Jump to content

Recommended Posts

Hi,

Just reading a local news site when my browser was "urgently" hijacked by this stuff!

Malware anti home premium didn't work on this one, see images

The G chrome browser is frozen, I cannot edit anything and can't close the popup or the browser,

How do I get rid of this stuff? 

Regards

Dennis

 

url-bar.PNG

popup.PNG

BTW, my SSD is Samsung, not Fujitsu!

screen.PNG

Edited by Hummm
Link to post
Share on other sites

Thanks for that,

 

here is what's in the FRST;

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by User (administrator) on USER (24-01-2017 12:34:28)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: Anwender & User & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: "C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Apache Software Foundation) C:\MAMP\bin\apache\bin\httpd.exe
(FileZilla Project) C:\xampp\FileZillaFTP\FileZillaServer.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
() C:\MAMP\bin\emailrelay\emailrelay-service.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\EBCClient.exe
(Fork Ltd.) C:\Windows\Prey\versions\1.0.7\bin\windows\cronsvc.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(appsolute Gmbh) C:\MAMPPRO\MAMPDNSService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(appsolute Gmbh) C:\MAMPPRO\MAMPPROService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\MAMP\bin\mysql\bin\mysqld.exe
() C:\xampp\mysql\bin\mysqld.exe
() C:\Program Files\KMSpico\Service_KMS.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
( ) C:\MAMP\bin\emailrelay\emailrelay.exe
(Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apache Software Foundation) C:\MAMP\bin\apache\bin\httpd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
Failed to access process -> Service_KMS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
() C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(appsolute Gmbh) C:\MAMPPRO\MAMPROSysTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\TrayPopupE\TrayTipAgentE.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Viber Media S.à r.l.) C:\Users\User\AppData\Local\Viber\Viber.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SLServiceUserApp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(CrystalIDEA Software) C:\Program Files\Uninstall Tool\UninstallTool.exe
(CrystalIDEA Software) C:\Program Files\Uninstall Tool\x64helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
() C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
() C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-03] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-09-23] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-22] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-22] (Intel Corporation)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\CleanUpUI.exe [1227456 2016-04-26] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-12-14] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2017-01-10] (SUPERAntiSpyware)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE [283232 2014-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [43999824 2017-01-16] (Viber Media S.à r.l.)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\Run: [Bose Updater] => C:\Program Files (x86)\Bose Updater\BOSEUPDATER.EXE [1278208 2016-07-26] (Bose Corporation)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\Run: [MampTray] => C:\MAMPPRO\MAMPROSysTray.exe [231936 2016-08-19] (appsolute Gmbh)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\RunOnce: [Application Restart #1] => C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe [1024632 2016-12-19] (Vivaldi Technologies AS)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files => No File
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [       EaseUSEverySyncedOverlay] -> {52103F52-9856-43F7-B5C4-A026FD84288C} => C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll [2015-10-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [       EaseUSEverySyncFailedOverlay] -> {A6D755FC-42D6-46BF-8A5D-1F810C3FCEA6} => C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll [2015-10-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [       EaseUSEverySyncingOverlay] -> {0F45C9C8-E236-4CEC-A858-BFEB47D8CD3C} => C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll [2015-10-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [0SamsungLinkOverlayIconCreated] -> {D130049C-7512-4075-9145-7B8B18149060} => C:\Program Files\Samsung\SamsungLink\SLIconOverlay.dll [2016-03-21] (Samsung Electronics CO., LTD.)
ShellIconOverlayIdentifiers: [0SamsungLinkOverlayIconRenamed] -> {D130049D-7512-4075-9145-7B8B18149060} => C:\Program Files\Samsung\SamsungLink\SLIconOverlay.dll [2016-03-21] (Samsung Electronics CO., LTD.)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {87998E60-ADDD-4B0D-B026-E557359B05E5} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-12-27] (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-12-27] (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [       EaseUSEverySyncedOverlay] -> {52103F52-9856-43F7-B5C4-A026FD84288C} => C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll [2015-10-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [       EaseUSEverySyncFailedOverlay] -> {A6D755FC-42D6-46BF-8A5D-1F810C3FCEA6} => C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll [2015-10-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [       EaseUSEverySyncingOverlay] -> {0F45C9C8-E236-4CEC-A858-BFEB47D8CD3C} => C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll [2015-10-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {87998E60-ADDD-4B0D-B026-E557359B05E5} => C:\windows\SysWOW64\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Password Manager Pro.lnk [2017-01-03]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2027014631-3366834958-3693072843-1002] => http=127.0.0.1:8888;https=127.0.0.1:8888
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 109.247.114.4 92.220.228.70
Tcpip\..\Interfaces\{1db31de6-9ce8-45eb-be47-742430d7153f}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1db31de6-9ce8-45eb-be47-742430d7153f}: [DhcpNameServer] 109.247.114.4 92.220.228.70
Tcpip\..\Interfaces\{82dc28fe-50fa-4490-8fbe-70b747feb479}: [DhcpNameServer] 192.168.10.1

