pc start niet door

Lange Pier zei:

Zet een screenshot van schijfbeheer hier neer, is het te zien over welk station het gaat.

Indien een schijfstation problemen geeft bij initialiseren kan het zeer vertragend werken.

Klik om te vergroten...

sorry geen idee hoe ik screenshot moet maken, kan evt wel foto maken, maar weet ook niet hoe ik bij schijfbeheer kom, ik heb engelse windows en door een autistic burnout, werken mijn grijze cellen niet zo best

dit is van schijfbeheer

CHKDSK F: /R

Doe deze eens als admin in de CMD.

Lange Pier zei:

CHKDSK F: /R

Doe deze eens als admin in de CMD.

Klik om te vergroten...

draait nu, maar dat is een externe schijf

Als de eraf is wordt er wel gewoon doorgestart?

Lange Pier zei:

Als de eraf is wordt er wel gewoon doorgestart?

Klik om te vergroten...

geen idee, kan ik proberen, maar hij is niet consequent, af en toe start hij gewoon, af en toe niet. Ik laat hem de chkdsk nog even afmaken en zal hem dan loskoppelen en kijken hoe de pc dan reageert, is eigenlijk mijn backup schijf voor mijn documenten

niet iets mis mee volgens mij

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>chkdsk f:/r
The type of the file system is NTFS.
Volume label is Seagate Expansion Drive.

CHKDSK is verifying files (stage 1 of 5)...
594688 file records processed.
File verification completed.
1 large file records processed.
0 bad file records processed.
0 EA records processed.
0 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
781022 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
594688 file SDs/SIDs processed.
Security descriptor verification completed.
93167 data files processed.
CHKDSK is verifying file data (stage 4 of 5)...
594672 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
165823761 free clusters processed.
Free space verification is complete.
Windows has checked the file system and found no problems.

2861458 MB total disk space.
2212783 MB in 417058 files.
198528 KB in 93169 indexes.
0 KB in bad sectors.
750135 KB in use by the system.
65536 KB occupied by the log file.
663295048 KB available on disk.

4096 bytes in each allocation unit.
732533503 total allocation units on disk.
165823762 allocation units available on disk.

C:\Windows\system32>

start nu gewoon op, maar zegt nog niet veel, want soms doet hij dat

maruqumi zei:

start nu gewoon op, maar zegt nog niet veel, want soms doet hij dat

Klik om te vergroten...

Had jij zoals Lange Pier vroeg ook de externe schijf er af gehad?
Mocht je dit gedaan hebben, kun je hem er dan een tijdje af laten, dan kun je zien of het probleem weg blijft of dat het gewoon er nog is.

aarie25 zei:

Had jij zoals Lange Pier vroeg ook de externe schijf er af gehad?
Mocht je dit gedaan hebben, kun je hem er dan een tijdje af laten, dan kun je zien of het probleem weg blijft of dat het gewoon er nog is.

Klik om te vergroten...

ik heb hem er nu af, kijk het inderdaad poosje aan, begrijp alleen niet wat die voor invloed kan hebben, dacht alleen het interne van invloed was

Soms kan het door de raarste dingen komen.
Eens kijken wat er nu gebeurd.

aarie25 zei:

Soms kan het door de raarste dingen komen.
Eens kijken wat er nu gebeurd.

Klik om te vergroten...

tot nu toe start hij goed op, is er niets in die logs te zien die ik geplaatst heb?

ik heb hem er nu af, kijk het inderdaad poosje aan, begrijp alleen niet wat die voor invloed kan hebben, dacht alleen het interne van invloed was

Klik om te vergroten...

Bij het opstarten van windows word er gecontroleerd welke hardware aangesloten is , muis , toetsenbord , ook de externe harde schijf . Sommige systemen vereisen een extra USB power kabel voor externe harde schijf of de computer start helemaal niet door .

maruqumi zei:

tot nu toe start hij goed op, is er niets in die logs te zien die ik geplaatst heb?

Klik om te vergroten...

Nee was niet veel te zien.
Maar het lijkt erop dat het vermoeden van Lange Pier komt.

Maar het lijkt erop dat het vermoeden van dus Lange Pier komt.

Klik om te vergroten...

Klopt.
En als de externe HD aangesloten is kan dat niet enkel een opstartprobleem geven maar ook een afsluit probleem. Dat het dan minuten kan duren voor windows gaat afsluiten .En men dan dikwijls te lezen krijgt ,windows sluit niet (goed) meer af .

maruqumi zei:

C:\Windows\system32>chkdsk f:/r

Klik om te vergroten...

Als je dat zo hebt gebruikt zonder spaties tussen : en /r dan wordt er alleen een schijfcontrole uitgevoerd maar niets gerepareerd.
https://technet.microsoft.com/en-us/library/dd637756.aspx

Dat Windows zo lang bezig is met initialiseren van een externe schijf kan aan de controller liggen, de voeding, heeft dat ding een externe voeding?, aan de USB hub waar meerdere dingen aanhangen en zo een probleem kunnen hebben met het te kunnen leveren stroom.

toch niet het enige probleem. gebeurt wel minder

Download Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links
Farbar Recovery Scan Tool 32 bit (x86)
Farbar Recovery Scan Tool 64 bit (x64)
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
Opmerkingen: Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

Antivirusprogramma en actieve malwarescanners dienen al voor je FRST.exe start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

FRST opstarten:

• Windows 2000 en Windows XP: dubbelklik op FRST.exe.
• Windows Vista, Windows 7, Windows 8/8.1 en Windows 10: via rechtsklik op FRST.exe of FRST64.exe en kies voor "Als Administrator uitvoeren".

FRST start op:

• Wanneer het programma is geopend klik dan op de knop Yes bij de disclaimer.
• Druk vervolgens op de Scan knop.
• Aansluitend zal een logbestand - FRST.txt en Addition-txt aangemaakt worden en op het bureaublad opgeslagen worden.
• Post de inhoud van beide logbestanden in jouw volgende bericht.

.

In geval de inhoud van een van de logs of van beide logs te groot is om te posten, kijk dan hier: Hoe een bijlage toevoegen?

