Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015 Ran by username2 at 2015-02-17 21:21:00 Running from C:\Users\username\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71} AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC} FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI - Suomi (HKLM-x32\...\{AC76BA86-7AD7-1035-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Arcanum Of Steamworks and Magick Obscura (HKLM-x32\...\GOGPACKARCANUM_is1) (Version: 2.0.0.15 - GOG.com) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.3 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.4 - ASUS) ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.2 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0010 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation) ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5230.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.5230.52 - CyberLink Corp.) Hidden AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden Baldur's Gate 2 Complete (HKLM-x32\...\GOGPACKBALDURSGATE2_is1) (Version: 2.0.0.12 - GOG.com) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Caesar 3 (HKLM-x32\...\GOGPACKCAESAR3_is1) (Version: 2.0.0.9 - GOG.com) CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform) Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo) COMODO Internet Security Premium (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.) Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Democracy 3 (HKLM-x32\...\GOGPACKDEMOCRACY3_is1) (Version: 2.6.0.11 - GOG.com) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Fallout2 (HKLM-x32\...\Fallout2) (Version: - ) Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS) Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia) Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.1.0.7 - GOG.com) partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming) PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6976 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.) Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Tropico 3 GOLD (HKLM-x32\...\GOGPACKTROPICO3GOLD_is1) (Version: 2.0.0.9 - GOG.com) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Driver Package - ASUS (ATP) Mouse (07/16/2013 1.0.0.181) (HKLM\...\16D5A24C881B7CEE31FBA6DD5EC1C194C188F85A) (Version: 07/16/2013 1.0.0.181 - ASUS) Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-01-2015 12:46:03 Windows Update 03-02-2015 18:56:43 Windows Modules Installer 11-02-2015 12:29:25 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2014-05-09 13:36 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B1D8A65-5956-46FD-8B39-BF00BBE13714} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-06-19] (ASUS) Task: {0F00637B-D50D-4177-87F0-47FD49B0C040} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO) Task: {6095280F-06F8-4D2D-91B0-EB28C4AB3C9A} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO) Task: {6E948608-4CB4-47DC-95E5-E21C828B016A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-12] (Microsoft Corporation) Task: {721B2A9E-5459-4857-AF9B-D091490F26D1} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] () Task: {7F6E9724-1226-4B14-BC33-BDAFF90EE8BF} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe Task: {82FB5A5C-0ADB-4592-8EA1-F2F7145542EC} - System32\Tasks\{6D59472C-BC84-4395-AA13-197AC673A2A7} => pcalua.exe -a "D:\GOG Games\Baldur's Gate 2\baldur.exe" -d "D:\GOG Games\Baldur's Gate 2" Task: {844F03DC-CCA5-4955-A33C-574CF3CE408D} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO) Task: {88D211CA-2931-4D99-A246-13181192C413} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-02-04] (COMODO) Task: {895139FE-D94C-436E-8EFB-B046D2B29DF6} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-06-03] (ASUSTeK Computer Inc.) Task: {9731AC27-EA17-4A67-9F36-54091B0EBB41} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-02-04] (COMODO) Task: {998502EA-51AC-4761-834E-F7B9B67D3E49} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.) Task: {AEC9089A-0E78-4151-94D6-D4603ADA6C2B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-03] (ASUS) Task: {CE045C9D-7FB3-4BA7-A3A0-24DB6CB85D88} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-05-21] (ASUSTeK Computer Inc.) Task: {D0558948-CA2D-4F63-B5E2-948AF6DFAE6E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {DB6D381D-AD47-45C7-A001-BA0AB8155D9E} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-04] (COMODO) Task: {DC22EC9F-3848-4184-99B6-C116A008A376} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-05-21] (ASUSTeK Computer Inc.) Task: {E3649447-4EDB-4B03-BBC3-AA5A0CE6E631} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated) Task: {E94EDE06-0FE2-4D85-AE3A-A5BA387B257B} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-08-08] (AsusTek) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============== 2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe 2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2013-04-24 18:09 - 2013-04-24 18:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-04-24 18:07 - 2013-04-24 18:07 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-04-24 18:12 - 2013-04-24 18:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2013-06-19 22:49 - 2013-06-19 22:49 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msaudite.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\TSWbPrxy.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\instnm.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msaudite.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\scesrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\setup16.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\user.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wow32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\pccsmcfdx64.sys:$CmdTcID AlternateDataStreams: C:\Users\username\SkyDrive:ms-properties AlternateDataStreams: C:\Users\username\Desktop\OTL.exe:$CmdTcID AlternateDataStreams: C:\Users\username\Desktop\OTL.exe:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\1.mp4:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\1.mp4:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\2.mp4:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\2.mp4:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\3.mp4:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\3.mp4:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\4.mp4:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\4.mp4:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\5.mp4:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\BG2_Artworks.zip:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\BG2_Avatars.zip:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\BG2_manuals.zip:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\BG2_Map.zip:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\BG2_soundtrack.zip:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\BG2_TOB_refcard.zip:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\BG2_Wallpapers.zip:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\FRST64(1).exe:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\FRST64(1).exe:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\Nokia_Suite_webinstaller_ALL.exe:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\Nokia_Suite_webinstaller_ALL.exe:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\OTL(1).exe:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\OTL(1).exe:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\sdfghj.jpg:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\sdfghj.jpg:$CmdZnID AlternateDataStreams: C:\Users\username\Downloads\setup_baldurs_gate2_2.0.0.12-1.bin:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\setup_baldurs_gate2_2.0.0.12-2.bin:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\setup_baldurs_gate2_2.0.0.12.exe:$CmdTcID AlternateDataStreams: C:\Users\username\Downloads\setup_caesar3_2.0.0.9.exe:$CmdTcID ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\94356600.