Internet Explorer:
==================
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2027014631-3366834958-3693072843-1002 -> DefaultScope {8ED0DBFC-D795-412D-8AD0-7A2B30B7B09B} URL = 
SearchScopes: HKU\S-1-5-21-2027014631-3366834958-3693072843-1002 -> {8ED0DBFC-D795-412D-8AD0-7A2B30B7B09B} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-24] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-24] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

Edge: 
======
Edge Session Restore: HKU\S-1-5-21-2027014631-3366834958-3693072843-1002 -> is enabled.

FireFox:
========
FF DefaultProfile: bgemoxs9.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bgemoxs9.default [2017-01-24]
FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bgemoxs9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-05]
FF ProfilePath: C:\Users\User\AppData\Roaming\kompozer.net\KompoZer\Profiles\7vvulha2.default [2016-02-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2027014631-3366834958-3693072843-1002: @citrixonline.com/appdetectorplugin -> C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-29] (Citrix Online)
FF Plugin HKU\S-1-5-21-2027014631-3366834958-3693072843-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-07-22] (Intel)
FF Plugin HKU\S-1-5-21-2027014631-3366834958-3693072843-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-07-22] (Intel)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\pepflashplayer32_16_0_0_310.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (AppUp) - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 8 U31) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll => No File
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-01-24]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-06-11]
CHR Extension: (DuckDuckGo for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2016-10-14]
CHR Extension: (Quick Login for Google Accounts) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbgngpehipfmfmpjmhonhacgbkjpdidp [2015-06-30]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-28]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2015-09-28]
CHR Extension: (Swap My Cookies) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dffhipnliikkblkhpjapbecpmoilcama [2013-11-28]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-06-05]
CHR Extension: (Todaypulse) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebeihaikdhapdnpgmbgochfnlkhhkdmo [2013-09-29]
CHR Extension: (SEO SERP Workbench) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbgolklgacemnfnmkkpgekngaaggjjl [2014-01-15]
CHR Extension: (BB Launcher Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgjhjbiflegkfaoacjdgjggidcpbidk [2017-01-24]
CHR Extension: (Cyfe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejcimlnjdmkgappmhhmefkloocbephjh [2016-05-07]
CHR Extension: (Video Downloader professional) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-09-14]
CHR Extension: (EditThisCookie) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-09-29]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2016-06-30]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-01-15]
CHR Extension: (Open SEO Stats(Formerly: PageRank Status)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2016-06-02]
CHR Extension: (Crowdfire) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgnbklefkgedfbpjebhjgibfnobjcbli [2017-01-24]
CHR Extension: (Speed Dial 2) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-02]
CHR Extension: (Grammarly for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-01-24]
CHR Extension: (Hootsuite) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2014-07-19]
CHR Extension: (ClearWebStats Site Report) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiinbhdeokhjaoomopgiekaedebodkc [2013-09-29]
CHR Extension: (UltraSurf Security, Privacy & Unblock VPN) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjnbclmflcpookeapghfhapeffmpodij [2016-10-10]
CHR Extension: (Ghostery) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-01-15]
CHR Extension: (YSlow) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh [2015-12-05]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-12-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-24]
CHR Extension: (Better History) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2016-06-26]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2014-10-15]
CHR Extension: (Click&Clean App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-01-15]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]
CHR Extension: (Publish5 - DIY Mobile App Creator) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljongdhniobjippcfefmkjnjkcbflfl [2013-09-29]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-24]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-30]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-30]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-30]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-30]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-30]
CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-30]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-30]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-30]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Opera Bookmarks Share Portal) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2016-02-18]
OPR Extension: (Opera Bookmarks Share Portal) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2016-02-18]
OPR Extension: (Opera Bookmarks Share Portal) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\ninejjcohidippngpapiilnmkgllmakh [2013-09-27]
OPR Extension: (Opera Bookmarks Share Portal) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\nlffnljnicbkfhnlomjhjlebndachaka [2016-02-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-05] (Adobe Systems Incorporated)
R2 AllShare Framework DMS; C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe [403264 2016-03-21] (Samsung)
R2 Apache2.4; C:\xampp\apache\bin\httpd.exe [26112 2016-07-01] (Apache Software Foundation) [File not signed]
R2 CronService; C:\Windows\Prey\versions\1.0.7\bin\windows\cronsvc.exe [18432 2014-01-09] (Fork Ltd.) [File not signed]
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593664 2015-06-19] (Samsung Electronics CO., LTD.)
R2 EBC Client; C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\EBCClient.exe [89128 2015-11-03] ()
R2 emailrelay; C:\MAMP\bin\emailrelay\emailrelay-service.exe [705536 2014-07-30] () [File not signed]
S3 ESLoadService; C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\ESLoadService.exe [43048 2015-10-19] (TODO: <Company name>)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corp.)
R2 FileZillaServer; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
R2 ftpsvc; C:\WINDOWS\system32\inetsrv\ftpsvc.dll [382976 2016-10-03] (Microsoft Corporation)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-06-18] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337840 2016-10-25] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 MAMPDNS; C:\MAMPPRO\MAMPDNSService.exe [22528 2016-08-19] (appsolute Gmbh) [File not signed]
R2 MAMPPRO; C:\MAMPPRO\MAMPPROService.exe [25088 2016-08-19] (appsolute Gmbh) [File not signed]
R2 MAMPPRO-Apache; C:\MAMP\bin\apache\bin\httpd.exe [18432 2016-05-06] (Apache Software Foundation) [File not signed]