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Marian (22-03-2018 18:49:53)
Running from C:\Users\Marian\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-06-01 00:18:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1147757910-3745472096-3092914586-500 - Administrator - Disabled)
Guest (S-1-5-21-1147757910-3745472096-3092914586-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1147757910-3745472096-3092914586-1003 - Limited - Enabled)
Marian (S-1-5-21-1147757910-3745472096-3092914586-1000 - Administrator - Enabled) => C:\Users\Marian

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: BullGuard Antivirus (Disabled - Out of date) {13E9CAA5-762A-794E-2DA9-245D5622A105}
AS: BullGuard Antispyware (Disabled - Out of date) {A8882B41-5010-76C0-1719-1F2F2DA5EBB8}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall (Disabled) {2BD24B80-3C45-7816-06F6-8D68A8F1E67E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.09 beta (x64) (HKLM\...\7-Zip) (Version: 15.09 - Igor Pavlov)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Advanced Event Viewer (HKLM-x32\...\{5EE04126-E034-447C-8EA4-89B47567CAF5}) (Version: 2.5.5.2970 - RH Computing)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
ArtRage 4 Demo (HKLM\...\{994A6684-9682-4C3A-8D04-64789CDC5796}) (Version: 4.5.2.0 - Ambient Design) Hidden
ArtRage 4 Demo (HKLM-x32\...\ArtRage 4 Demo 4.5.2.0) (Version: 4.5.2.0 - Ambient Design)
Ashampoo Slideshow Studio 2017 (HKLM-x32\...\{91B33C97-41EE-3DB7-1FDD-5308E332AC28}_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.1.4057 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{981B38A6-E4D0-4D94-98C2-75AC645755F5}) (Version: 0.9.1.4057 - BlueStack Systems, Inc.)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 18.0 - BullGuard Ltd.)
Catalyst Control Center Next Localization BR (HKLM\...\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version: - SEIKO EPSON Corporation)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.98 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.98 - Etron Technology)
f.lux (HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\...\Flux) (Version: - f.lux Software LLC)
Flvto YouTube Downloader (HKLM-x32\...\Flvto YouTube Downloader) (Version: 1.0.9 - Hotger)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Icecream Slideshow Maker versie 3.17 (HKLM-x32\...\{3674ADB5-6374-4EBA-BB46-7C6EFB266661}_is1) (Version: 3.17 - Icecream Apps)
ICIDU NI-707535 Wireless N Client Utility (HKLM-x32\...\{FA24F3AC-D378-4CB1-8427-792793D29B2E}) (Version: 7.0 - ICIDU B.V.)
iCloud (HKLM\...\{7464D896-C63C-412E-8ED3-3261C9F14E21}) (Version: 7.0.1.210 - Apple Inc.)
IncrediBackup (HKLM-x32\...\{D44222FB-31A2-4D2B-B222-D0C5599F28D0}) (Version: 1.0.0.1087 - Uw bedrijfsnaam) Hidden
IncrediMail (HKLM-x32\...\{81CF09ED-5FB0-4E0A-A83F-0F514DDEABBC}) (Version: 6.6.0.5328 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5328 - IncrediMail Ltd.)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version: - LEGO A/S)
LEGO Studios (HKLM-x32\...\{983A2596-2010-11D4-9103-00105A0DE2E8}) (Version: - )
Malwarebytes versie 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bits (HKLM\...\{95140000-0081-0413-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (HKLM\...\{95140000-007D-0409-1000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MouseServer version 1.5.2.0 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.5.2.0 - Necta Co.)
Movavi Slideshow Maker 3 (HKLM-x32\...\Movavi Slideshow Maker 3) (Version: 3.0.2 - Movavi)
Mozilla Firefox 58.0.2 (x64 nl) (HKLM\...\Mozilla Firefox 58.0.2 (x64 nl)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 10.4.8.36918 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qassa+ (HKLM-x32\...\{9EE160C8-1CF0-49E7-B79F-C36DADC57664}) (Version: 1.0.7 - Qassa)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
Secure Download Manager (HKLM-x32\...\{D8A1AE00-9245-400A-B125-138735C0C5A8}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Slideshow Creator (HKLM-x32\...\{4E1A63B1-F547-4CFC-91F7-F32F1A6BF430}_is1) (Version: 2.2 - Bolide Software)
Smart Recovery B10.0324.1 (x64) (HKLM\...\{FAE188FD-A941-49E9-A5E9-F6D88517EC40}) (Version: 1.00.0006 - GIGABYTE) Hidden
Smart Recovery B10.0324.1 (x64) (HKLM-x32\...\InstallShield_{FAE188FD-A941-49E9-A5E9-F6D88517EC40}) (Version: - )
SmartFTP Client (HKLM\...\{7D21D9A9-AC89-4228-B288-8E28A779633B}) (Version: 6.0.2137.0 - SmartSoft Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Splashtop Connect for Firefox (HKLM-x32\...\{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}) (Version: 1.1.8.4 - Splashtop Inc.)
Splashtop Connect IE (HKLM-x32\...\{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}) (Version: 1.1.13.1 - Splashtop Inc.)
STACK (HKLM-x32\...\STACK) (Version: 2.4.1.70454 - TransIP)
System Mechanic (HKLM-x32\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 17.5.1.43 - iolo technologies, LLC)
Update Manager B10.0728.1 (HKLM-x32\...\{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}) (Version: 1.00.0000 - Gigabyte)
User's Guide EPSON SX130 Series (HKLM-x32\...\EPSON SX130 Series Useg) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WebM Project Directshow Filters (HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.18.593 - ASUS Cloud Corporation)
WhoCrashed 6.01 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ !AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.18.593\ASUSWSShellExt64.dll [2017-04-21] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [ !AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.18.593\ASUSWSShellExt64.dll [2017-04-21] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [ !AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.18.593\ASUSWSShellExt64.dll [2017-04-21] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\stack\shellext\OCOverlays_x64.dll [2018-03-09] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\stack\shellext\OCOverlays_x64.dll [2018-03-09] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\stack\shellext\OCOverlays_x64.dll [2018-03-09] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\stack\shellext\OCOverlays_x64.dll [2018-03-09] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\stack\shellext\OCOverlays_x64.dll [2018-03-09] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-03-15] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-03-15] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-03-15] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2015-04-14] (SmartSoft Ltd.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-10-16] (Igor Pavlov)
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\Incinerator.dll [2018-02-21] (iolo technologies, LLC)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-09-18] (Apple Inc.)
ContextMenuHandlers1: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\ShellTools.dll [2015-04-14] (SmartSoft Ltd.)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers3: [OCContextMenuHandler] -> {841A0AAD-AA11-4B50-84D9-7F8E727D77D7} => C:\Program Files (x86)\stack\shellext\OCContextMenu_x64.dll [2018-03-09] (ownCloud Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-10-16] (Igor Pavlov)
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\Incinerator.dll [2018-02-21] (iolo technologies, LLC)
ContextMenuHandlers4: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\ShellTools.dll [2015-04-14] (SmartSoft Ltd.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-10-16] (Igor Pavlov)
ContextMenuHandlers6: [bgshellext] -> {F4BF1657-195F-4A0F-ACA2-9AE99D65BC0E} => C:\Program Files\BullGuard Ltd\BullGuard\BgShellExt.dll [2018-03-15] (BullGuard Ltd.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AABE7E7-1530-42C3-A4CD-DC099C0208CC} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {0B227FA3-FC78-4934-88BC-4C9078226016} - System32\Tasks\{E231DD0B-077C-4795-BD82-61BCD955D577} => C:\Program Files (x86)\LEGO Media\LEGO Studios\Programs\LEGOStudios.exe [2000-12-21] (Pinnacle Systems)
Task: {16A45019-3330-4073-8A3F-E49C6C1DCBA7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {3D67EBAF-EAB3-44DF-984A-672599F678BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {561739CC-C4BF-423D-A2CE-FB4D6F9E2435} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {57CF6985-A3BD-405D-BA5A-D394D0464907} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => %windir%\system32\rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\SmartRecovery\SRFilter.exe" /GBSMART6 -kdl
Task: {687CF1B8-0470-459B-90F1-268357B70BB1} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-07-14] (Apple Inc.)
Task: {73013447-0B2A-46A9-9AB3-03A9990DBAA0} - System32\Tasks\ActiveSync-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activesync.exe [2018-02-21] (iolo technologies, LLC)
Task: {74C7D993-5A23-468C-A77E-7074A222962C} - System32\Tasks\{F1EA8387-0685-4C1A-82DB-3AA2504A141D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\IncrediMail\Bin\ImSetup.exe" -c /uninstallProduct /addon:incredimail
Task: {8EC7B848-3B85-4D92-A598-54D571A8D2BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A872CE6E-022E-421E-B7A4-06754BDE4CD4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {B2EE16E0-7C23-4AD9-B2F1-0FFECCDC6341} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {B3474EE6-883D-4EFD-A2F7-D42E7C05674B} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => %windir%\system32\rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\SmartRecovery\SrCmdCLR.exe" -c 1
Task: {B642098A-83C6-4773-811F-BF35CC8AD710} - System32\Tasks\ActiveMessenger-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveMessenger.exe [2018-02-21] (iolo technologies, LLC)
Task: {EC74DE6D-5D3E-40E1-BFA8-278DFBE191C5} - System32\Tasks\BullGuard\BullGuardUpdate2 => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe [2018-03-15] (BullGuard Ltd.)
Task: {EFBE05E1-60F9-45AF-B492-714C2CF16869} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {FE97FA12-710E-48BB-9CC5-0A0D99F57A06} - System32\Tasks\{6D31922C-A409-4090-B8B4-A32C839041FA} => C:\Windows\system32\pcalua.exe -a C:\Users\Marian\Downloads\Setup.exe -d C:\Users\Marian\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-03-03 13:08 - 2018-03-03 13:07 - 000727480 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2018-03-03 13:08 - 2018-03-03 13:07 - 000084408 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2018-03-03 13:08 - 2018-03-03 13:07 - 000645048 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2018-03-09 11:10 - 2018-03-09 11:10 - 000062976 _____ () C:\Program Files (x86)\stack\shellext\OCUtil_x64.dll
2011-07-28 17:44 - 2011-07-28 17:44 - 000211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2011-06-24 06:30 - 2011-06-24 06:30 - 000622080 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2011-06-24 06:30 - 2011-06-24 06:30 - 003641344 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2018-03-03 13:08 - 2018-03-03 13:07 - 000064952 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2017-12-13 19:04 - 2017-12-13 19:04 - 000089472 _____ () C:\Program Files\CCleaner\lang\lang-1043.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 005812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2017-05-04 20:01 - 2017-05-04 20:01 - 000067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 001662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2015-05-08 02:38 - 2015-05-08 02:38 - 000110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2015-05-08 02:49 - 2015-05-08 02:49 - 000417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2015-05-08 02:39 - 2015-05-08 02:39 - 000167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-11-13 22:59 - 2015-11-13 22:59 - 000113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-11-13 22:59 - 2015-11-13 22:59 - 002396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd
2015-11-13 22:58 - 2015-11-13 22:58 - 000271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2015-05-08 02:39 - 2015-05-08 02:39 - 000141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2017-05-04 18:33 - 2017-05-04 18:33 - 002717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2015-05-08 02:49 - 2015-05-08 02:49 - 001213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2015-05-08 02:55 - 2015-05-08 02:55 - 000055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-12-25 18:03 - 000000428 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BsBackup => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: HuaweiHiSuiteService64.exe => 2
MSCONFIG\Services: PlaysService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Marian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: f.lux => "C:\Users\Marian\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: Flvto YouTube Downloader => "C:\Users\Marian\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.Redesign.exe" /minimize
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
MSCONFIG\startupreg: WebStorage => C:\Program Files (x86)\ASUS\WebStorage\2.2.18.593\ASUSWSLoader.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F4143A8B-7DEC-472B-A0EF-644A0150A021}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [UDP Query User{9B588957-0603-4172-891A-FAA67E524C64}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [TCP Query User{1E3309DA-E7F7-4855-B4B8-70E42AA60153}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{98A64031-E808-47A2-AC54-D5A202B8687F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{BAC9FF04-407E-416F-BFE3-4DB4D3342839}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{213C69E8-42C1-4288-ADA8-42AB892D8395}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{66B4244E-BB59-4E2D-B5E9-6CC694362D67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{746E3F0E-96AA-4CDB-AECD-E07DA0B29B21}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{10221EC2-1AB1-4683-B467-556273EE1423}C:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) C:\program files (x86)\mouseserver\mouseserver.exe
FirewallRules: [UDP Query User{B18968D1-42CA-4192-B73E-328FEE43CF76}C:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) C:\program files (x86)\mouseserver\mouseserver.exe
FirewallRules: [{00A24BDD-C6B9-4001-86FE-F1D2EC7ECE9D}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [{0FB01616-D5D5-47CD-AD34-29DC384FCBD1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F92C81A-8CD5-4926-982B-6D6757BAEFF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{76C66DB1-9571-451E-925F-53EBB6CAE739}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6E914013-EB02-48BD-ADE9-C0739C4D3195}] => (Allow) LPort=2869
FirewallRules: [{E09E8EC3-3080-4F02-A863-06EC04D6EDC6}] => (Allow) LPort=1900
FirewallRules: [{85721197-4256-44EA-A6F2-0BCE7C394913}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{B8BCF2D6-5395-41F3-A091-FF6949467A43}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{C08380BD-1012-4D04-B916-867C00F2F496}] => (Allow) C:\ProgramData\Qassa+\DFService.exe
FirewallRules: [{01B07C0E-899B-402C-AC56-772B5E2AE510}] => (Allow) C:\ProgramData\Qassa+\DFService.exe
FirewallRules: [{B37A8CB5-2A5A-4192-A2E4-42CCA6602D7A}] => (Allow) C:\ProgramData\Qassa+\DFService.exe
FirewallRules: [{36F260A5-4C47-4F21-9EDB-024D20AC6953}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{45D84F61-2D07-4B2C-94D8-F2BCFBFC0792}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{CEFA663A-1A75-4F21-A79A-27E8F7BD81A0}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{34221323-3B84-44A3-BAC0-63966DFC46B1}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{5F9548CA-71E4-4EC5-80B6-510EF3A59472}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{69863855-DED9-49D2-9F09-F2B6F3B10A2A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{2AF3BCB2-1737-4F84-AA36-6C290287C991}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{CE0DCBDC-1AB5-486C-A2E6-B43579F43DF4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{7C75A837-D4E6-4D61-87BA-9F2FF202D773}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{3EB6E66F-5E73-44F9-851D-950971AC471E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{9FF18145-6401-4820-8F81-8817712F08CA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{38293F72-AE94-4A1D-88BC-A4B6130D9589}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4BB49B01-1054-4C5A-9194-6F3B66D3D537}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{FA16CFD7-32BA-47F3-B0CD-5DAD8C42ED97}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{182F04F5-44EB-4582-B046-25FB16B75B27}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{CFA5BE49-4F44-4AA8-9A80-9635A914F491}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{355E86F1-D069-4304-B769-9F03B94AE8F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-03-2018 10:58:50 Automatic creation
22-03-2018 10:49:00 Automatic creation

