Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Marian (22-03-2018 18:49:53)
Running from C:\Users\Marian\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-06-01 00:18:46)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1147757910-3745472096-3092914586-500 - Administrator - Disabled)
Guest (S-1-5-21-1147757910-3745472096-3092914586-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1147757910-3745472096-3092914586-1003 - Limited - Enabled)
Marian (S-1-5-21-1147757910-3745472096-3092914586-1000 - Administrator - Enabled) => C:\Users\Marian
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: BullGuard Antivirus (Disabled - Out of date) {13E9CAA5-762A-794E-2DA9-245D5622A105}
AS: BullGuard Antispyware (Disabled - Out of date) {A8882B41-5010-76C0-1719-1F2F2DA5EBB8}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall (Disabled) {2BD24B80-3C45-7816-06F6-8D68A8F1E67E}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.09 beta (x64) (HKLM\...\7-Zip) (Version: 15.09 - Igor Pavlov)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Advanced Event Viewer (HKLM-x32\...\{5EE04126-E034-447C-8EA4-89B47567CAF5}) (Version: 2.5.5.2970 - RH Computing)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
ArtRage 4 Demo (HKLM\...\{994A6684-9682-4C3A-8D04-64789CDC5796}) (Version: 4.5.2.0 - Ambient Design) Hidden
ArtRage 4 Demo (HKLM-x32\...\ArtRage 4 Demo 4.5.2.0) (Version: 4.5.2.0 - Ambient Design)
Ashampoo Slideshow Studio 2017 (HKLM-x32\...\{91B33C97-41EE-3DB7-1FDD-5308E332AC28}_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.1.4057 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{981B38A6-E4D0-4D94-98C2-75AC645755F5}) (Version: 0.9.1.4057 - BlueStack Systems, Inc.)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 18.0 - BullGuard Ltd.)
Catalyst Control Center Next Localization BR (HKLM\...\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version: - SEIKO EPSON Corporation)
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.98 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.98 - Etron Technology)
f.lux (HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\...\Flux) (Version: - f.lux Software LLC)
Flvto YouTube Downloader (HKLM-x32\...\Flvto YouTube Downloader) (Version: 1.0.9 - Hotger)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Icecream Slideshow Maker versie 3.17 (HKLM-x32\...\{3674ADB5-6374-4EBA-BB46-7C6EFB266661}_is1) (Version: 3.17 - Icecream Apps)
ICIDU NI-707535 Wireless N Client Utility (HKLM-x32\...\{FA24F3AC-D378-4CB1-8427-792793D29B2E}) (Version: 7.0 - ICIDU B.V.)
iCloud (HKLM\...\{7464D896-C63C-412E-8ED3-3261C9F14E21}) (Version: 7.0.1.210 - Apple Inc.)
IncrediBackup (HKLM-x32\...\{D44222FB-31A2-4D2B-B222-D0C5599F28D0}) (Version: 1.0.0.1087 - Uw bedrijfsnaam) Hidden
IncrediMail (HKLM-x32\...\{81CF09ED-5FB0-4E0A-A83F-0F514DDEABBC}) (Version: 6.6.0.5328 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5328 - IncrediMail Ltd.)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version: - LEGO A/S)
LEGO Studios (HKLM-x32\...\{983A2596-2010-11D4-9103-00105A0DE2E8}) (Version: - )
Malwarebytes versie 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bits (HKLM\...\{95140000-0081-0413-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (HKLM\...\{95140000-007D-0409-1000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MouseServer version 1.5.2.0 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.5.2.0 - Necta Co.)
Movavi Slideshow Maker 3 (HKLM-x32\...\Movavi Slideshow Maker 3) (Version: 3.0.2 - Movavi)
Mozilla Firefox 58.0.2 (x64 nl) (HKLM\...\Mozilla Firefox 58.0.2 (x64 nl)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 10.4.8.36918 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qassa+ (HKLM-x32\...\{9EE160C8-1CF0-49E7-B79F-C36DADC57664}) (Version: 1.0.7 - Qassa)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
Secure Download Manager (HKLM-x32\...\{D8A1AE00-9245-400A-B125-138735C0C5A8}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Slideshow Creator (HKLM-x32\...\{4E1A63B1-F547-4CFC-91F7-F32F1A6BF430}_is1) (Version: 2.2 - Bolide Software)
Smart Recovery B10.0324.1 (x64) (HKLM\...\{FAE188FD-A941-49E9-A5E9-F6D88517EC40}) (Version: 1.00.0006 - GIGABYTE) Hidden
Smart Recovery B10.0324.1 (x64) (HKLM-x32\...\InstallShield_{FAE188FD-A941-49E9-A5E9-F6D88517EC40}) (Version: - )
SmartFTP Client (HKLM\...\{7D21D9A9-AC89-4228-B288-8E28A779633B}) (Version: 6.0.2137.0 - SmartSoft Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Splashtop Connect for Firefox (HKLM-x32\...\{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}) (Version: 1.1.8.4 - Splashtop Inc.)
Splashtop Connect IE (HKLM-x32\...\{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}) (Version: 1.1.13.1 - Splashtop Inc.)