R2 MAMPPRO-MySQL; C:\MAMP\bin\mysql\bin\mysqld.exe [8152064 2016-05-05] () [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2016-12-14] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 mysql; C:\xampp\mysql\bin\mysqld.exe [11738568 2016-07-18] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SamsungLinkService; C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe [24977128 2016-03-21] (Samsung Electronics CO., LTD.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1\RpcAgentSrv.exe [72344 2008-01-29] (SiSoftware) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-03] (Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [284160 2013-06-10] () [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
S3 CisUtMonitor; C:\WINDOWS\System32\DRIVERS\CisUtMonitor.sys [33360 2014-08-07] (CrystalIdea Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18016 2016-05-23] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14944 2016-05-23] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-12-14] ()
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32328 2015-10-01] (ELAN Microelectronic Corp.)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-05-23] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-05-23] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R1 SafDskNT; C:\windows\system32\drivers\SAFDSKNT.SYS [75760 2012-11-08] (PC Dynamics)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SDiskWindows10; C:\WINDOWS\System32\DRIVERS\SDiskWindows10.sys [111320 2016-03-21] (Samsung Inc.)
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 12:34 - 2017-01-24 12:34 - 00053174 _____ C:\Users\User\Downloads\FRST.txt
2017-01-24 12:32 - 2017-01-24 12:34 - 00000000 ____D C:\FRST
2017-01-24 12:28 - 2017-01-24 12:31 - 02420736 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-01-24 12:10 - 2017-01-24 12:11 - 00000000 ____D C:\Users\User\Downloads\virus
2017-01-24 11:45 - 2017-01-24 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2017-01-24 11:37 - 2017-01-24 11:37 - 00000000 ____D C:\Users\User\AppData\Local\Viber
2017-01-24 11:36 - 2017-01-24 11:36 - 00457248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-24 11:25 - 2017-01-24 11:25 - 00033372 _____ C:\Users\User\Desktop\ALL GLOBAL STAR.txt
2017-01-23 19:39 - 2017-01-24 11:23 - 00021830 _____ C:\Users\User\Desktop\Twitter accounts.txt
2017-01-18 14:49 - 2017-01-18 14:49 - 00002942 _____ C:\Users\User\wp-config-sample.php
2017-01-18 08:27 - 2017-01-18 08:27 - 06975096 _____ (Tim Kosse) C:\Users\User\Downloads\FileZilla_3.24.0_win64-setup.exe
2017-01-18 06:34 - 2017-01-18 06:34 - 00001963 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2017-01-15 11:30 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-15 11:30 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-15 11:30 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-15 11:30 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-15 11:30 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-15 11:30 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-15 11:30 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-15 11:30 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-15 11:30 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-15 11:30 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-15 11:30 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-15 11:30 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-15 11:30 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-15 11:30 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-15 11:30 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-15 11:30 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-15 11:30 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-15 11:30 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-15 11:30 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-15 11:30 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-15 11:30 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-15 11:30 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-15 11:30 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-15 11:30 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-15 11:30 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-15 11:30 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-15 11:30 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-15 11:30 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-15 11:30 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-15 11:30 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-15 11:30 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-15 11:30 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-15 11:30 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-15 11:30 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-15 11:30 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-15 11:30 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-15 11:30 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-15 11:30 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-15 11:30 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-15 11:30 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-15 11:30 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-15 11:30 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-15 11:30 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-15 11:30 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-15 11:30 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-15 11:30 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-15 11:30 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-15 11:30 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-15 11:30 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-15 11:30 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-15 11:30 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-15 11:30 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-15 11:30 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-15 11:30 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-15 11:30 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-15 11:30 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-15 11:30 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-15 11:30 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-15 11:30 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-15 11:30 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-15 11:30 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-15 11:30 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-15 11:30 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-15 11:30 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-15 11:30 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-15 11:30 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-15 11:30 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-15 11:30 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-15 11:30 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-15 11:30 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-15 11:30 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-15 11:30 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-15 11:30 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-15 11:30 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-15 11:30 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-15 11:30 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-15 