Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015 Ran by GRD at 2015-04-13 22:22:46 Running from C:\Users\GRD\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated) Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.169 - Adobe Systems Incorporated) Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - ) Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC) Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version: - 2K Australia) Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts) Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts) Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd) Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve) dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate) Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dropbox (HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.) f.lux (HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\Flux) (Version: - ) Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai) ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - ) FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.) Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version: - Muse Games) herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.) HFSExplorer 0.21 (HKLM-x32\...\HFSExplorer) (Version: 0.21 - Catacombae Software) Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive) Hitman: Sniper Challenge (HKLM-x32\...\Steam App 205930) (Version: - IO Interactive) Homeworld Remastered Collection (HKLM-x32\...\Steam App 244160) (Version: - Gearbox Software) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche) Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality) Malwarebytes Anti-Exploit version 1.06.1.1018 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1018 - Malwarebytes) Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net) Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.) Music Manager (HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\MusicManager) (Version: - Google, Inc.) Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version: - Unknown Worlds Entertainment) NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation) NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA Miracast Virtual Audio 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment) Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PlanetSide 2 (HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment) Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Pushbullet version 209 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 209 - Pushbullet Inc) PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden Rapport (x32 Version: 3.5.1404.75 - Trusteer) Hidden Reus (HKLM-x32\...\Steam App 222730) (Version: - Abbey Games) Ryse: Son of Rome (HKLM-x32\...\Steam App 302510) (Version: - Crytek) Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung) ShadowCopy (HKLM-x32\...\{117CE366-3EED-48C5-BF6A-E0F47A0E68A4}) (Version: 2.02.000 - Runtime Software) SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Star Conflict (HKLM-x32\...\Steam App 212070) (Version: - ) Star Wars: The Force Unleashed 2 (HKLM-x32\...\Star Wars: The Force Unleashed 2_is1) (Version: 1.0 - LucasArts) StarCraft II (HKLM-x32\...\StarCraft II) (Version: 2.0.11.26825 - Blizzard Entertainment) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version: - Gas Powered Games) System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) Telegram Desktop version 0.7.8 (HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.8 - Telegram Messenger LLP) Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts) ThreatExpert Memory Scanner 1.0 (HKLM\...\ThreatExpert Memory Scanner_is1) (Version: 1.0.1.0 - Threat Expert Ltd.) Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.9.6 - Electronic Arts) Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.75 - Trusteer) TU Go (HKLM-x32\...\{823cbf22-f004-4130-af83-959a6c238585}) (Version: 1.1.6.2 - Telefonica Digital Ltd.) TU Go (x32 Version: 1.1.6.2 - Telefonica Digital Ltd.) Hidden Unified Remote (HKLM-x32\...\{BD96B1DF-2A2E-4ED1-B255-F8050DEB1B3D}) (Version: 2.14.2.0 - Unified Remote) Unity Web Player (HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version: - Giant Army) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.) Vuze Remote Toolbar v9.3 (HKLM-x32\...\{44C0EC7E-CF09-4569-B34B-0A9347D72596}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION War Thunder Launcher 1.0.1.199 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2012 Gaijin Entertainment Corporation) Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes) webXvid Codec (HKLM-x32\...\webXvid Codec) (Version: 3.6 - webXvid) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version: - Machine Games) World of Goo (HKLM-x32\...\Steam App 22000) (Version: - 2D BOY) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GRD\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-809373587-3448285753-2040023688-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\GRD\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 10-03-2015 21:19:56 Scheduled Checkpoint 16-03-2015 21:46:17 Windows Update 29-03-2015 16:25:39 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 06:26 - 2015-04-12 18:46 - 00451699 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {075983E1-6C3E-4F9C-B83D-3BCFAF9BB3C5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-809373587-3448285753-2040023688-1001Core => C:\Users\GRD\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-04] (Google Inc.) Task: {1D3E4B21-5D9D-4C55-B58F-08C48A40C393} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-16] (Microsoft Corporation) Task: {317FA1A7-4999-4C03-AD36-1998092B0CE8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {3539216D-2289-4DAD-8749-96732060CC80} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-809373587-3448285753-2040023688-1001UA => C:\Users\GRD\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-04] (Google Inc.) Task: {4AD27185-1E66-4F21-A3DA-3D6DB2A0EA1C} - System32\Tasks\{F016C5EA-35FE-46C4-A136-6205CD28B041} => pcalua.exe -a C:\Users\GRD\Desktop\cohtrnmg.exe -d C:\Users\GRD\Desktop Task: {4B0E871C-0B41-4594-811E-2B69AA7A0ACD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {61A5380F-F4C0-47F2-9E93-1C2F4E7B689A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {79996355-75CA-4CE9-B2F5-2C344D7117E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04] (Google Inc.) Task: {8DC8EA52-7AA9-452D-A587-FDAB748F3183} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {989DD228-C905-4CDE-89C2-49B2678BE06D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04] (Google Inc.