STACK (HKLM-x32\...\STACK) (Version: 2.4.1.70454 - TransIP)
System Mechanic (HKLM-x32\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 17.5.1.43 - iolo technologies, LLC)
Update Manager B10.0728.1 (HKLM-x32\...\{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}) (Version: 1.00.0000 - Gigabyte)
User's Guide EPSON SX130 Series (HKLM-x32\...\EPSON SX130 Series Useg) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WebM Project Directshow Filters (HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.18.593 - ASUS Cloud Corporation)
WhoCrashed 6.01 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ !AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.18.593\ASUSWSShellExt64.dll [2017-04-21] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [ !AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.18.593\ASUSWSShellExt64.dll [2017-04-21] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [ !AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.18.593\ASUSWSShellExt64.dll [2017-04-21] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\stack\shellext\OCOverlays_x64.dll [2018-03-09] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\stack\shellext\OCOverlays_x64.dll [2018-03-09] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\stack\shellext\OCOverlays_x64.dll [2018-03-09] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\stack\shellext\OCOverlays_x64.dll [2018-03-09] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => C:\Program Files (x86)\stack\shellext\OCOverlays_x64.dll [2018-03-09] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-03-15] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-03-15] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-03-15] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2015-04-14] (SmartSoft Ltd.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-10-16] (Igor Pavlov)
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\Incinerator.dll [2018-02-21] (iolo technologies, LLC)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-09-18] (Apple Inc.)
ContextMenuHandlers1: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\ShellTools.dll [2015-04-14] (SmartSoft Ltd.)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers3: [OCContextMenuHandler] -> {841A0AAD-AA11-4B50-84D9-7F8E727D77D7} => C:\Program Files (x86)\stack\shellext\OCContextMenu_x64.dll [2018-03-09] (ownCloud Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-10-16] (Igor Pavlov)
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\Incinerator.dll [2018-02-21] (iolo technologies, LLC)
ContextMenuHandlers4: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\ShellTools.dll [2015-04-14] (SmartSoft Ltd.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-10-16] (Igor Pavlov)
ContextMenuHandlers6: [bgshellext] -> {F4BF1657-195F-4A0F-ACA2-9AE99D65BC0E} => C:\Program Files\BullGuard Ltd\BullGuard\BgShellExt.dll [2018-03-15] (BullGuard Ltd.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0AABE7E7-1530-42C3-A4CD-DC099C0208CC} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {0B227FA3-FC78-4934-88BC-4C9078226016} - System32\Tasks\{E231DD0B-077C-4795-BD82-61BCD955D577} => C:\Program Files (x86)\LEGO Media\LEGO Studios\Programs\LEGOStudios.exe [2000-12-21] (Pinnacle Systems)
Task: {16A45019-3330-4073-8A3F-E49C6C1DCBA7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {3D67EBAF-EAB3-44DF-984A-672599F678BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {561739CC-C4BF-423D-A2CE-FB4D6F9E2435} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {57CF6985-A3BD-405D-BA5A-D394D0464907} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => %windir%\system32\rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\SmartRecovery\SRFilter.exe" /GBSMART6 -kdl
Task: {687CF1B8-0470-459B-90F1-268357B70BB1} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-07-14] (Apple Inc.)
Task: {73013447-0B2A-46A9-9AB3-03A9990DBAA0} - System32\Tasks\ActiveSync-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activesync.exe [2018-02-21] (iolo technologies, LLC)
Task: {74C7D993-5A23-468C-A77E-7074A222962C} - System32\Tasks\{F1EA8387-0685-4C1A-82DB-3AA2504A141D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\IncrediMail\Bin\ImSetup.exe" -c /uninstallProduct /addon:incredimail
Task: {8EC7B848-3B85-4D92-A598-54D571A8D2BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A872CE6E-022E-421E-B7A4-06754BDE4CD4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {B2EE16E0-7C23-4AD9-B2F1-0FFECCDC6341} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {B3474EE6-883D-4EFD-A2F7-D42E7C05674B} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => %windir%\system32\rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\SmartRecovery\SrCmdCLR.exe" -c 1
Task: {B642098A-83C6-4773-811F-BF35CC8AD710} - System32\Tasks\ActiveMessenger-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveMessenger.exe [2018-02-21] (iolo technologies, LLC)
Task: {EC74DE6D-5D3E-40E1-BFA8-278DFBE191C5} - System32\Tasks\BullGuard\BullGuardUpdate2 => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe [2018-03-15] (BullGuard Ltd.)