11:30 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-15 11:30 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-15 11:30 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-15 11:30 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-15 11:30 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-15 11:30 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-15 11:30 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-15 11:30 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-15 11:30 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-15 11:30 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-15 11:30 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-15 11:30 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-15 11:30 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-15 11:30 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-15 11:30 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-15 11:30 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-15 11:30 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-15 11:30 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-15 11:30 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-15 11:30 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-15 11:30 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-15 11:30 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-15 11:30 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-15 11:30 - 2016-12-14 06:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-15 11:30 - 2016-12-14 06:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-15 11:30 - 2016-12-14 06:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-15 11:30 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-15 11:30 - 2016-12-14 06:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-15 11:30 - 2016-12-14 06:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-15 11:30 - 2016-12-14 06:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-15 11:30 - 2016-12-14 06:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-15 11:30 - 2016-12-14 06:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-15 11:30 - 2016-12-14 06:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-15 11:30 - 2016-12-14 06:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-15 11:30 - 2016-12-14 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-15 11:30 - 2016-12-14 06:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-15 11:30 - 2016-12-14 06:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-15 11:30 - 2016-12-14 06:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-15 11:30 - 2016-12-14 06:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-15 11:30 - 2016-12-14 06:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-15 11:30 - 2016-12-14 06:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-15 11:30 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-15 11:30 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-15 11:30 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-15 11:30 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-15 11:30 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-15 11:30 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-15 11:30 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-15 11:30 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-15 11:30 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-15 11:30 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-15 11:30 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-15 11:30 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-15 11:30 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-15 11:30 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-15 11:30 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-15 11:30 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-15 11:30 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-15 11:30 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-15 11:30 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-15 11:30 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-15 11:30 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-15 11:30 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-15 11:30 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-15 11:30 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-15 11:30 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-15 11:30 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-15 11:30 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-15 11:30 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-15 11:30 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-15 11:30 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-15 11:30 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-15 11:30 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-15 11:30 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-15 11:30 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-15 11:30 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-15 11:30 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-15 11:30 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-15 11:30 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-15 11:30 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-15 11:30 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-15 11:30 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-15 11:30 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-15 11:30 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-15 11:30 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-15 11:30 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-15 11:30 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-15 11:30 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-15 11:30 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-15 11:30 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-15 11:30 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-15 11:30 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-15 11:30 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-15 11:30 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-15 11:30 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-15 11:30 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-15 11:30 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-15 11:30 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-15 11:30 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-15 11:30 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-15 11:30 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-15 11:30 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-15 11:30 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-15 11:30 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-15 11:30 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-15 11:30 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-15 11:30 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-15 10:55 - 2017-01-15 10:55 - 00000937 _____ C:\Users\Public\Desktop\SRWare Iron (64-Bit).lnk
2016-12-30 13:50 - 2016-12-30 13:50 - 00002480 _____ C:\Users\User\Desktop\Daniel - Chrome.lnk
2016-12-28 19:27 - 2017-01-23 08:55 - 00001565 _____ C:\Users\User\Desktop\Skype - Shortcut.lnk
2016-12-25 17:52 - 2016-12-18 07:25 - 00042446 _____ C:\Users\User\Desktop\VideoTutorials.txt.bak

