF329A-2C7F-4033-99A7-A1E58B5A9635} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3674742494-2999520443-3398800312-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (Whitelisted) ============== 2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3674742494-2999520443-3398800312-1000\...\dell.com -> dell.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3674742494-2999520443-3398800312-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DON\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.43.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe ==================== Faulty Device Manager Devices ============= Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/16/2015 11:05:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/16/2015 10:51:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver. System Error: The system cannot find the file specified. . Error: (07/16/2015 10:08:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver. System Error: The system cannot find the file specified. . Error: (07/16/2015 10:03:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver. System Error: The system cannot find the file specified. . Error: (07/16/2015 09:49:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver. System Error: The system cannot find the file specified. . Error: (07/16/2015 09:47:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver. System Error: The system cannot find the file specified. . Error: (07/16/2015 09:35:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 705701 Error: (07/16/2015 09:35:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 705701 Error: (07/16/2015 09:35:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/16/2015 09:23:49 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9703 System errors: ============= Error: (07/16/2015 11:07:47 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a41\??\C:\Windows\System32\config\COMPONENTS Error: (07/16/2015 11:03:23 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE Error: (07/16/2015 10:51:44 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error: (07/16/2015 10:51:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (07/16/2015 10:51:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (07/16/2015 10:51:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Business Contact Manager SQL Server Startup Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/16/2015 10:51:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The RealNetworks Downloader Resolver Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/16/2015 10:51:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (07/16/2015 10:51:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s). Error: (07/16/2015 10:51:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Microsoft Office: ========================= Error: (08/18/2014 06:13:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19549 seconds with 4500 seconds of active time. This session ended with a crash. Error: (08/14/2014 09:36:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 350 seconds with 300 seconds of active time. This session ended with a crash. Error: (04/08/2014 01:26:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6763 seconds with 2580 seconds of active time. This session ended with a crash. Error: (03/20/2014 04:05:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/20/2014 04:05:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/13/2014 01:13:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 46 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/13/2014 01:12:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2015-04-18 20:10:23.784 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:19.946 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.156 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.141 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.141 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.125 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.109 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.094 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.078 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. Date: 2015-04-18 20:10:17.063 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AudioSes.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz Percentage of memory in use: 38% Total physical RAM: 4086.04 MB Available physical RAM: 2527.13 MB Total Virtual: 8170.29 MB Available Virtual: 6558.41 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:173.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 082019FC) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== End of log ============================