Task: {EFBE05E1-60F9-45AF-B492-714C2CF16869} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {FE97FA12-710E-48BB-9CC5-0A0D99F57A06} - System32\Tasks\{6D31922C-A409-4090-B8B4-A32C839041FA} => C:\Windows\system32\pcalua.exe -a C:\Users\Marian\Downloads\Setup.exe -d C:\Users\Marian\Downloads
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-03-03 13:08 - 2018-03-03 13:07 - 000727480 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2018-03-03 13:08 - 2018-03-03 13:07 - 000084408 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2018-03-03 13:08 - 2018-03-03 13:07 - 000645048 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2018-03-09 11:10 - 2018-03-09 11:10 - 000062976 _____ () C:\Program Files (x86)\stack\shellext\OCUtil_x64.dll
2011-07-28 17:44 - 2011-07-28 17:44 - 000211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2011-06-24 06:30 - 2011-06-24 06:30 - 000622080 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2011-06-24 06:30 - 2011-06-24 06:30 - 003641344 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2018-03-03 13:08 - 2018-03-03 13:07 - 000064952 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2017-12-13 19:04 - 2017-12-13 19:04 - 000089472 _____ () C:\Program Files\CCleaner\lang\lang-1043.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 005812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2017-05-04 20:01 - 2017-05-04 20:01 - 000067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 001662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2015-05-08 02:38 - 2015-05-08 02:38 - 000110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2015-05-08 02:49 - 2015-05-08 02:49 - 000417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2015-05-08 02:39 - 2015-05-08 02:39 - 000167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2015-05-08 02:39 - 2015-05-08 02:39 - 000313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-11-13 22:59 - 2015-11-13 22:59 - 000113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-11-13 22:59 - 2015-11-13 22:59 - 002396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2015-05-08 02:37 - 2015-05-08 02:37 - 000583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2015-05-08 02:37 - 2015-05-08 02:37 - 000324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd
2015-11-13 22:58 - 2015-11-13 22:58 - 000271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2015-05-08 02:39 - 2015-05-08 02:39 - 000141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2017-05-04 18:33 - 2017-05-04 18:33 - 002717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2015-05-08 02:49 - 2015-05-08 02:49 - 001213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2015-05-08 02:55 - 2015-05-08 02:55 - 000055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 001053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2015-05-08 02:49 - 2015-05-08 02:49 - 000474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2016-12-25 18:03 - 000000428 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BsBackup => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: HuaweiHiSuiteService64.exe => 2
MSCONFIG\Services: PlaysService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Marian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: f.lux => "C:\Users\Marian\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: Flvto YouTube Downloader => "C:\Users\Marian\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.Redesign.exe" /minimize
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
MSCONFIG\startupreg: WebStorage => C:\Program Files (x86)\ASUS\WebStorage\2.2.18.593\ASUSWSLoader.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{F4143A8B-7DEC-472B-A0EF-644A0150A021}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [UDP Query User{9B588957-0603-4172-891A-FAA67E524C64}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [TCP Query User{1E3309DA-E7F7-4855-B4B8-70E42AA60153}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{98A64031-E808-47A2-AC54-D5A202B8687F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{BAC9FF04-407E-416F-BFE3-4DB4D3342839}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{213C69E8-42C1-4288-ADA8-42AB892D8395}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{66B4244E-BB59-4E2D-B5E9-6CC694362D67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{746E3F0E-96AA-4CDB-AECD-E07DA0B29B21}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{10221EC2-1AB1-4683-B467-556273EE1423}C:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) C:\program files (x86)\mouseserver\mouseserver.exe
FirewallRules: [UDP Query User{B18968D1-42CA-4192-B73E-328FEE43CF76}C:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) C:\program files (x86)\mouseserver\mouseserver.exe
FirewallRules: [{00A24BDD-C6B9-4001-86FE-F1D2EC7ECE9D}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [{0FB01616-D5D5-47CD-AD34-29DC384FCBD1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F92C81A-8CD5-4926-982B-6D6757BAEFF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{76C66DB1-9571-451E-925F-53EBB6CAE739}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6E914013-EB02-48BD-ADE9-C0739C4D3195}] => (Allow) LPort=2869
FirewallRules: [{E09E8EC3-3080-4F02-A863-06EC04D6EDC6}] => (Allow) LPort=1900
FirewallRules: [{85721197-4256-44EA-A6F2-0BCE7C394913}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{B8BCF2D6-5395-41F3-A091-FF6949467A43}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{C08380BD-1012-4D04-B916-867C00F2F496}] => (Allow) C:\ProgramData\Qassa+\DFService.exe
FirewallRules: [{01B07C0E-899B-402C-AC56-772B5E2AE510}] => (Allow) C:\ProgramData\Qassa+\DFService.exe
FirewallRules: [{B37A8CB5-2A5A-4192-A2E4-42CCA6602D7A}] => (Allow) C:\ProgramData\Qassa+\DFService.exe
FirewallRules: [{36F260A5-4C47-4F21-9EDB-024D20AC6953}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{45D84F61-2D07-4B2C-94D8-F2BCFBFC0792}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{CEFA663A-1A75-4F21-A79A-27E8F7BD81A0}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{34221323-3B84-44A3-BAC0-63966DFC46B1}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{5F9548CA-71E4-4EC5-80B6-510EF3A59472}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{69863855-DED9-49D2-9F09-F2B6F3B10A2A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{2AF3BCB2-1737-4F84-AA36-6C290287C991}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{CE0DCBDC-1AB5-486C-A2E6-B43579F43DF4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{7C75A837-D4E6-4D61-87BA-9F2FF202D773}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{3EB6E66F-5E73-44F9-851D-950971AC471E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{9FF18145-6401-4820-8F81-8817712F08CA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{38293F72-AE94-4A1D-88BC-A4B6130D9589}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4BB49B01-1054-4C5A-9194-6F3B66D3D537}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{FA16CFD7-32BA-47F3-B0CD-5DAD8C42ED97}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{182F04F5-44EB-4582-B046-25FB16B75B27}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{CFA5BE49-4F44-4AA8-9A80-9635A914F491}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{355E86F1-D069-4304-B769-9F03B94AE8F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
21-03-2018 10:58:50 Automatic creation
22-03-2018 10:49:00 Automatic creation
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/22/2018 10:48:59 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d9de6ed3-f099-4c25-b417-610529e11f5e}
Error: (03/22/2018 10:22:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: playstv_launcher.exe, version: 1.15.7.0, time stamp: 0x57d85695
Faulting module name: ucrtbase.DLL, version: 10.0.10586.1171, time stamp: 0x59ae5046
Exception code: 0x40000015
Fault offset: 0x000846fa
Faulting process id: 0x1244
Faulting application start time: 0x01d3c1bf569fd098
Faulting application path: C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe
Faulting module path: C:\Windows\system32\ucrtbase.DLL
Report Id: 99cb28b9-2db2-11e8-98f3-50e5495f31d7
Error: (03/22/2018 10:20:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/21/2018 10:34:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: playstv_launcher.exe, version: 1.15.7.0, time stamp: 0x57d85695
Faulting module name: ucrtbase.DLL, version: 10.0.10586.1171, time stamp: 0x59ae5046
Exception code: 0x40000015
Fault offset: 0x000846fa
Faulting process id: 0x13a0
Faulting application start time: 0x01d3c0f7c92ca882
Faulting application path: C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe
Faulting module path: C:\Windows\system32\ucrtbase.DLL
Report Id: 0aa753ce-2ceb-11e8-868b-50e5495f31d7
Error: (03/21/2018 10:30:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/19/2018 11:30:15 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {7f45a723-86ce-4f33-89d0-f913ae19e015}
Error: (03/19/2018 11:04:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: playstv_launcher.exe, version: 1.15.7.0, time stamp: 0x57d85695
Faulting module name: ucrtbase.DLL, version: 10.0.10586.1171, time stamp: 0x59ae5046
Exception code: 0x40000015
Fault offset: 0x000846fa
Faulting process id: 0xc8c
Faulting application start time: 0x01d3bf69a446ecaf
Faulting application path: C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe
Faulting module path: C:\Windows\system32\ucrtbase.DLL
Report Id: f47e8bb2-2b5c-11e8-8117-50e5495f31d7
Error: (03/19/2018 11:01:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (03/21/2018 10:28:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:41:28 PM on 3/19/2018 was unexpected.
