Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015 Ran by Antonin at 2015-06-17 21:11:49 Running from C:\Users\Antonin\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3535277157-3009570326-1991447429-500 - Administrator - Disabled) Antonin (S-1-5-21-3535277157-3009570326-1991447429-1001 - Administrator - Enabled) => C:\Users\Antonin Guest (S-1-5-21-3535277157-3009570326-1991447429-501 - Limited - Enabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-3535277157-3009570326-1991447429-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3535277157-3009570326-1991447429-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software) Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.11.4119 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{E78B4959-B348-4913-874B-FF982378E035}) (Version: 0.9.11.4119 - BlueStack Systems, Inc.) Boot2Docker for Windows version 1.6.2 (HKLM\...\{05BD04E9-4AB5-46AC-891E-60EA8FD57D56}_is1) (Version: 1.6.2 - Docker Inc) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.68.1077 - AB Team, d.o.o.) Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.300.10 - Citrix Systems, Inc.) ColorMania 5.1 (HKLM-x32\...\ColorMania_is1) (Version: 5.1 - Blacksun Software) Dropbox (HKU\S-1-5-21-3535277157-3009570326-1991447429-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation) Filedrop version 1.1.5 (HKLM-x32\...\{3A309583-1B4A-4C90-85EA-124EB8DB331A}_is1) (Version: 1.1.5 - Filedrop) FileZilla Client 3.10.2 (HKU\S-1-5-21-3535277157-3009570326-1991447429-1001\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse) FileZilla Client 3.10.2 (HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse) Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com) Git version 1.9.5-preview20150319 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20150319 - The Git Development Community) GitHub (HKU\S-1-5-21-3535277157-3009570326-1991447429-1001\...\5f7eb300e2ea4ebf) (Version: 2.13.2.4 - GitHub, Inc.) GitHub (HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5f7eb300e2ea4ebf) (Version: 2.13.2.4 - GitHub, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.) Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden GoPro Studio 2.5.4 (HKLM-x32\...\GoPro Studio) (Version: 2.5.4 - GoPro, Inc.) Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) KeePass Password Safe 1.28 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.28 - Dominik Reichl) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation) Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla) MySQL Workbench 6.2 CE (HKLM\...\{B632465A-857D-4FC2-A76E-B1F3693527D8}) (Version: 6.2.4 - Oracle Corporation) Node.js (HKLM-x32\...\{7A77F19E-A97C-44A4-BF9D-6C55E7980251}) (Version: 0.12.1 - Joyent, Inc. and other Node contributors) Online Plug-in (x32 Version: 13.4.300.10 - Citrix Systems, Inc.) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Pdf995 (HKLM-x32\...\Pdf995) (Version: 15.0s - ) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation) Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation) Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games) Self-service Plug-in (x32 Version: 3.4.300.43589 - Citrix Systems, Inc.) Hidden SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com) Spotify (HKU\S-1-5-21-3535277157-3009570326-1991447429-1001\...\Spotify) (Version: 1.0.7.157.g2a6526f9 - Spotify AB) Spotify (HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.7.157.g2a6526f9 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - ) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.2 - TrueCrypt Foundation) TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden WinDirStat 1.1.2 (HKU\S-1-5-21-3535277157-3009570326-1991447429-1001\...\WinDirStat) (Version: - ) WinDirStat 1.1.2 (HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - ) Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll () CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll () CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3535277157-3009570326-1991447429-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Antonin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 10-06-2015 00:56:47 Windows Update 13-06-2015 17:29:28 avast! antivirus system restore point 14-06-2015 22:58:40 Removed QuickTime 7 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0142007A-EEC7-4C68-BEF4-B56C456B3D4A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {0DF05EC9-0DB2-40B6-8834-754C8DE954F7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {202C395B-DDC5-4C38-B641-3DEC7BB98919} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {3EBD0CFF-9055-47DA-B77E-B00D845315D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-14] (Google