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2018 10:48:59 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d9de6ed3-f099-4c25-b417-610529e11f5e}

Error: (03/22/2018 10:22:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: playstv_launcher.exe, version: 1.15.7.0, time stamp: 0x57d85695
Faulting module name: ucrtbase.DLL, version: 10.0.10586.1171, time stamp: 0x59ae5046
Exception code: 0x40000015
Fault offset: 0x000846fa
Faulting process id: 0x1244
Faulting application start time: 0x01d3c1bf569fd098
Faulting application path: C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe
Faulting module path: C:\Windows\system32\ucrtbase.DLL
Report Id: 99cb28b9-2db2-11e8-98f3-50e5495f31d7

Error: (03/22/2018 10:20:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/21/2018 10:34:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: playstv_launcher.exe, version: 1.15.7.0, time stamp: 0x57d85695
Faulting module name: ucrtbase.DLL, version: 10.0.10586.1171, time stamp: 0x59ae5046
Exception code: 0x40000015
Fault offset: 0x000846fa
Faulting process id: 0x13a0
Faulting application start time: 0x01d3c0f7c92ca882
Faulting application path: C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe
Faulting module path: C:\Windows\system32\ucrtbase.DLL
Report Id: 0aa753ce-2ceb-11e8-868b-50e5495f31d7

Error: (03/21/2018 10:30:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/19/2018 11:30:15 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {7f45a723-86ce-4f33-89d0-f913ae19e015}

Error: (03/19/2018 11:04:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: playstv_launcher.exe, version: 1.15.7.0, time stamp: 0x57d85695
Faulting module name: ucrtbase.DLL, version: 10.0.10586.1171, time stamp: 0x59ae5046
Exception code: 0x40000015
Fault offset: 0x000846fa
Faulting process id: 0xc8c
Faulting application start time: 0x01d3bf69a446ecaf
Faulting application path: C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe
Faulting module path: C:\Windows\system32\ucrtbase.DLL
Report Id: f47e8bb2-2b5c-11e8-8117-50e5495f31d7

Error: (03/19/2018 11:01:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/21/2018 10:28:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:41:28 PM on ‎3/‎19/‎2018 was unexpected.

Error: (03/19/2018 10:41:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F2F6A7B0-0E74-49BF-ABDF-8A0778554472} did not register with DCOM within the required timeout.

Error: (03/19/2018 10:59:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:58:17 AM on ‎3/‎19/‎2018 was unexpected.

Error: (03/18/2018 10:47:59 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer QUINFFIUS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C8440721-85AE-4699-83F9-4C98267F00DD}.
The master browser is stopping or an election is being forced.

Error: (03/18/2018 10:58:44 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer QUINFFIUS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C8440721-85AE-4699-83F9-4C98267F00DD}.
The master browser is stopping or an election is being forced.

Error: (03/18/2018 10:40:36 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (03/16/2018 10:48:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:56:57 PM on ‎3/‎15/‎2018 was unexpected.

Error: (03/15/2018 04:33:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Defender service hung on starting.


Windows Defender:
===================================
Date: 2017-12-29 15:37:08.670
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:1.259.640.0
Update Source:User
Signature Type:AntiSpyware
Update Typeelta
Current Engine Version:
Previous Engine Version:1.1.14405.2
Error code:0x80070070
Error description:There is not enough space on the disk.