Error: (03/19/2018 10:41:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F2F6A7B0-0E74-49BF-ABDF-8A0778554472} did not register with DCOM within the required timeout.
Error: (03/19/2018 10:59:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:58:17 AM on 3/19/2018 was unexpected.
Error: (03/18/2018 10:47:59 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer QUINFFIUS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C8440721-85AE-4699-83F9-4C98267F00DD}.
The master browser is stopping or an election is being forced.
Error: (03/18/2018 10:58:44 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer QUINFFIUS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C8440721-85AE-4699-83F9-4C98267F00DD}.
The master browser is stopping or an election is being forced.
Error: (03/18/2018 10:40:36 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (03/16/2018 10:48:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:56:57 PM on 3/15/2018 was unexpected.
Error: (03/15/2018 04:33:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Defender service hung on starting.
Windows Defender:
===================================
Date: 2017-12-29 15:37:08.670
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:1.259.640.0
Update Source:User
Signature Type:AntiSpyware
Update Type
elta
Current Engine Version:
Previous Engine Version:1.1.14405.2
Error code:0x80070070
Error description:There is not enough space on the disk.
CodeIntegrity:
===================================
Date: 2018-03-22 10:27:22.039
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.
Date: 2018-03-22 10:27:22.039
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.
Date: 2018-03-22 10:27:22.023
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.
Date: 2018-03-21 10:51:25.840
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.
Date: 2018-03-21 10:51:25.840
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.
Date: 2018-03-21 10:51:25.824
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.
Date: 2018-03-19 10:25:54.545
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.
Date: 2018-03-19 10:25:54.545
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Phoenix360\System Mechanic\WscRmd.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 22%
Total physical RAM: 8189.24 MB
Available physical RAM: 6371.12 MB
Total Virtual: 16376.65 MB
Available Virtual: 14133.32 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:81.01 GB) NTFS
Drive d: (NieuwVolume) (Fixed) (Total:2794.39 GB) (Free:431.16 GB) NTFS
\\?\Volume{2fd25b43-e9cf-11e3-a975-806e6f6e6963}\ (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C7D80910)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Marian (administrator) on QUETZAL (22-03-2018 18:47:39)
Running from C:\Users\Marian\Desktop
Loaded Profiles: Marian (Available Profiles: Marian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BsSentry.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BgGameMon.exe
(IncrediMail Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe [140216 2018-03-15] (BullGuard Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\...\Run: [stack] => C:\Program Files (x86)\stack\stack.exe
HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [444424 2017-05-03] (IncrediMail Ltd.)
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 89.101.251.228 89.101.251.229
Tcpip\..\Interfaces\{B39E7282-EDBC-423E-B275-06E30D5E7582}: [DhcpNameServer] 212.54.44.54 212.54.40.25
Tcpip\..\Interfaces\{C8440721-85AE-4699-83F9-4C98267F00DD}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{C8440721-85AE-4699-83F9-4C98267F00DD}: [DhcpNameServer] 89.101.251.228 89.101.251.229
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1147757910-3745472096-3092914586-1000 -> DefaultScope {91DFC484-A696-4185-B7BB-0266DC6E4121} URL = hxxps://
www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1147757910-3745472096-3092914586-1000 -> {91DFC484-A696-4185-B7BB-0266DC6E4121} URL = hxxps://
www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
FireFox:
========
FF ProfilePath: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\89ym9ku9.default-1433408142949 [2018-03-22]
FF Session Restore: Mozilla\Firefox\Profiles\89ym9ku9.default-1433408142949 -> is enabled.