Inc.) Task: {429A581E-BEE4-4663-83D5-6DD60360443E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-13] (Avast Software s.r.o.) Task: {5B553F26-8722-4B08-99C3-FE7F6B28658B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {779C3150-6C4D-4601-9B4E-7452CE79B073} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {8117188C-E945-4480-A87C-D5F244D831DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation) Task: {9062631F-0A2E-4294-A839-18B86A480FE6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {9639FD7A-55D1-42F7-A1C5-A45F63E4F10B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-14] (Google Inc.) Task: {C29440C0-5ACA-406D-AC67-66D1800BB23D} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe Task: {C3DCC6F7-2096-48C7-BB7D-A1495C800B2F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {C501083A-3757-4F8D-89D4-55163F85AFE5} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation) Task: {D68E258C-5ECF-46CB-9861-D30C4DB72183} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-12] (Microsoft Corporation) Task: {E6F4B3AC-FE12-423D-8461-139D8518FAB4} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-danek@antonindanek.cz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-22] (Adobe Systems Incorporated) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-02-20 23:26 - 2014-03-05 11:18 - 00040448 _____ () C:\windows\System32\pdf995mon64.dll 2015-03-02 16:43 - 2015-03-02 16:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2015-02-22 21:45 - 2015-02-22 21:45 - 02394624 _____ () C:\Program Files\WindowsApps\Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt\Facebook.exe 2015-02-24 00:53 - 2015-02-24 00:53 - 10501632 _____ () C:\Users\Antonin\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook\eff57947f2d527a4d30599471bd8a2a4\Facebook.ni.exe 2015-02-24 00:50 - 2015-02-24 00:50 - 05185024 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI.Xaml\873b701d9b42e91132f08a6f05c4361a\Windows.UI.Xaml.ni.dll 2015-02-24 00:52 - 2015-02-24 00:52 - 01134592 _____ () C:\Users\Antonin\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-Win8-Base\8a9f4d141ea60649eb4ac5dc3eae33d2\Facebook-Win8-Base.ni.dll 2015-02-24 00:52 - 2015-02-24 00:52 - 00619520 _____ () C:\Users\Antonin\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-Base\a1e018847a9bbd02df0c31d4d2044695\Facebook-Base.ni.dll 2015-02-24 00:52 - 2015-02-24 00:52 - 01112576 _____ () C:\Users\Antonin\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-Models\6345c048bbd973b5b6935da559c99955\Facebook-Models.ni.dll 2015-02-24 00:52 - 2015-02-24 00:52 - 05790720 _____ () C:\Users\Antonin\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-Services\f8229d2b8e40c929a92d58b800fa8d1e\Facebook-Services.ni.dll 2015-02-24 00:50 - 2015-02-24 00:50 - 01782784 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll 2015-02-24 00:51 - 2015-02-24 00:51 - 00632320 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll 2015-02-24 00:51 - 2015-02-24 00:51 - 01278464 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\f9ac074d298db459c5eff6d3256861c8\Windows.Storage.ni.dll 2015-02-24 00:50 - 2015-02-24 00:50 - 00363520 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll 2015-02-24 00:53 - 2015-02-24 00:53 - 01492992 _____ () C:\Users\Antonin\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Bing.Maps\da17719ac327a528f002ca1420a4abca\Bing.Maps.ni.dll 2015-02-24 00:50 - 2015-02-24 00:50 - 02019840 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll 2015-02-24 00:50 - 2015-02-24 00:50 - 01459712 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll 2015-02-24 00:50 - 2015-02-24 00:50 - 00207872 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll 2015-02-24 00:51 - 2015-02-24 00:51 - 00467456 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\ea818a24554fc2db9a73de1e79afb286\Windows.Graphics.ni.dll 2015-02-24 00:51 - 2015-02-24 00:51 - 01259520 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll 2015-02-24 00:50 - 2015-02-24 00:50 - 00521216 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll 2015-02-24 00:53 - 2015-02-24 00:53 - 00021504 _____ () C:\Users\Antonin\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook-No02b98c3e#\ad3ee8ea231e42a87d3bfbbf64e06b7e\Facebook-Notifications.ni.dll 2015-02-24 00:53 - 2015-02-24 00:53 - 00592896 _____ () C:\Users\Antonin\AppData\Local\Packages\facebook.facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Notificatioc5a47191#\3b0f4eefb2f4c55dbed371d125599081\NotificationsExtensions.ni.dll 2015-02-24 00:51 - 2015-02-24 00:51 - 00347136 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\94e2bc13589233f9d2cc54292717b8cf\Windows.Globalization.ni.dll 