CodeIntegrity:
===================================

Date: 2018-03-22 10:27:22.039
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-03-22 10:27:22.039
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-03-22 10:27:22.023
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-03-21 10:51:25.840
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-03-21 10:51:25.840
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-03-21 10:51:25.824
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-03-19 10:25:54.545
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-03-19 10:25:54.545
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 22%
Total physical RAM: 8189.24 MB
Available physical RAM: 6371.12 MB
Total Virtual: 16376.65 MB
Available Virtual: 14133.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:81.01 GB) NTFS
Drive d: (NieuwVolume) (Fixed) (Total:2794.39 GB) (Free:431.16 GB) NTFS

\\?\Volume{2fd25b43-e9cf-11e3-a975-806e6f6e6963}\ (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C7D80910)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Marian (administrator) on QUETZAL (22-03-2018 18:47:39)
Running from C:\Users\Marian\Desktop
Loaded Profiles: Marian (Available Profiles: Marian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BsSentry.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BgGameMon.exe
(IncrediMail Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe [140216 2018-03-15] (BullGuard Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\...\Run: [stack] => C:\Program Files (x86)\stack\stack.exe
HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [444424 2017-05-03] (IncrediMail Ltd.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 89.101.251.228 89.101.251.229
Tcpip\..\Interfaces\{B39E7282-EDBC-423E-B275-06E30D5E7582}: [DhcpNameServer] 212.54.44.54 212.54.40.25
Tcpip\..\Interfaces\{C8440721-85AE-4699-83F9-4C98267F00DD}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{C8440721-85AE-4699-83F9-4C98267F00DD}: [DhcpNameServer] 89.101.251.228 89.101.251.229

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1147757910-3745472096-3092914586-1000 -> DefaultScope {91DFC484-A696-4185-B7BB-0266DC6E4121} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1147757910-3745472096-3092914586-1000 -> {91DFC484-A696-4185-B7BB-0266DC6E4121} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