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 12:31 - 2016-11-02 00:48 - 00004096 ___SH C:\{97,652,13C-7,C9F-4,EF2-A315-0E3502EB8B3A}.CBM
2017-01-24 12:29 - 2013-09-11 20:30 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-01-24 12:15 - 2016-01-10 15:31 - 00000000 ____D C:\Users\User\AppData\Local\ClassicShell
2017-01-24 12:02 - 2015-10-28 08:35 - 00000000 ____D C:\Users\User\AppData\Roaming\Efficient Password Manager Pro
2017-01-24 11:52 - 2014-09-08 04:51 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-01-24 11:45 - 2016-10-03 03:01 - 00003336 _____ C:\WINDOWS\System32\Tasks\SamsungMagician
2017-01-24 11:45 - 2013-01-17 08:47 - 00000000 ____D C:\ProgramData\Samsung
2017-01-24 11:44 - 2015-10-28 08:35 - 07806976 _____ C:\Users\User\Documents\MyPwd.epmw
2017-01-24 11:44 - 2015-10-28 08:35 - 00000000 ____D C:\ProgramData\firebird
2017-01-24 11:44 - 2015-09-04 12:39 - 01090778 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-24 11:39 - 2013-01-17 08:47 - 00000000 ____D C:\ProgramData\WinClon
2017-01-24 11:37 - 2016-11-27 20:40 - 00001060 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iris mini.lnk
2017-01-24 11:37 - 2016-11-02 00:00 - 00464896 ___SH C:\EUMONBMP.SYS
2017-01-24 11:37 - 2016-10-03 23:00 - 00000000 ____D C:\WINDOWS\system32\config\regsave
2017-01-24 11:37 - 2014-05-02 09:34 - 00000000 ____D C:\Users\User\AppData\Roaming\ViberPC
2017-01-24 11:36 - 2016-10-03 03:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-24 11:36 - 2016-07-16 23:54 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2017-01-24 11:36 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\L2Schemas
2017-01-24 11:36 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-24 11:36 - 2016-05-28 21:18 - 00000346 _____ C:\WINDOWS\Tasks\HPCeeScheduleForUser.job
2017-01-24 11:36 - 2015-05-27 12:36 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles
2017-01-24 11:36 - 2014-06-17 15:52 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-24 11:36 - 2013-09-23 14:57 - 00000000 ____D C:\Program Files\KMSpico
2017-01-24 11:36 - 2013-09-12 12:37 - 00000000 ____D C:\Users\User\AppData\Roaming\FileZilla
2017-01-24 11:34 - 2013-09-12 10:27 - 00000000 ____D C:\Users\User\Documents\Efficient Organizer AutoBackup
2017-01-24 11:26 - 2016-01-28 11:58 - 00043887 _____ C:\Users\User\Desktop\xxZmarketing.txt
2017-01-24 11:21 - 2016-01-10 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Marketing Link Tools
2017-01-24 09:13 - 2013-10-09 08:43 - 00000000 ____D C:\Users\User\AppData\Local\PrivaZer
2017-01-24 09:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-24 09:00 - 2016-10-03 03:01 - 00003638 _____ C:\WINDOWS\System32\Tasks\PrivaZer_cleanup
2017-01-24 08:27 - 2016-10-03 02:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-23 08:59 - 2013-09-11 20:30 - 00000000 ____D C:\ProgramData\Skype
2017-01-23 06:54 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-22 11:27 - 2016-11-27 21:57 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-21 18:46 - 2016-10-03 03:01 - 00003234 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForUser
2017-01-21 12:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-20 14:23 - 2016-10-03 03:01 - 00003956 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1378886386
2017-01-20 14:23 - 2013-09-11 08:59 - 00000000 ____D C:\Program Files (x86)\Opera
2017-01-20 11:36 - 2016-09-02 08:33 - 00001002 _____ C:\Users\User\Desktop\xampp-control - Shortcut.lnk
2017-01-20 11:12 - 2016-09-02 12:45 - 00000000 ____D C:\xampp
2017-01-20 08:24 - 2016-01-28 12:03 - 00000000 ____D C:\Users\User\Documents\ViberDownloads
2017-01-18 07:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-18 06:35 - 2015-09-04 12:29 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-18 06:34 - 2016-10-03 03:01 - 00003622 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2017-01-18 06:34 - 2016-07-14 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-01-18 06:34 - 2016-07-12 06:53 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-01-15 18:14 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-15 18:14 - 2013-08-14 00:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-15 18:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-15 18:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-15 18:12 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-15 18:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-15 18:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-15 18:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-15 12:58 - 2013-09-11 08:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-15 12:55 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-15 12:55 - 2013-09-11 08:46 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-15 11:24 - 2016-04-07 21:57 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-15 11:24 - 2014-10-15 16:12 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-15 11:24 - 2013-10-03 07:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-15 11:03 - 2016-08-30 07:45 - 00033185 _____ C:\Users\User\Desktop\Linksmanager.txt
2017-01-15 10:58 - 2013-09-11 07:09 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2017-01-15 10:57 - 2016-10-03 03:01 - 00004032 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-15 10:57 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-15 10:57 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-15 10:55 - 2016-07-03 20:14 - 00000999 _____ C:\Users\Public\Desktop\Iron Config and Backup.lnk
2017-01-15 10:55 - 2016-07-03 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron (64-Bit)
2017-01-15 10:55 - 2014-10-15 08:54 - 00000000 ____D C:\Program Files\SRWare Iron (64-Bit)
2017-01-14 19:53 - 2016-10-10 07:25 - 00000000 ____D C:\Program Files (x86)\PrivaZer
2017-01-14 19:53 - 2016-07-02 14:13 - 00001970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2017-01-14 19:53 - 2016-07-02 14:13 - 00001958 _____ C:\Users\Public\Desktop\PrivaZer.lnk
2017-01-13 09:07 - 2014-01-30 10:14 - 00000000 ____D C:\WINDOWS\Prey
2017-01-12 23:01 - 2016-10-03 03:01 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-08 16:29 - 2016-12-07 08:17 - 00000000 ____D C:\Users\User\AppData\Local\FileZilla
2017-01-03 07:27 - 2016-06-26 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Efficient Password Manager Pro
2017-01-03 07:27 - 2013-09-12 09:55 - 00000000 ____D C:\Program Files (x86)\Efficient Password Manager Pro
2017-01-02 09:09 - 2013-10-08 14:12 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2016-12-25 17:52 - 2016-12-01 20:34 - 00042899 _____ C:\Users\User\Desktop\VideoTutorials.txt