2015-05-09 13:32 - 2015-05-09 13:32 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll 2015-06-13 17:30 - 2015-06-13 17:30 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-06-13 17:30 - 2015-06-13 17:30 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-06-15 20:41 - 2015-06-15 20:41 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061501\algo.dll 2015-06-17 21:11 - 2015-06-17 21:11 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061700\algo.dll 2012-10-01 21:37 - 2012-10-01 21:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-03-09 22:45 - 2015-06-15 22:55 - 41287224 _____ () C:\Users\Antonin\AppData\Roaming\Spotify\libcef.dll 2015-03-02 22:30 - 2015-03-02 22:30 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2014-07-07 18:21 - 2014-07-07 18:21 - 00410744 _____ () C:\windows\SYSTEM32\TrueColor5.2\LcProxy2.ax 2014-07-07 18:21 - 2014-07-07 18:21 - 00749168 _____ () C:\windows\SYSTEM32\TrueColor5.2\CAL2.dll 2015-03-09 22:45 - 2015-06-15 22:55 - 01488440 _____ () C:\Users\Antonin\AppData\Roaming\Spotify\libglesv2.dll 2015-03-09 22:45 - 2015-06-15 22:55 - 00079928 _____ () C:\Users\Antonin\AppData\Roaming\Spotify\libegl.dll 2015-03-09 22:45 - 2015-03-18 21:40 - 09305656 _____ () C:\Users\Antonin\AppData\Roaming\Spotify\pdf.dll 2015-06-14 14:06 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll 2015-06-14 14:06 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll 2015-06-16 00:48 - 2015-06-16 00:48 - 00043008 _____ () c:\users\antonin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjuqeyd.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Antonin\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Antonin\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Antonin\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Antonin\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-06-13 17:30 - 2015-06-13 17:30 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2005-08-14 22:09 - 2005-08-14 22:09 - 00111616 _____ () C:\Program Files (x86)\BSPlayer\plugins\oldskin.dll 2015-02-20 22:21 - 2010-08-14 11:44 - 00552960 _____ () C:\Users\Antonin\AppData\Roaming\BSplayer\Haali media splitter\splitter.ax 2015-02-20 22:21 - 2010-08-14 11:40 - 00080384 _____ () C:\Users\Antonin\AppData\Roaming\BSplayer\Haali media splitter\mkzlib.dll 2015-02-20 22:21 - 2010-08-14 11:39 - 00024576 _____ () C:\Users\Antonin\AppData\Roaming\BSplayer\Haali media splitter\mkunicode.dll 2015-02-20 22:21 - 2010-08-14 11:43 - 00150528 _____ () C:\Users\Antonin\AppData\Roaming\BSplayer\Haali media splitter\mkx.dll 2015-02-20 22:21 - 2010-08-14 11:43 - 00141824 _____ () C:\Users\Antonin\AppData\Roaming\BSplayer\Haali media splitter\mp4.dll 2015-02-20 22:21 - 2012-04-09 01:40 - 03470848 _____ () C:\Users\Antonin\AppData\Roaming\BSplayer\FFDShow\ffdshow.ax 2015-02-20 22:21 - 2009-08-11 22:19 - 00797184 _____ () C:\Users\Antonin\AppData\Roaming\BSplayer\AC3 Filter\ac3filter.ax 2015-02-20 22:21 - 2009-08-11 22:21 - 01021440 _____ () C:\Users\Antonin\AppData\Roaming\BSplayer\AC3 Filter\ac3filter_intl.dll 2015-02-20 22:21 - 2012-04-09 01:42 - 04427264 _____ () C:\Users\Antonin\AppData\Roaming\BSplayer\FFDShow\ffmpeg.dll 2015-02-20 22:21 - 2012-04-09 01:39 - 00328704 _____ () C:\Users\Antonin\AppData\Roaming\BSplayer\FFDShow\ff_libfaad2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:054203E4 AlternateDataStreams: C:\Users\Antonin\OneDrive:ms-properties AlternateDataStreams: C:\Users\Antonin\Desktop\celnice:com.dropbox.attributes ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3535277157-3009570326-1991447429-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img10.jpg HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img10.jpg HKU\S-1-5-21-3535277157-3009570326-1991447429-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Surface\Surface.jpg DNS Servers: 213.46.172.36 - 213.46.172.37 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "GoPro Importer.lnk" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKU\S-1-5-21-3535277157-3009570326-1991447429-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3535277157-3009570326-1991447429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Steam" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [TCP Query User{A319EDF9-17C2-4475-BAFE-8DFEEBF698B7}C:\program files (x86)\filedrop\filedrop.exe] => (Allow) C:\program files (x86)\filedrop\filedrop.exe FirewallRules: [UDP Query User{10E9D154-CC98-4D0F-8AE6-1E079E5C384B}C:\program files (x86)\filedrop\filedrop.exe] => (Allow) C:\program files (x86)\filedrop\filedrop.exe FirewallRules: [{1569B45D-7852-49C1-9690-52D1904280EB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{DEEEE33E-F215-4E40-B78D-F120624B9123}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{69A27B0E-A4F9-4A21-AEB7-DE517F5A5B36}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{7E346F1B-5707-4BA5-9DDF-9B7D65AB1945}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{DF41A058-F4C5-4B2A-9546-B67B44726FF8}C:\users\antonin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\antonin\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{73030931-E819-40CC-98FB-4E450A95F7CE}C:\users\antonin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\antonin\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{A0B5E397-0CC5-49FA-8604-E40FE0F4EFEE}C:\users\antonin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\antonin\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{550F4CFD-3AE5-41C3-BAD6-A5325919D0C0}C:\users\antonin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\antonin\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{CF1FBDA3-14B3-4922-B4DD-230F59DFAAFC}] => (Allow) C:\Users\Antonin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{62E9DE70-881E-4B21-A66F-74F4092B2308}] => (Allow) C:\Users\Antonin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2CCF769A-4714-4A0F-961B-B5EEB549F1F6}] => (Allow) C:\Users\Antonin\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{FCD0B210-317C-43DA-8399-B186B43E3F4F}] => (Allow) C:\Users\Antonin\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{626608C5-3DD4-4806-95AC-EEDBC1A20D91}C:\users\antonin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\antonin\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{60AEFD97-CD9B-4D8F-8B78-57FFB012E7EB}C:\users\antonin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\antonin\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{AEE2052E-673A-4ECA-B4BC-A1DF18A9791D}C:\users\antonin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\antonin\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{808A4C5F-62E4-4A0D-A094-F116093697D8}C:\users\antonin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\antonin\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{BBD8C660-2EA6-4D43-9642-A77DEB9129E3}C:\program files (x86)\jetbrains\intellij idea community edition 141.104.1\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 141.104.1\bin\idea.exe FirewallRules: [UDP Query User{8385C094-8FCB-4346-96F3-0FA355646531}C:\program files (x86)\jetbrains\intellij idea community edition 141.104.1\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 141.104.1\bin\idea.exe FirewallRules: [{5FBC2C73-1C04-41A8-BC6C-F52090CD7F47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1369D4D1-922E-4AE2-BA70-E5C2234850F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{EED277FE-855A-4EC5-9920-A242DB10B9E8}C:\programs\eclipse-pdt\eclipse.exe] => (Allow) C:\programs\eclipse-pdt\eclipse.exe FirewallRules: [UDP Query User{39387048-EEBF-4195-B4B9-3002BD08A641}C:\programs\eclipse-pdt\eclipse.exe] => (Allow) C:\programs\eclipse-pdt\eclipse.exe FirewallRules: [TCP Query User{4CA570A1-64F6-417A-9C01-36999F87A41C}C:\programs\xampp\mysql\bin\mysqld.exe] => (Allow) C:\programs\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{EA8FD3AF-D2FD-4A34-B9C0-D1C2BEDE2CB6}C:\programs\xampp\mysql\bin\mysqld.exe] => (Allow) C:\programs\xampp\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{167CE722-1CCF-4855-97FE-32121ECE8127}C:\programs\xampp\apache\bin\httpd.exe] => (Allow) C:\programs\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{D7FF4FD8-B2DE-4FAB-BD2C-A336487BC4A6}C:\programs\xampp\apache\bin\httpd.exe] => (Allow) C:\programs\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{3EA76EB0-6D3D-4391-9ABC-D863393A8713}C:\programs\eclipse-pdt\eclipse.exe] => (Allow) C:\programs\eclipse-pdt\eclipse.exe FirewallRules: [UDP Query User{2F87F580-6DCA-4F38-B853-6AE34ACB29A6}C:\programs\eclipse-pdt\eclipse.exe] => (Allow) C:\programs\eclipse-pdt\eclipse.exe FirewallRules: [TCP Query User{D45DE414-293B-47EC-9A72-CB5367BD235E}C:\programs\xampp\mysql\bin\mysqld.exe] => (Allow) C:\programs\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{EFB358CB-5414-402D-B7BE-4D667555CB1F}C:\programs\xampp\mysql\bin\mysqld.exe] => (Allow) C:\programs\xampp\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{BC472E73-F1BB-41B5-9004-6007B2473D5B}C:\programs\xampp\apache\bin\httpd.exe] => (Allow) C:\programs\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{270D39AF-E459-47D6-AF63-077B75F1AE1E}C:\programs\xampp\apache\bin\httpd.exe] => (Allow) C:\programs\xampp\apache\bin\httpd.exe FirewallRules: [{F89A868F-74DA-4A5E-A182-0B9AE39B09BF}] => (Allow) C:\Users\Antonin\AppData\Local\Temp\KMSnano\qemu-system-i386.exe