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809373587-3448285753-2040023688-1001Core.job => C:\Users\GRD\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809373587-3448285753-2040023688-1001UA.job => C:\Users\GRD\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-10-19 00:34 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-12-10 22:35 - 2014-12-10 13:58 - 00037376 _____ () C:\Program Files (x86)\Pushbullet\pushbullet_ctx.dll 2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2015-04-02 19:50 - 2015-03-30 22:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll 2015-04-02 19:50 - 2015-03-30 22:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll 2015-04-02 19:50 - 2015-03-30 22:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\GRD\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-809373587-3448285753-2040023688-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\GRD\Desktop\Stuff\Desktops\YGOGd7x - Imgur.jpg DNS Servers: 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher" HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper" HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\StartupApproved\Run: => "Unified Remote v2" HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\StartupApproved\Run: => "Pushbullet" HKU\S-1-5-21-809373587-3448285753-2040023688-1001\...\StartupApproved\Run: => "YTPack" ==================== Accounts: ============================= Administrator (S-1-5-21-809373587-3448285753-2040023688-500 - Administrator - Disabled) GRD (S-1-5-21-809373587-3448285753-2040023688-1001 - Administrator - Enabled) => C:\Users\GRD Guest (S-1-5-21-809373587-3448285753-2040023688-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/13/2015 10:19:32 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 804 Start Time: 01d0762e63ed6903 Termination Time: 4294967295 Application Path: C:\Users\GRD\Desktop\OTL.exe Report Id: c5bda286-e222-11e4-bf95-94de800fbe04 Faulting package full name: Faulting package-relative application ID: Error: (04/13/2015 08:35:03 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 164c Start Time: 01d07620372e7d41 Termination Time: 4294967295 Application Path: C:\WINDOWS\syswow64\wwahost.exe Report Id: 2b780b4e-e214-11e4-bf95-94de800fbe04 Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c Faulting package-relative application ID: App Error: (04/13/2015 08:34:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1018 Start Time: 01d07620372e7d41 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 2ae7fe64-e214-11e4-bf95-94de800fbe04 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (04/13/2015 08:22:49 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 13c0 Start Time: 01d0761e7c01f1fe Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 7139e3da-e212-11e4-bf95-94de800fbe04 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (04/12/2015 07:58:57 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/12/2015 07:58:56 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/12/2015 07:58:55 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/12/2015 07:58:55 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/12/2015 07:54:21 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error: (04/12/2015 07:45:30 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. System errors: ============= Error: (04/13/2015 08:21:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (04/13/2015 08:21:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (04/12/2015 06:46:17 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (04/10/2015 10:14:33 PM) (Source: DCOM) (EventID: 10010) (User: BLACKTOWER) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (04/10/2015 10:09:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. Error: (04/10/2015 10:09:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service. Error: (04/10/2015 10:08:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service. Error: (04/10/2015 10:08:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error: %%0 Error: (04/10/2015 10:06:03 PM) (Source: DCOM) (EventID: 10005) (User: BLACKTOWER) Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} Error: (04/10/2015 10:06:03 PM) (Source: DCOM) (EventID: 10005) (User: BLACKTOWER) Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-04-11 19:02:50.149 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-04-10 20:16:34.493 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-04-09 21:30:57.428 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-04-09 21:30:57.152 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-04-09 21:30:21.673 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-04-09 21:30:21.384 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-04-09 21:30:21.030 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-04-09 21:30:20.735 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-04-09 21:30:16.357 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-04-09 21:30:16.076 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X4 965 Processor Percentage of memory in use: 33% Total physical RAM: 8178.56 MB Available physical RAM: 5434.23 MB Total Pagefile: 9458.56 MB Available Pagefile: 6194.76 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: (HD) (Fixed) (Total:465.76 GB) (Free:221.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive f: (HYBRID) (Fixed) (Total:931.51 GB) (Free:652.83 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FCD5BCF4) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2218E3C9) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================