FF Extension: (CookiesOK) - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\89ym9ku9.default-1433408142949\Extensions\
jid0-UgB5JNMPWHIRM4dcAe76c7EcVis@jetpack.xpi [2016-02-20] [Legacy]
FF Extension: (Firefox Lightbeam) - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\89ym9ku9.default-1433408142949\Extensions\
jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2018-02-18]
FF Extension: (Web Developer) - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\89ym9ku9.default-1433408142949\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-11-15]
FF Extension: (Adblock Plus) - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\89ym9ku9.default-1433408142949\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-15]
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @MoneyMillionaire/npdf -> C:\ProgramData\Qassa+\FFExtension20141121172456\plugins\npdf.dll [2012-11-15] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://
www.google.com/
CHR StartupUrls: Default -> "hxxp://
www.google.com","hxxp://isearch.avg.com/?cid={E460AD4C-517B-416A-84DE-EC5896AAA48A}&mid=036aa51055db47d0a56206e00e52b7a0-06ce4fc639803a2e3563922518183d8e94088cb9&lang=nl&ds=AVG&pr=fr&d=2013-01-21 13:53:57&v=13.3.0.17&sap=hp","hxxp://isearch.avg.com/?cid={E460AD4C-517B-416A-84DE-EC5896AAA48A}&mid=036aa51055db47d0a56206e00e52b7a0-06ce4fc639803a2e3563922518183d8e94088cb9&lang=nl&ds=AVG&pr=fr&d=2013-01-21 13:53:57&v=14.0.2.14&pid=avg&sg=&sap=hp","hxxp://isearch.avg.com/?cid={E460AD4C-517B-416A-84DE-EC5896AAA48A}&mid=036aa51055db47d0a56206e00e52b7a0-06ce4fc639803a2e3563922518183d8e94088cb9&lang=nl&ds=AVG&pr=fr&d=2013-01-21 13:53:57&v=14.2.0.1&pid=avg&sg=&sap=hp","hxxps://
www.google.com/","hxxp://
www.websearchinc.net","about:newtab?source=home","hxxps://
www.google.com/","hxxps://encrypted.google.com"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default [2018-03-22]
CHR Extension: (Bible) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\adplcelpohamiijahbaanmoimmnoaiaf [2015-11-10]
CHR Extension: (CookiesOK) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\afmkbjoakcacgljcdccofbffloabfbni [2016-08-27]
CHR Extension: (Docs) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Hootsuite Hootlet) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2017-12-16]
CHR Extension: (YouTube) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Mahjong) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmfahnddgeeapjmnbnhffcopglalehoj [2015-01-10]
CHR Extension: (Bible) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\boljbeanmjklkbfnppfedajbgeongccb [2014-06-01]
CHR Extension: (Gridpix) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfgibmanhngfopcofdondcekphkbfma [2014-06-01]
CHR Extension: (Dingg.it) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\camleommoihhnfpomfaehoabmmcanpjd [2014-06-06]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2016-01-07]
CHR Extension: (Plugins) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop [2015-08-13]
CHR Extension: (Google Search) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-02-05]
CHR Extension: (Woobies) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijbkmmfdafhjjkpiojmjhakhmfdaidk [2014-06-01]
CHR Extension: (Facebook Theme Creator) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnnffhckagcpoimngfooggeilkhlnnh [2014-10-10]
CHR Extension: (Adobe Acrobat) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Gold Rush) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa [2017-12-16]
CHR Extension: (Ratchet & Clank Future 2) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn [2014-06-01]
CHR Extension: (NoNoSparks Genesis) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\emckmlnfmemaompnmnnebnlgmneojmag [2014-06-01]
CHR Extension: (Android Freeware) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\faijocccbppcdmakdenmbbiflcagbapp [2014-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-19]
CHR Extension: (Chrome Picross) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjohhgoihaajipdgmhohakneklimnepm [2014-06-01]
CHR Extension: (Pinterest Save Button) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-11-16]
CHR Extension: (Super Collapse! Puzzle Gallery) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcmgkbfnhkglbjhkffiaccpnjnnboom [2014-06-01]
CHR Extension: (World of Solitaire) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn [2014-06-01]
CHR Extension: (Assistant - Dig) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\igeikdnndphanonilmonocndpgflepai [2015-01-28]
CHR Extension: (Color Path) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikgkbdmpjhlkclnjlofddfebaehofggj [2017-12-25]
CHR Extension: (Clearly) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-10-10]
CHR Extension: (KanMeet Calendar Synchronizer for Evernote) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipogebjapdddlkchpnimcgplonlonkoj [2015-10-10]
CHR Extension: (Tripeaks Solitaire) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmgdofjacllddkgfkgghbebekoaffdde [2014-06-01]
CHR Extension: (Sticky Password Autofill Engine) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncdpeoinboblgeeemjlflglholniacg [2016-07-16]
CHR Extension: (Local SWF Player) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmbckedabpbgjagmkgcejooabcdnone [2017-02-23]
CHR Extension: (Pyramid Solitaire 3) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfdmgdcmiahggachpclaeaddeijepae [2014-06-01]
CHR Extension: (Windows Live Messenger Extension) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki [2014-06-01]
CHR Extension: (The Hobbit: Armies of the Third Age) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldccafpcnlkcomfmjohhlbejacioicjp [2014-06-01]
CHR Extension: (Picture Logic Puzzles App) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmjhgpilheilllbfmmhbdnlnmfmlmiig [2014-08-20]
CHR Extension: (Bible Guardian) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mplbdfkcdaoccheiggmjepicdkadphng [2017-12-16]
CHR Extension: (Office Online) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2018-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2018-03-10]
CHR Extension: (Flow Colors) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk [2014-06-01]
CHR Extension: (Evernote Web Clipper) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2018-03-21]
CHR Extension: (Gmail) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-14]
CHR HKU\S-1-5-21-1147757910-3745472096-3092914586-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1580472 2018-03-15] (BullGuard Ltd.)