FirewallRules: [{CF7DEAB4-2830-47EC-8AEE-576D35D3A2E4}] => (Allow) C:\Users\Antonin\AppData\Local\Temp\KMSnano\qemu-system-i386.exe FirewallRules: [{C94C0A3E-2BFA-4ABC-B1BE-169B2302673E}] => (Allow) C:\Users\Antonin\AppData\Local\Temp\KMSnano\qemu-system-i386.exe FirewallRules: [{B15BD851-5865-43C4-8C8C-5BD01C9E8849}] => (Allow) C:\Users\Antonin\AppData\Local\Temp\KMSnano\qemu-system-i386.exe FirewallRules: [TCP Query User{370B47D4-99F5-49A0-9116-44118B4F044A}C:\program files (x86)\r.g. mechanics\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\r.g. mechanics\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{0F53A5D1-880F-4CBA-87EE-A15A84F85503}C:\program files (x86)\r.g. mechanics\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\r.g. mechanics\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{A11118E3-6003-4E09-B542-EC732FFD9FEC}C:\program files (x86)\r.g. mechanics\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\r.g. mechanics\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{60E9AF6F-FC2C-4262-BDE7-B49884DE2EBE}C:\program files (x86)\r.g. mechanics\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\r.g. mechanics\grand theft auto v\gta5.exe FirewallRules: [{F5B31BB3-2543-48EB-B9CB-D3655D2BA7F4}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe FirewallRules: [TCP Query User{281E2D9A-DA64-4114-B406-EBCA1DE3CE49}C:\program files (x86)\nodejs\node.exe] => (Allow) C:\program files (x86)\nodejs\node.exe FirewallRules: [UDP Query User{C191C1E5-3892-45C2-9E69-D73AB8D5EBF2}C:\program files (x86)\nodejs\node.exe] => (Allow) C:\program files (x86)\nodejs\node.exe FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [{5B6EBCB3-77C9-4A2F-855D-A74BE377B2E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/17/2015 09:05:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7 Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d Exception code: 0xc000027b Fault offset: 0x0000000000063c1f Faulting process ID: 0x438 Faulting application start time: 0xbackgroundTaskHost.exe0 Faulting application path: backgroundTaskHost.exe1 Faulting module path: backgroundTaskHost.exe2 Report ID: backgroundTaskHost.exe3 Faulting package full name: backgroundTaskHost.exe4 Faulting package-relative application ID: backgroundTaskHost.exe5 Error: (06/16/2015 09:28:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Facebook.exe, version: 0.0.0.1, time stamp: 0x53e2b340 Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17415, time stamp: 0x54504b1a Exception code: 0xc0000005 Fault offset: 0x0000000000a8779d Faulting process ID: 0x1180 Faulting application start time: 0xFacebook.exe0 Faulting application path: Facebook.exe1 Faulting module path: Facebook.exe2 Report ID: Facebook.exe3 Faulting package full name: Facebook.exe4 Faulting package-relative application ID: Facebook.exe5 Error: (06/16/2015 09:28:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Facebook.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 00007FF8DFC5779D Stack: Error: (06/16/2015 09:27:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7 Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d Exception code: 0xc000027b Fault offset: 0x0000000000063c1f Faulting process ID: 0x4a8 Faulting application start time: 0xbackgroundTaskHost.exe0 Faulting application path: backgroundTaskHost.exe1 Faulting module path: backgroundTaskHost.exe2 Report ID: backgroundTaskHost.exe3 Faulting package full name: backgroundTaskHost.exe4 Faulting package-relative application ID: backgroundTaskHost.exe5 Error: (06/16/2015 00:47:52 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (06/16/2015 00:42:27 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418154 Error: (06/15/2015 10:54:51 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (06/15/2015 10:09:53 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (06/15/2015 09:32:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.17415, time stamp: 0x545042b7 Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17415, time stamp: 0x54503c4d Exception code: 0xc000027b Fault offset: 0x0000000000063c1f Faulting process ID: 0xa80 Faulting application start time: 0xbackgroundTaskHost.exe0 Faulting application path: backgroundTaskHost.exe1 Faulting module path: backgroundTaskHost.exe2 Report ID: backgroundTaskHost.exe3 Faulting package full name: backgroundTaskHost.exe4 Faulting package-relative application ID: backgroundTaskHost.exe5 Error: (06/15/2015 09:18:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 9c0 Start Time: 01d0a79efdbe2b96 Termination Time: 4294967295 Application Path: C:\windows\system32\backgroundTaskHost.exe