FireFox:
========
FF ProfilePath: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\89ym9ku9.default-1433408142949 [2018-03-22]
FF Session Restore: Mozilla\Firefox\Profiles\89ym9ku9.default-1433408142949 -> is enabled.
FF Extension: (CookiesOK) - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\89ym9ku9.default-1433408142949\Extensions\jid0-UgB5JNMPWHIRM4dcAe76c7EcVis@jetpack.xpi [2016-02-20] [Legacy]
FF Extension: (Firefox Lightbeam) - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\89ym9ku9.default-1433408142949\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2018-02-18]
FF Extension: (Web Developer) - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\89ym9ku9.default-1433408142949\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-11-15]
FF Extension: (Adblock Plus) - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\89ym9ku9.default-1433408142949\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-15]
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @MoneyMillionaire/npdf -> C:\ProgramData\Qassa+\FFExtension20141121172456\plugins\npdf.dll [2012-11-15] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://isearch.avg.com/?cid={E460AD4C-517B-416A-84DE-EC5896AAA48A}&mid=036aa51055db47d0a56206e00e52b7a0-06ce4fc639803a2e3563922518183d8e94088cb9&lang=nl&ds=AVG&pr=fr&d=2013-01-21 13:53:57&v=13.3.0.17&sap=hp","hxxp://isearch.avg.com/?cid={E460AD4C-517B-416A-84DE-EC5896AAA48A}&mid=036aa51055db47d0a56206e00e52b7a0-06ce4fc639803a2e3563922518183d8e94088cb9&lang=nl&ds=AVG&pr=fr&d=2013-01-21 13:53:57&v=14.0.2.14&pid=avg&sg=&sap=hp","hxxp://isearch.avg.com/?cid={E460AD4C-517B-416A-84DE-EC5896AAA48A}&mid=036aa51055db47d0a56206e00e52b7a0-06ce4fc639803a2e3563922518183d8e94088cb9&lang=nl&ds=AVG&pr=fr&d=2013-01-21 13:53:57&v=14.2.0.1&pid=avg&sg=&sap=hp","hxxps://www.google.com/","hxxp://www.websearchinc.net","about:newtab?source=home","hxxps://www.google.com/","hxxps://encrypted.google.com"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default [2018-03-22]
CHR Extension: (Bible) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\adplcelpohamiijahbaanmoimmnoaiaf [2015-11-10]
CHR Extension: (CookiesOK) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\afmkbjoakcacgljcdccofbffloabfbni [2016-08-27]
CHR Extension: (Docs) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Hootsuite Hootlet) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2017-12-16]
CHR Extension: (YouTube) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Mahjong) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmfahnddgeeapjmnbnhffcopglalehoj [2015-01-10]
CHR Extension: (Bible) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\boljbeanmjklkbfnppfedajbgeongccb [2014-06-01]
CHR Extension: (Gridpix) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfgibmanhngfopcofdondcekphkbfma [2014-06-01]
CHR Extension: (Dingg.it) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\camleommoihhnfpomfaehoabmmcanpjd [2014-06-06]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2016-01-07]
CHR Extension: (Plugins) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop [2015-08-13]
CHR Extension: (Google Search) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-02-05]
CHR Extension: (Woobies) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijbkmmfdafhjjkpiojmjhakhmfdaidk [2014-06-01]
CHR Extension: (Facebook Theme Creator) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnnffhckagcpoimngfooggeilkhlnnh [2014-10-10]
CHR Extension: (Adobe Acrobat) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Gold Rush) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa [2017-12-16]
CHR Extension: (Ratchet & Clank Future 2) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn [2014-06-01]
CHR Extension: (NoNoSparks Genesis) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\emckmlnfmemaompnmnnebnlgmneojmag [2014-06-01]
CHR Extension: (Android Freeware) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\faijocccbppcdmakdenmbbiflcagbapp [2014-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-19]
CHR Extension: (Chrome Picross) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjohhgoihaajipdgmhohakneklimnepm [2014-06-01]
CHR Extension: (Pinterest Save Button) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-11-16]
CHR Extension: (Super Collapse! Puzzle Gallery) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcmgkbfnhkglbjhkffiaccpnjnnboom [2014-06-01]
CHR Extension: (World of Solitaire) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn [2014-06-01]
CHR Extension: (Assistant - Dig) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\igeikdnndphanonilmonocndpgflepai [2015-01-28]
CHR Extension: (Color Path) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikgkbdmpjhlkclnjlofddfebaehofggj [2017-12-25]
CHR Extension: (Clearly) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-10-10]
CHR Extension: (KanMeet Calendar Synchronizer for Evernote) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipogebjapdddlkchpnimcgplonlonkoj [2015-10-10]
CHR Extension: (Tripeaks Solitaire) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmgdofjacllddkgfkgghbebekoaffdde [2014-06-01]
CHR Extension: (Sticky Password Autofill Engine) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncdpeoinboblgeeemjlflglholniacg [2016-07-16]
CHR Extension: (Local SWF Player) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmbckedabpbgjagmkgcejooabcdnone [2017-02-23]
CHR Extension: (Pyramid Solitaire 3) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfdmgdcmiahggachpclaeaddeijepae [2014-06-01]
CHR Extension: (Windows Live Messenger Extension) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki [2014-06-01]
CHR Extension: (The Hobbit: Armies of the Third Age) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldccafpcnlkcomfmjohhlbejacioicjp [2014-06-01]
CHR Extension: (Picture Logic Puzzles App) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmjhgpilheilllbfmmhbdnlnmfmlmiig [2014-08-20]
CHR Extension: (Bible Guardian) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mplbdfkcdaoccheiggmjepicdkadphng [2017-12-16]
CHR Extension: (Office Online) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2018-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2018-03-10]
CHR Extension: (Flow Colors) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk [2014-06-01]
CHR Extension: (Evernote Web Clipper) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2018-03-21]
CHR Extension: (Gmail) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-14]
CHR HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1580472 2018-03-15] (BullGuard Ltd.)
R2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [527800 2018-03-15] (BullGuard Ltd.)
R2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [6057400 2018-03-15] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [864184 2018-03-15] (BullGuard Ltd.)
R2 BsNet; C:\Program Files\BullGuard Ltd\BullGuard\BsNet.dll [733624 2018-03-15] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [315832 2018-03-15] (BullGuard Ltd.)