R2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [527800 2018-03-15] (BullGuard Ltd.)
R2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [6057400 2018-03-15] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [864184 2018-03-15] (BullGuard Ltd.)
R2 BsNet; C:\Program Files\BullGuard Ltd\BullGuard\BsNet.dll [733624 2018-03-15] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [315832 2018-03-15] (BullGuard Ltd.)
R2 BsSentry; C:\Program Files\BullGuard Ltd\BullGuard\BsSentry.exe [453048 2018-03-15] (BullGuard Ltd.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-13] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-13] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-13] (BlueStack Systems, Inc.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [450488 2018-03-15] (BullGuard Ltd.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2146704 2017-04-05] (Electronic Arts)
S3 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [54544 2016-10-26] (Copyright (c) 2016 Plays.tv, LLC)
S4 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-24] (Splashtop Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U4 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [174744 2017-03-20] (BullGuard Ltd.)
R0 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [152664 2017-06-28] (BullGuard Ltd.)
R1 BdSentry; C:\Windows\System32\DRIVERS\BdSentry.sys [82672 2017-11-16] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [76728 2017-03-20] (BullGuard Ltd.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-13] (BlueStack Systems)
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2010-08-16] (Hauppauge Computer Works, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2016-07-10] ()
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2016-02-16] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-02-16] (Huawei Technologies Co., Ltd.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [41576 2016-03-28] (EldoS Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2017-03-20] (BitDefender S.R.L.)
S3 cpuz138; \??\C:\Users\Marian\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-22 18:47 - 2018-03-22 18:49 - 000022227 _____ C:\Users\Marian\Desktop\FRST.txt
2018-03-22 18:47 - 2018-03-22 18:47 - 000000000 ____D C:\FRST
2018-03-22 11:55 - 2018-03-22 11:55 - 002403328 _____ (Farbar) C:\Users\Marian\Desktop\FRST64.exe
2018-03-22 11:54 - 2018-03-22 11:55 - 015333512 _____ (Piriform Ltd) C:\Users\Marian\Downloads\ccsetup541.exe
2018-03-21 13:23 - 2018-03-21 13:23 - 000000939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STACK.lnk
2018-03-21 13:23 - 2018-03-21 13:23 - 000000927 _____ C:\Users\Public\Desktop\STACK.lnk
2018-03-15 16:41 - 2018-02-13 19:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-15 16:41 - 2018-02-13 19:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-15 16:41 - 2018-02-13 15:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-15 16:41 - 2018-02-13 15:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-15 16:41 - 2018-02-13 15:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-15 16:41 - 2018-02-13 15:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-15 16:41 - 2018-02-13 15:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-15 16:41 - 2018-02-13 15:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-15 16:41 - 2018-02-13 15:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-15 16:41 - 2018-02-13 15:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-14 20:29 - 2018-03-14 20:29 - 000004100 _____ C:\Windows\System32\Tasks\ActiveSync-SystemMechanic
2018-03-14 20:29 - 2018-03-14 20:29 - 000004056 _____ C:\Windows\System32\Tasks\ActiveMessenger-SystemMechanic
2018-03-14 19:09 - 2018-03-14 19:09 - 000001810 _____ C:\Users\Public\Desktop\System Mechanic.lnk
2018-03-14 19:09 - 2018-03-14 19:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2018-03-14 19:09 - 2018-03-14 19:09 - 000000000 ____D C:\Program Files (x86)\Phoenix360
2018-03-14 19:07 - 2018-03-14 19:07 - 000066430 _____ C:\Users\Marian\Downloads\factuur-20037861-1521050474967db0a2-08e8-4ba9-bda3-804cfcc35dd6.pdf
2018-03-14 19:06 - 2018-03-14 19:06 - 000067452 _____ C:\Users\Marian\Downloads\factuur-20037861-1521050384205dbed8-1681-42b7-8459-82e15ba8f607.pdf
2018-03-14 18:53 - 2018-03-14 18:53 - 000019931 _____ C:\Users\Marian\Downloads\ECC17.1417.02L.pdf
2018-03-14 18:36 - 2018-03-15 20:29 - 000000000 ____D C:\ProgramData\Phoenix360
2018-03-14 10:55 - 2018-03-14 10:55 - 000000000 ____D C:\Users\Marian\AppData\Roaming\FlvtoConverter
2018-03-14 10:52 - 2018-03-14 10:52 - 000000000 ____D C:\Users\Marian\Documents\YouTubeDownloads
2018-03-14 10:52 - 2018-03-14 10:52 - 000000000 ____D C:\Users\Marian\AppData\Local\FlvtoYoutubeDownloader
2018-03-13 21:53 - 2018-03-13 21:53 - 000002233 _____ C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto YouTube Downloader.lnk