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\94356600.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2448385805-1358340357-1453317947-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\ASUS\wallpapers\ASUS.jpg DNS Servers: 193.229.0.40 - 193.229.0.42 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe" MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe" MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s ==================== Accounts: ============================= Administrator (S-1-5-21-2448385805-1358340357-1453317947-500 - Administrator - Disabled) Guest (S-1-5-21-2448385805-1358340357-1453317947-501 - Limited - Disabled) username2 (S-1-5-21-2448385805-1358340357-1453317947-1001 - Administrator - Enabled) => C:\Users\username username_2 (S-1-5-21-2448385805-1358340357-1453317947-1002 - Limited - Enabled) => C:\Users\username_2 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/15/2015 08:59:04 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/15/2015 08:55:19 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/15/2015 08:52:44 PM) (Source: Perflib) (EventID: 1015) (User: ) Description: PerfProcC:\WINDOWS\System32\perfproc.dll0 Error: (02/12/2015 11:13:30 AM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialised. Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/12/2015 11:13:30 AM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialised. Context: Windows Application Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/12/2015 11:13:30 AM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialised. Context: Windows Application, SystemIndex Catalogue Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/12/2015 11:13:30 AM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in cannot be initialised. Context: Windows Application, SystemIndex Catalogue Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/12/2015 11:13:28 AM) (Source: Windows Search Service) (EventID: 3057) (User: ) Description: The plug-in manager cannot be initialised. Context: Windows Application Details: (HRESULT : 0x8e5e0210) (0x8e5e0210) Error: (02/12/2015 11:13:28 AM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalogue is corrupt. 0xc0041801 (0xc0041801) Error: (02/12/2015 11:13:28 AM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. The service will attempt to automatically correct this problem by rebuilding the index. Details: 0x8e5e0210 (0x8e5e0210) System errors: ============= Error: (02/15/2015 08:51:15 PM) (Source: DCOM) (EventID: 10010) (User: abc) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/15/2015 08:50:45 PM) (Source: DCOM) (EventID: 10010) (User: abc) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/15/2015 02:38:40 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (02/14/2015 05:38:05 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (02/14/2015 03:00:13 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (02/14/2015 00:34:15 AM) (Source: DCOM) (EventID: 10010) (User: abc) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/13/2015 07:47:24 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (02/13/2015 01:51:44 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (02/13/2015 00:56:45 PM) (Source: DCOM) (EventID: 10010) (User: abc) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/12/2015 11:08:54 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Microsoft Office Sessions: ========================= Error: (02/15/2015 08:59:04 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/15/2015 08:55:19 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/15/2015 08:52:44 PM) (Source: Perflib) (EventID: 1015) (User: ) Description: PerfProcC:\WINDOWS\System32\perfproc.dll0 Error: (02/12/2015 11:13:30 AM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/12/2015 11:13:30 AM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Context: Windows Application Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/12/2015 11:13:30 AM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Context: Windows Application, SystemIndex Catalogue Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/12/2015 11:13:30 AM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Context: Windows Application, SystemIndex Catalogue Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Search.TripoliIndexer Error: (02/12/2015 11:13:28 AM) (Source: Windows Search Service) (EventID: 3057) (User: ) Description: Context: Windows Application Details: (HRESULT : 0x8e5e0210) (0x8e5e0210) Search.TripoliIndexer Error: (02/12/2015 11:13:28 AM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Details: The content index catalogue is corrupt. 0xc0041801 (0xc0041801) The catalog is corrupt Error: (02/12/2015 11:13:28 AM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Details: 0x8e5e0210 (0x8e5e0210) 4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167) CodeIntegrity Errors: =================================== Date: 2015-02-17 21:06:29.265 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-17 20:26:08.174 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-15 20:38:49.007 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-14 16:59:02.456 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-14 00:19:52.930 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-14 00:00:30.688 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 23:40:27.400 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 19:37:11.051 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 17:17:23.001 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 13:25:53.220 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz Percentage of memory in use: 48% Total physical RAM: 3981.74 MB Available physical RAM: 2049.65 MB Total Pagefile: 5053.74 MB Available Pagefile: 2443.1 MB Total Virtual: 131072 MB Available Virtual: 131071.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:122.48 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:247.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 0FE4DC0A) Partition: GPT Partition Type. ==================== End Of Log ============================