R2 BsSentry; C:\Program Files\BullGuard Ltd\BullGuard\BsSentry.exe [453048 2018-03-15] (BullGuard Ltd.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-13] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-13] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-13] (BlueStack Systems, Inc.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [450488 2018-03-15] (BullGuard Ltd.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2146704 2017-04-05] (Electronic Arts)
S3 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [54544 2016-10-26] (Copyright (c) 2016 Plays.tv, LLC)
S4 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-24] (Splashtop Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U4 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [174744 2017-03-20] (BullGuard Ltd.)
R0 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [152664 2017-06-28] (BullGuard Ltd.)
R1 BdSentry; C:\Windows\System32\DRIVERS\BdSentry.sys [82672 2017-11-16] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [76728 2017-03-20] (BullGuard Ltd.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-13] (BlueStack Systems)
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2010-08-16] (Hauppauge Computer Works, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2016-07-10] ()
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2016-02-16] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-02-16] (Huawei Technologies Co., Ltd.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [41576 2016-03-28] (EldoS Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2017-03-20] (BitDefender S.R.L.)
S3 cpuz138; \??\C:\Users\Marian\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-22 18:47 - 2018-03-22 18:49 - 000022227 _____ C:\Users\Marian\Desktop\FRST.txt
2018-03-22 18:47 - 2018-03-22 18:47 - 000000000 ____D C:\FRST
2018-03-22 11:55 - 2018-03-22 11:55 - 002403328 _____ (Farbar) C:\Users\Marian\Desktop\FRST64.exe
2018-03-22 11:54 - 2018-03-22 11:55 - 015333512 _____ (Piriform Ltd) C:\Users\Marian\Downloads\ccsetup541.exe
2018-03-21 13:23 - 2018-03-21 13:23 - 000000939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STACK.lnk
2018-03-21 13:23 - 2018-03-21 13:23 - 000000927 _____ C:\Users\Public\Desktop\STACK.lnk
2018-03-15 16:41 - 2018-02-13 19:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-15 16:41 - 2018-02-13 19:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-15 16:41 - 2018-02-13 15:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-15 16:41 - 2018-02-13 15:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-15 16:41 - 2018-02-13 15:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-15 16:41 - 2018-02-13 15:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-15 16:41 - 2018-02-13 15:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-15 16:41 - 2018-02-13 15:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-15 16:41 - 2018-02-13 15:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-15 16:41 - 2018-02-13 15:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-14 20:29 - 2018-03-14 20:29 - 000004100 _____ C:\Windows\System32\Tasks\ActiveSync-SystemMechanic
2018-03-14 20:29 - 2018-03-14 20:29 - 000004056 _____ C:\Windows\System32\Tasks\ActiveMessenger-SystemMechanic
2018-03-14 19:09 - 2018-03-14 19:09 - 000001810 _____ C:\Users\Public\Desktop\System Mechanic.lnk
2018-03-14 19:09 - 2018-03-14 19:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2018-03-14 19:09 - 2018-03-14 19:09 - 000000000 ____D C:\Program Files (x86)\Phoenix360
2018-03-14 19:07 - 2018-03-14 19:07 - 000066430 _____ C:\Users\Marian\Downloads\factuur-20037861-1521050474967db0a2-08e8-4ba9-bda3-804cfcc35dd6.pdf
2018-03-14 19:06 - 2018-03-14 19:06 - 000067452 _____ C:\Users\Marian\Downloads\factuur-20037861-1521050384205dbed8-1681-42b7-8459-82e15ba8f607.pdf
2018-03-14 18:53 - 2018-03-14 18:53 - 000019931 _____ C:\Users\Marian\Downloads\ECC17.1417.02L.pdf
2018-03-14 18:36 - 2018-03-15 20:29 - 000000000 ____D C:\ProgramData\Phoenix360
2018-03-14 10:55 - 2018-03-14 10:55 - 000000000 ____D C:\Users\Marian\AppData\Roaming\FlvtoConverter
2018-03-14 10:52 - 2018-03-14 10:52 - 000000000 ____D C:\Users\Marian\Documents\YouTubeDownloads
2018-03-14 10:52 - 2018-03-14 10:52 - 000000000 ____D C:\Users\Marian\AppData\Local\FlvtoYoutubeDownloader
2018-03-13 21:53 - 2018-03-13 21:53 - 000002233 _____ C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto YouTube Downloader.lnk
2018-03-13 21:53 - 2018-03-13 21:53 - 000002225 _____ C:\Users\Marian\Desktop\Flvto YouTube Downloader.lnk
2018-03-13 21:53 - 2018-03-13 21:53 - 000001368 _____ C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Flvto YouTube Downloader.lnk
2018-03-13 21:44 - 2018-03-14 10:55 - 000000000 ____D C:\Users\Marian\AppData\Local\Flvto YouTube Downloader
2018-03-13 21:43 - 2018-03-13 21:43 - 000275904 _____ (Hotger) C:\Users\Marian\Downloads\FYDLoad_inconv2_4.exe
2018-03-13 21:37 - 2018-03-13 21:37 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-12 21:07 - 2018-03-12 23:26 - 049526149 _____ C:\Users\Marian\Desktop\Wim van den Brand.mp4
2018-03-12 20:43 - 2018-03-12 20:47 - 041863046 _____ C:\Users\Marian\Desktop\pa uitvaart
2018-03-12 16:49 - 2018-03-12 16:50 - 034135288 _____ (Digital Wave Ltd ) C:\Users\Marian\Downloads\FreeYouTubeToMP3Converter_4.1.61.1031_d.exe
2018-03-12 00:06 - 2018-03-12 00:08 - 028156392 _____ C:\Users\Marian\Desktop\Untitled_720x576(2).mp4
2018-03-12 00:02 - 2018-03-12 00:04 - 027721592 _____ C:\Users\Marian\Desktop\Untitled_720x576(1).mp4
2018-03-11 23:54 - 2018-03-11 23:57 - 028301892 _____ C:\Users\Marian\Desktop\Untitled_720x576(0).mp4
2018-03-11 23:43 - 2018-03-12 18:28 - 044869614 _____ C:\Users\Marian\Desktop\pa.mp4
2018-03-11 23:33 - 2018-03-11 23:36 - 033356560 _____ C:\Users\Marian\Desktop\Untitled_720x576.mp4
2018-03-11 20:22 - 2018-03-11 20:22 - 000000000 ____D C:\Users\Marian\log
2018-03-11 20:22 - 2018-03-11 20:22 - 000000000 ____D C:\Users\Marian\AppData\Local\Icecream
2018-03-11 20:22 - 2018-03-11 20:22 - 000000000 ____D C:\Users\Marian\AppData\Local\CrashRpt
2018-03-11 20:22 - 2018-03-11 20:22 - 000000000 ____D C:\Users\Marian\.Icecream Slideshow Maker
2018-03-11 20:21 - 2018-03-11 20:43 - 000000000 ____D C:\Program Files (x86)\Icecream Slideshow Maker
2018-03-11 20:21 - 2018-03-11 20:21 - 020942016 _____ (Icecream Apps ) C:\Users\Marian\Downloads\slideshow_maker_setup.exe
2018-03-11 20:21 - 2018-03-11 20:21 - 000001113 _____ C:\Users\Public\Desktop\Icecream Slideshow Maker.lnk
2018-03-11 20:21 - 2018-03-11 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2018-03-11 20:21 - 2018-03-11 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Slideshow Maker
2018-03-11 20:21 - 2018-03-11 20:21 - 000000000 ____D C:\Program Files (x86)\Xiph.Org
2018-03-11 20:06 - 2018-03-11 20:06 - 000001039 _____ C:\Users\Marian\Desktop\Slideshow Creator.lnk
2018-03-11 20:06 - 2018-03-11 20:06 - 000000000 ____D C:\Users\Marian\AppData\Local\BolideSoftware