2018-03-13 21:53 - 2018-03-13 21:53 - 000002225 _____ C:\Users\Marian\Desktop\Flvto YouTube Downloader.lnk
2018-03-13 21:53 - 2018-03-13 21:53 - 000001368 _____ C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Flvto YouTube Downloader.lnk
2018-03-13 21:44 - 2018-03-14 10:55 - 000000000 ____D C:\Users\Marian\AppData\Local\Flvto YouTube Downloader
2018-03-13 21:43 - 2018-03-13 21:43 - 000275904 _____ (Hotger) C:\Users\Marian\Downloads\FYDLoad_inconv2_4.exe
2018-03-13 21:37 - 2018-03-13 21:37 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-12 21:07 - 2018-03-12 23:26 - 049526149 _____ C:\Users\Marian\Desktop\Wim van den Brand.mp4
2018-03-12 20:43 - 2018-03-12 20:47 - 041863046 _____ C:\Users\Marian\Desktop\pa uitvaart
2018-03-12 16:49 - 2018-03-12 16:50 - 034135288 _____ (Digital Wave Ltd ) C:\Users\Marian\Downloads\FreeYouTubeToMP3Converter_4.1.61.1031_d.exe
2018-03-12 00:06 - 2018-03-12 00:08 - 028156392 _____ C:\Users\Marian\Desktop\Untitled_720x576(2).mp4
2018-03-12 00:02 - 2018-03-12 00:04 - 027721592 _____ C:\Users\Marian\Desktop\Untitled_720x576(1).mp4
2018-03-11 23:54 - 2018-03-11 23:57 - 028301892 _____ C:\Users\Marian\Desktop\Untitled_720x576(0).mp4
2018-03-11 23:43 - 2018-03-12 18:28 - 044869614 _____ C:\Users\Marian\Desktop\pa.mp4
2018-03-11 23:33 - 2018-03-11 23:36 - 033356560 _____ C:\Users\Marian\Desktop\Untitled_720x576.mp4
2018-03-11 20:22 - 2018-03-11 20:22 - 000000000 ____D C:\Users\Marian\log
2018-03-11 20:22 - 2018-03-11 20:22 - 000000000 ____D C:\Users\Marian\AppData\Local\Icecream
2018-03-11 20:22 - 2018-03-11 20:22 - 000000000 ____D C:\Users\Marian\AppData\Local\CrashRpt
2018-03-11 20:22 - 2018-03-11 20:22 - 000000000 ____D C:\Users\Marian\.Icecream Slideshow Maker
2018-03-11 20:21 - 2018-03-11 20:43 - 000000000 ____D C:\Program Files (x86)\Icecream Slideshow Maker
2018-03-11 20:21 - 2018-03-11 20:21 - 020942016 _____ (Icecream Apps ) C:\Users\Marian\Downloads\slideshow_maker_setup.exe
2018-03-11 20:21 - 2018-03-11 20:21 - 000001113 _____ C:\Users\Public\Desktop\Icecream Slideshow Maker.lnk
2018-03-11 20:21 - 2018-03-11 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2018-03-11 20:21 - 2018-03-11 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Slideshow Maker
2018-03-11 20:21 - 2018-03-11 20:21 - 000000000 ____D C:\Program Files (x86)\Xiph.Org
2018-03-11 20:06 - 2018-03-11 20:06 - 000001039 _____ C:\Users\Marian\Desktop\Slideshow Creator.lnk
2018-03-11 20:06 - 2018-03-11 20:06 - 000000000 ____D C:\Users\Marian\AppData\Local\BolideSoftware
2018-03-11 20:06 - 2018-03-11 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slideshow Creator
2018-03-11 20:06 - 2018-03-11 20:06 - 000000000 ____D C:\Program Files (x86)\Slideshow Creator
2018-03-11 20:05 - 2018-03-11 20:05 - 009051720 _____ (Bolide Software ) C:\Users\Marian\Downloads\bsc_setup.exe
2018-03-10 21:08 - 2018-03-10 21:08 - 000074737 _____ C:\Users\Marian\Downloads\Ontvangstbevestiging_Aangifte_inkomstenbelasting_2016_22-04-2017_12.59u.pdf
2018-03-10 17:16 - 2018-03-10 17:16 - 003947015 _____ C:\Users\Marian\Downloads\KIZOA-Movie-Maker-hiy8twoo.mp4
2018-03-10 17:01 - 2018-03-10 17:01 - 000000000 ____D C:\Users\Marian\AppData\Roaming\AMD
2018-03-10 16:58 - 2018-03-10 16:58 - 000001113 _____ C:\Users\Public\Desktop\Movavi Slideshow Maker 3.lnk
2018-03-10 16:58 - 2018-03-10 16:58 - 000000000 ____D C:\Users\Marian\AppData\Local\SlideshowMaker
2018-03-10 16:58 - 2018-03-10 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Slideshow Maker 3
2018-03-10 16:57 - 2018-03-10 16:58 - 000000000 ____D C:\Program Files (x86)\Movavi Slideshow Maker 3
2018-03-10 16:57 - 2018-03-10 16:57 - 000004999 _____ C:\ProgramData\nkqvxvck.cou
2018-03-10 16:57 - 2018-03-10 16:57 - 000000016 _____ C:\ProgramData\mntemp
2018-03-10 16:57 - 2018-03-10 16:57 - 000000000 ____D C:\ProgramData\Movavi Slideshow Maker 3
2018-03-10 16:56 - 2018-03-10 16:56 - 054379048 _____ (Movavi) C:\Users\Marian\Downloads\MovaviSlideshowMakerDistribSetupC.exe
2018-03-10 16:46 - 2018-03-11 19:58 - 000000000 ____D C:\Users\Marian\AppData\Roaming\Ashampoo Slideshow Studio 2017
2018-03-10 16:46 - 2018-03-10 16:46 - 000001311 _____ C:\Users\Public\Desktop\Ashampoo Slideshow Studio 2017.lnk
2018-03-10 16:46 - 2018-03-10 16:46 - 000000221 _____ C:\Users\Public\Desktop\Ashampoo Deals.url
2018-03-10 16:46 - 2018-03-10 16:46 - 000000000 ____D C:\Users\Marian\AppData\Local\ashampoo
2018-03-10 16:46 - 2018-03-10 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2018-03-10 16:45 - 2018-03-10 16:46 - 000000000 ____D C:\ProgramData\Ashampoo
2018-03-10 16:45 - 2018-03-10 16:45 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2018-03-10 16:40 - 2018-03-10 16:40 - 054553272 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Marian\Downloads\ashampoo_slideshow_studio_2017_24379.exe