==================== Files in the root of some directories =======

2013-09-11 07:08 - 2013-09-20 13:34 - 0002753 _____ () C:\Users\User\AppData\Roaming\AbsoluteReminder.xml
2016-11-27 20:40 - 2016-11-27 20:40 - 0000146 _____ () C:\Users\User\AppData\Roaming\gamma_ramp.reg
2013-11-14 18:59 - 2013-11-14 18:59 - 0000078 _____ () C:\Users\User\AppData\Roaming\kdmlic.txt
2014-02-03 18:24 - 2015-06-11 14:52 - 14225408 _____ () C:\Users\User\AppData\Roaming\Sandra.mdb
2015-09-05 22:42 - 2015-09-05 22:42 - 1203712 _____ (CPUID) C:\Users\User\AppData\Roaming\siw_sdk.dll
2013-03-11 20:00 - 2013-03-11 20:00 - 0044032 _____ () C:\Users\User\AppData\Local\DB_AntBook.db
2013-09-12 12:53 - 2016-08-23 18:02 - 0000600 _____ () C:\Users\User\AppData\Local\PUTTY.RND
2013-10-14 15:25 - 2016-09-07 05:30 - 0007631 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2013-09-13 15:53 - 2013-09-13 15:55 - 0032923 _____ () C:\Users\User\AppData\Local\WiDiSetupLog.20130913.165318.txt
2016-10-03 02:51 - 2016-10-03 02:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-20 10:51 - 2016-05-20 10:59 - 0000845 _____ () C:\ProgramData\hpzinstall.log
2013-09-13 14:15 - 2013-02-21 15:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-09-13 14:15 - 2013-01-12 22:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml

Some files in TEMP:
====================
2016-11-23 23:47 - 2016-11-23 23:47 - 14700056 _____ (Samsung Electronics                                         ) C:\Users\User\AppData\Local\Temp\Samsung_Magician_Installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-23 20:42

==================== End of FRST.txt ============================

Link to post
Share on other sites

and the Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by User (24-01-2017 12:35:09)
Running from C:\Users\User\Downloads
Windows 10 Pro Version 1607 (X64) (2016-10-03 02:02:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2027014631-3366834958-3693072843-500 - Administrator - Enabled)
Anwender (S-1-5-21-2027014631-3366834958-3693072843-1001 - Administrator - Enabled) => C:\Users\Anwender
DefaultAccount (S-1-5-21-2027014631-3366834958-3693072843-503 - Limited - Disabled)
gestur (S-1-5-21-2027014631-3366834958-3693072843-1006 - Limited - Enabled)
Guest (S-1-5-21-2027014631-3366834958-3693072843-501 - Limited - Disabled)
User (S-1-5-21-2027014631-3366834958-3693072843-1002 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Kindle (HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Ant Pugilist (HKLM-x32\...\{9DD673CF-0BB2-42E8-8447-D2059B655417}) (Version: 1.0.0 - Antification)
AutoHotkey 1.1.23.00 (HKLM\...\AutoHotkey) (Version: 1.1.23.00 - Lexikos)
Aviator (HKLM-x32\...\{B0E4AA1D-76A7-48B5-AAA1-D68BDBB1FF99}) (Version: 2.6 - WhiteHat Security, Inc.)
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
Bose Updater (HKLM-x32\...\Bose Updater) (Version: 1.2.2.815 - Bose Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
BurnInTest v7.1 Pro (HKLM\...\BurnInTest_is1) (Version: 7.1 - Passmark Software)
C5200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
C5200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
calibre 64bit (HKLM\...\{C30715AA-E41F-4B8E-BA9E-4C455FB22DD4}) (Version: 2.4.0 - Kovid Goyal)
Catalyst Control Center Next Localization BR (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{A4B72B94-7745-4CA8-A4D6-D8AC2442451C}) (Version: 1.0.153 - Citrix)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Crowd Force Pro (HKLM-x32\...\CrowdForce) (Version: 0.50.0 - UNKNOWN)
Crowd Force Pro (x32 Version: 0.50.0 - UNKNOWN) Hidden
CurationSoft (HKLM-x32\...\CurationSoft) (Version: 3.10 - UNKNOWN)
CurationSoft (x32 Version: 3.10 - UNKNOWN) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
EaseUS EverySync 3.0 (HKLM-x32\...\EaseUS EverySync_is1) (Version:  - EaseUS)
EaseUS Partition Master 11.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EaseUS Todo Backup Workstation 8.9 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.9 - CHENGDU YIWO Tech Development Co., Ltd)
ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
EPSON XP-402 403 405 406 Series Printer Uninstall (HKLM\...\EPSON XP-402 403 405 406 Series) (Version:  - SEIKO EPSON Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Explaindio Video Marker (HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\Explaindio Video Marker) (Version: 01.00.03.00 - Explaindio LLC)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.6.2.2 - Telerik)
FileZilla Client 3.23.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.23.0.2 - Tim Kosse)
FLV Media Player version 1.3 (HKLM-x32\...\{0E08BAC8-845B-4327-8CDB-4B0F8C9857A5}_is1) (Version: 1.3 - FLVMPlayer)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free Picture Resize Starter 4.5 (HKLM-x32\...\Picture Resize_is1) (Version: 5.5.18 - Bidgood Svcs)
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Garmin City Navigator Europe NTU 2017.10 (HKLM-x32\...\{XXXXX}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{XXXXX}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{XXXXX}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{XXXXX}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
GSS (HKLM-x32\...\{XXXXX}) (Version: 1.0.0 - The Creative Bots Inc)
Help Desk (HKLM\...\{XXXXX}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.32.203 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 45256 - Intel)