Report Id: 4abd91f8-1393-11e5-829d-600292396c29 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App System errors: ============= Error: (06/17/2015 09:05:31 PM) (Source: BTHUSB) (EventID: 17) (User: ) Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (06/16/2015 09:26:51 PM) (Source: MTConfig) (EventID: 1) (User: ) Description: An attempt to configure the input mode of a multitouch device failed. Error: (06/16/2015 09:26:51 PM) (Source: MTConfig) (EventID: 1) (User: ) Description: An attempt to configure the input mode of a multitouch device failed. Error: (06/16/2015 09:26:51 PM) (Source: MTConfig) (EventID: 1) (User: ) Description: An attempt to configure the input mode of a multitouch device failed. Error: (06/16/2015 09:26:51 PM) (Source: BTHUSB) (EventID: 17) (User: ) Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (06/16/2015 00:47:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The BlueStacks Android Service service terminated with the following error: %%1064 Error: (06/16/2015 00:47:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (06/16/2015 00:47:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (06/16/2015 00:47:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Hyper-V Virtual Machine Management service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (06/16/2015 00:47:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s). Microsoft Office: ========================= Error: (06/17/2015 09:05:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f43801d0a9309523b33bC:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dlld9c4b8f8-1523-11e5-829f-600292396c29Ceskatelevize.iVysln_1.2.0.0_x64__ndqbq1wc819cyApp Error: (06/16/2015 09:28:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Facebook.exe0.0.0.153e2b340Windows.UI.Xaml.dll6.3.9600.1741554504b1ac00000050000000000a8779d118001d0a7bd8cc7ab04C:\Program Files\WindowsApps\Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt\Facebook.exeC:\Windows\System32\Windows.UI.Xaml.dlld9c56672-145d-11e5-829f-600292396c29Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp Error: (06/16/2015 09:28:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Facebook.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 00007FF8DFC5779D Stack: Error: (06/16/2015 09:27:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1f4a801d0a7bef86ae942C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dllc373adb1-145d-11e5-829f-600292396c29Ceskatelevize.iVysln_1.2.0.0_x64__ndqbq1wc819cyApp Error: (06/16/2015 00:47:52 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (06/16/2015 00:42:27 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418154 Error: (06/15/2015 10:54:51 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (06/15/2015 10:09:53 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Antonin\Downloads\esetsmartinstaller_enu.exe Error: (06/15/2015 09:32:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: backgroundTaskHost.exe6.3.9600.17415545042b7twinapi.appcore.dll6.3.9600.1741554503c4dc000027b0000000000063c1fa8001d0a7a204fe7161C:\windows\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll4d502fc9-1395-11e5-829d-600292396c29Ceskatelevize.iVysln_1.2.0.0_x64__ndqbq1wc819cyApp Error: (06/15/2015 09:18:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: backgroundTaskHost.exe6.3.9600.174159c001d0a79efdbe2b964294967295C:\windows\system32\backgroundTaskHost.exe4abd91f8-1393-11e5-829d-600292396c29Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp CodeIntegrity Errors: =================================== Date: 2015-06-09 21:34:12.541 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-06-07 22:24:41.128 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-06-03 03:57:31.196 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-06-01 04:35:06.583 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-28 00:07:49.760 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-25 22:44:46.238 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-21 22:36:58.259 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-18 22:49:08.885 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-11 23:28:17.653 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-04 22:44:24.865 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz Percentage of memory in use: 49% Total physical RAM: 8097.07 MB Available physical RAM: 4057.04 MB Total Pagefile: 16289.07 MB Available Pagefile: 11679.2 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:232.53 GB) (Free:42.83 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 64D7E6C6) Partition: GPT Partition Type. ==================== End of log ============================