2018-03-06 20:20 - 2018-03-06 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-03 13:08 - 2018-03-03 13:07 - 000076728 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2018-03-03 13:08 - 2018-03-03 13:07 - 000061880 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2018-02-22 19:58 - 2018-02-22 20:01 - 000126237 _____ C:\Users\Marian\Downloads\Rapport _ ScanCircle.pdf
2018-02-22 19:54 - 2018-02-22 19:54 - 000155664 _____ (ScanCircle) C:\Users\Marian\Downloads\ScanCircleD_nl.exe
2018-02-22 12:14 - 2018-02-22 12:14 - 021041152 _____ C:\Users\Marian\Desktop\events22-2.evtx
2018-02-22 12:13 - 2018-02-22 12:13 - 021041152 _____ C:\Users\Marian\Documents\22-2-18.evtx
2018-02-21 19:43 - 2018-02-21 19:44 - 000000000 ____D C:\ProgramData\dllescort
2018-02-21 19:41 - 2018-02-21 19:41 - 001360355 _____ (Igor Pavlov) C:\Users\Marian\Downloads\7z1509-x64.exe
2018-02-21 19:41 - 2018-02-21 19:41 - 000000000 ____D C:\Program Files\7-Zip
2018-02-21 19:39 - 2018-02-21 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL Escort 2017
2018-02-21 19:39 - 2018-02-21 19:44 - 000000000 ____D C:\Program Files (x86)\DLLEscort2017
2018-02-21 19:27 - 2018-02-21 19:52 - 000000000 ____D C:\Program Files (x86)\Advanced Event Viewer
2018-02-21 19:27 - 2018-02-21 19:27 - 000000957 _____ C:\Users\Public\Desktop\Advanced Event Viewer.lnk
2018-02-21 19:27 - 2018-02-21 19:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Event Viewer
2018-02-21 19:25 - 2018-02-21 19:25 - 007352320 _____ C:\Users\Marian\Downloads\AEV_Setup_build_2985.msi
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-22 18:49 - 2014-06-01 19:47 - 000000000 ____D C:\ProgramData\BullGuard
2018-03-22 18:45 - 2014-06-03 12:10 - 000000000 ____D C:\Users\Marian\AppData\Roaming\vlc
2018-03-22 10:34 - 2009-07-14 05:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-22 10:34 - 2009-07-14 05:45 - 000022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-22 10:22 - 2016-07-11 14:28 - 000000000 ____D C:\Users\Marian\AppData\Roaming\Raptr
2018-03-22 10:19 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2018-03-22 10:18 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-21 13:29 - 2017-12-15 19:01 - 000000000 ____D C:\Program Files (x86)\stack
2018-03-21 13:24 - 2017-12-15 19:09 - 000000000 ____D C:\Users\Marian\stack
2018-03-21 13:23 - 2017-12-15 19:03 - 000000000 ____D C:\Users\Marian\AppData\Local\STACK
2018-03-21 10:53 - 2014-06-01 20:25 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-21 10:53 - 2014-06-01 20:25 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-21 10:29 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-03-19 22:40 - 2016-11-16 10:19 - 000000000 ____D C:\Users\Marian\AppData\LocalLow\Mozilla
2018-03-16 10:47 - 2015-04-16 07:43 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-15 23:52 - 2014-06-03 02:50 - 000778460 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-03-15 23:52 - 2009-07-14 06:13 - 000778460 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-15 23:44 - 2017-10-11 22:58 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-15 23:44 - 2014-06-04 09:52 - 000000000 ____D C:\Windows\system32\MRT
2018-03-15 23:43 - 2014-06-04 09:52 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-14 20:31 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-03-14 20:29 - 2016-07-16 10:55 - 000000000 ____D C:\ProgramData\iolo
2018-03-14 19:09 - 2014-06-01 04:36 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-14 18:56 - 2016-06-07 21:48 - 000000000 ____D C:\Users\Marian\AppData\Local\Downloaded Installations
2018-03-14 18:41 - 2016-12-06 22:26 - 000000000 ____D C:\Program Files (x86)\System Mechanic
2018-03-13 21:37 - 2014-06-01 21:36 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-13 21:37 - 2014-06-01 21:36 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-13 21:37 - 2014-06-01 21:36 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-13 21:37 - 2014-06-01 21:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-13 21:37 - 2014-06-01 21:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-12 16:59 - 2015-01-28 17:13 - 000000000 ____D C:\Users\Marian\AppData\Roaming\DVDVideoSoft
2018-03-11 20:22 - 2014-06-01 01:18 - 000000000 ____D C:\Users\Marian
2018-03-06 20:20 - 2018-02-18 20:18 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-04 10:49 - 2009-07-14 06:08 - 000032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-26 20:58 - 2016-08-05 19:51 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-23 17:31 - 2015-11-10 17:56 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories =======
2015-11-15 21:58 - 2016-10-03 20:19 - 000061952 _____ () C:\Users\Marian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-03-19 12:05
==================== End of FRST.txt ============================