2018-03-11 20:06 - 2018-03-11 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slideshow Creator
2018-03-11 20:06 - 2018-03-11 20:06 - 000000000 ____D C:\Program Files (x86)\Slideshow Creator
2018-03-11 20:05 - 2018-03-11 20:05 - 009051720 _____ (Bolide Software ) C:\Users\Marian\Downloads\bsc_setup.exe
2018-03-10 21:08 - 2018-03-10 21:08 - 000074737 _____ C:\Users\Marian\Downloads\Ontvangstbevestiging_Aangifte_inkomstenbelasting_2016_22-04-2017_12.59u.pdf
2018-03-10 17:16 - 2018-03-10 17:16 - 003947015 _____ C:\Users\Marian\Downloads\KIZOA-Movie-Maker-hiy8twoo.mp4
2018-03-10 17:01 - 2018-03-10 17:01 - 000000000 ____D C:\Users\Marian\AppData\Roaming\AMD
2018-03-10 16:58 - 2018-03-10 16:58 - 000001113 _____ C:\Users\Public\Desktop\Movavi Slideshow Maker 3.lnk
2018-03-10 16:58 - 2018-03-10 16:58 - 000000000 ____D C:\Users\Marian\AppData\Local\SlideshowMaker
2018-03-10 16:58 - 2018-03-10 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Slideshow Maker 3
2018-03-10 16:57 - 2018-03-10 16:58 - 000000000 ____D C:\Program Files (x86)\Movavi Slideshow Maker 3
2018-03-10 16:57 - 2018-03-10 16:57 - 000004999 _____ C:\ProgramData\nkqvxvck.cou
2018-03-10 16:57 - 2018-03-10 16:57 - 000000016 _____ C:\ProgramData\mntemp
2018-03-10 16:57 - 2018-03-10 16:57 - 000000000 ____D C:\ProgramData\Movavi Slideshow Maker 3
2018-03-10 16:56 - 2018-03-10 16:56 - 054379048 _____ (Movavi) C:\Users\Marian\Downloads\MovaviSlideshowMakerDistribSetupC.exe
2018-03-10 16:46 - 2018-03-11 19:58 - 000000000 ____D C:\Users\Marian\AppData\Roaming\Ashampoo Slideshow Studio 2017
2018-03-10 16:46 - 2018-03-10 16:46 - 000001311 _____ C:\Users\Public\Desktop\Ashampoo Slideshow Studio 2017.lnk
2018-03-10 16:46 - 2018-03-10 16:46 - 000000221 _____ C:\Users\Public\Desktop\Ashampoo Deals.url
2018-03-10 16:46 - 2018-03-10 16:46 - 000000000 ____D C:\Users\Marian\AppData\Local\ashampoo
2018-03-10 16:46 - 2018-03-10 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2018-03-10 16:45 - 2018-03-10 16:46 - 000000000 ____D C:\ProgramData\Ashampoo
2018-03-10 16:45 - 2018-03-10 16:45 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2018-03-10 16:40 - 2018-03-10 16:40 - 054553272 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Marian\Downloads\ashampoo_slideshow_studio_2017_24379.exe
2018-03-06 20:20 - 2018-03-06 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-03 13:08 - 2018-03-03 13:07 - 000076728 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2018-03-03 13:08 - 2018-03-03 13:07 - 000061880 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2018-02-22 19:58 - 2018-02-22 20:01 - 000126237 _____ C:\Users\Marian\Downloads\Rapport _ ScanCircle.pdf
2018-02-22 19:54 - 2018-02-22 19:54 - 000155664 _____ (ScanCircle) C:\Users\Marian\Downloads\ScanCircleD_nl.exe
2018-02-22 12:14 - 2018-02-22 12:14 - 021041152 _____ C:\Users\Marian\Desktop\events22-2.evtx
2018-02-22 12:13 - 2018-02-22 12:13 - 021041152 _____ C:\Users\Marian\Documents\22-2-18.evtx
2018-02-21 19:43 - 2018-02-21 19:44 - 000000000 ____D C:\ProgramData\dllescort
2018-02-21 19:41 - 2018-02-21 19:41 - 001360355 _____ (Igor Pavlov) C:\Users\Marian\Downloads\7z1509-x64.exe
2018-02-21 19:41 - 2018-02-21 19:41 - 000000000 ____D C:\Program Files\7-Zip
2018-02-21 19:39 - 2018-02-21 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL Escort 2017
2018-02-21 19:39 - 2018-02-21 19:44 - 000000000 ____D C:\Program Files (x86)\DLLEscort2017
2018-02-21 19:27 - 2018-02-21 19:52 - 000000000 ____D C:\Program Files (x86)\Advanced Event Viewer
2018-02-21 19:27 - 2018-02-21 19:27 - 000000957 _____ C:\Users\Public\Desktop\Advanced Event Viewer.lnk
2018-02-21 19:27 - 2018-02-21 19:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Event Viewer
2018-02-21 19:25 - 2018-02-21 19:25 - 007352320 _____ C:\Users\Marian\Downloads\AEV_Setup_build_2985.msi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-22 18:49 - 2014-06-01 19:47 - 000000000 ____D C:\ProgramData\BullGuard
2018-03-22 18:45 - 2014-06-03 12:10 - 000000000 ____D C:\Users\Marian\AppData\Roaming\vlc
2018-03-22 10:34 - 2009-07-14 05:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-22 10:34 - 2009-07-14 05:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-22 10:22 - 2016-07-11 14:28 - 000000000 ____D C:\Users\Marian\AppData\Roaming\Raptr
2018-03-22 10:19 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2018-03-22 10:18 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-21 13:29 - 2017-12-15 19:01 - 000000000 ____D C:\Program Files (x86)\stack
2018-03-21 13:24 - 2017-12-15 19:09 - 000000000 ____D C:\Users\Marian\stack
2018-03-21 13:23 - 2017-12-15 19:03 - 000000000 ____D C:\Users\Marian\AppData\Local\STACK
2018-03-21 10:53 - 2014-06-01 20:25 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-21 10:53 - 2014-06-01 20:25 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-21 10:29 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-03-19 22:40 - 2016-11-16 10:19 - 000000000 ____D C:\Users\Marian\AppData\LocalLow\Mozilla
2018-03-16 10:47 - 2015-04-16 07:43 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-15 23:52 - 2014-06-03 02:50 - 000778460 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-03-15 23:52 - 2009-07-14 06:13 - 000778460 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-15 23:44 - 2017-10-11 22:58 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-15 23:44 - 2014-06-04 09:52 - 000000000 ____D C:\Windows\system32\MRT
2018-03-15 23:43 - 2014-06-04 09:52 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-14 20:31 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-03-14 20:29 - 2016-07-16 10:55 - 000000000 ____D C:\ProgramData\iolo
2018-03-14 19:09 - 2014-06-01 04:36 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-14 18:56 - 2016-06-07 21:48 - 000000000 ____D C:\Users\Marian\AppData\Local\Downloaded Installations
2018-03-14 18:41 - 2016-12-06 22:26 - 000000000 ____D C:\Program Files (x86)\System Mechanic
2018-03-13 21:37 - 2014-06-01 21:36 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-13 21:37 - 2014-06-01 21:36 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-13 21:37 - 2014-06-01 21:36 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-13 21:37 - 2014-06-01 21:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-13 21:37 - 2014-06-01 21:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-12 16:59 - 2015-01-28 17:13 - 000000000 ____D C:\Users\Marian\AppData\Roaming\DVDVideoSoft
2018-03-11 20:22 - 2014-06-01 01:18 - 000000000 ____D C:\Users\Marian
2018-03-06 20:20 - 2018-02-18 20:18 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-04 10:49 - 2009-07-14 06:08 - 000032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-26 20:58 - 2016-08-05 19:51 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-23 17:31 - 2015-11-10 17:56 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2015-11-15 21:58 - 2016-10-03 20:19 - 000061952 _____ () C:\Users\Marian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-19 12:05

==================== End of FRST.txt ============================

Download MalwareBytes Anti-Malware.

• Windows 2000 en Windows XP: dubbelklik op mbam-setup.exe.
• Windows Vista, Windows 7, Windows 8: en Windows 10: via rechtsklik op mbam-setup.exe en kies voor "Als Administrator uitvoeren".

• Klik in het menu van Malwarebytes ANTI-MALWARE op Instellingen" en daar op "Detectie en Bescherming" en zet vervolgens een vinkje bij "Scan naar rootkits".

• Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
• Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
• De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.

• Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.
• Klik vervolgens op de knop Exporteer en kies de optie "Tekstbestand (*.txt)".
• Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog.
• Kies bijvoorbeeld het bureaublad als opslaglocatie en klik vervolgens op de knop Opslaan.

• Wanneer er wel bedreigingen zijn gedetecteerd klikt u na de scan op Acties toepassen.
• Bij de melding om de computer opnieuw op te starten klikt u op Ja / Yes.
• Open na de herstart MalwareBytes Anti-Malware en klik bovenaan op Historie en selecteer Programmalogboeken.
• Klik op de nieuwste Scan Log.
• Klik op "Exporteer" en kies de optie "Tekstbestand (*.txt)".
  
  
• Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog.
• Kies bijvoorbeeld het bureaublad als opslaglocatie en klik vervolgens op de knop Opslaan.
  
  

MBAM-Log posten:

• Kopieer nu de inhoud van het zojuist opgeslagen log en plak dit in uw nieuwe antwoord erbij.

Indien jij MBAM meteen als gratis versie wil gebruiken in plaatst van de veertien dagen durende demo met al zijn toeters en bellen te gebruiken, kijk dan hier