Intel(R) Driver Update Utility 2.4 (x32 Version: 2.4.0.5 - Intel) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{C2A72E57-2CC7-4C02-BE19-0A12D74C5D63}) (Version: 18.1.1525.1445 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{270e4d1a-19f9-46c3-93b3-e61d4a24ab9f}) (Version: 2.4.0.5 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{313c06de-4aa7-4a1f-930a-f10f80380426}) (Version: 17.14.0 - Intel Corporation)
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.3.0.400 - Intel Corporation)
IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies)
ISO Recorder (HKLM\...\{39600969-41C3-4658-876E-16F108FC5C92}) (Version: 3.0.0 - Alex Feinman)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Exploit version 1.9.1.1291 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1291 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 49.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-GB)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Online Support(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Opera Stable 42.0.2393.137 (HKLM-x32\...\Opera 42.0.2393.137) (Version: 42.0.2393.137 - Opera Software)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1029.0 - Passmark Software)
Pin Blaster (HKLM-x32\...\{E140BF5B-0D17-428C-A026-A43C137159E5}) (Version: 1.0.4 - Vlad M.)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 3.0.15.0 - Goversoft LLC)
PS_AIO_02_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
RAMMon V1.0 (HKLM\...\{D0E36B69-687C-43B3-93BA-5E4B6E531023}_is1) (Version: 1.0 - PassMark Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.37 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.1.0.3 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.58 - Samsung Electronics Co., Ltd.) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Link (HKLM\...\{5A1F24BA-845E-4C89-BFF0-826FD9A6D4EB}) (Version: 2.0.1 - Samsung Electronics Co., Ltd.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
Samsung Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Update (HKLM-x32\...\{0BC4AC38-E7C5-4394-A6BD-32CDCE2C8B9D}) (Version: 2.2.36 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SiSoftware Sandra Lite 2014.SP1 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.18.2014.2 - SiSoftware)
SIW Pro Business Edition (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2013.01.03 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SRWare Iron (64-Bit) version 55.0.2900.1 (HKLM\...\{BA85A29D-B48E-4826-BAEE-817024E52E29}_is1) (Version: 55.0.2900.1 - SRWare)
SRWare Iron version SRWare Iron 39.2100.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 39.2100.0 - SRWare)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1040 - SUPERAntiSpyware.com)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.4.5 - CrystalIDEA Software, Inc.)
Unseen App version 0.1.6 (HKLM-x32\...\{F2456876-05A8-440D-83D1-7BA229F68411}_is1) (Version: 0.1.6 - Unseen.is)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Video Mark (HKLM\...\Video Mark) (Version: 1.0.0 - Video Mark)
Vivaldi (HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\Vivaldi) (Version: 1.6.689.40 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (04/21/2011 01.0.0.0) (HKLM\...\BEA7B05370C19B9C86893BB484FD6B9CC52B0CD8) (Version: 04/21/2011 01.0.0.0 - Cambridge Silicon Radio Ltd.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
XAMPP (HKLM-x32\...\xampp) (Version: 7.0.9-0 - Bitnami)
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
Zip Password Recovery - Ver: 1.42 (HKLM-x32\...\{13C85860-61FD-4110-892F-1EF2A80F066B}_is1) (Version: 1.42.1.293 - Datahjaelp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1002_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\User\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.5.43\20AF279A1AF54D68960096E28B602156\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1002_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\User\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03E7AD33-6037-421C-925D-390E4650AF77} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {067E91A9-6300-4D75-A343-F5E72E967CD9} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0C9786E1-ED2A-4FBB-BC5C-144FF242B342} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {0E441164-9144-4E1F-BDE3-4FA8F8C8E625} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0E552EDC-A2F0-4312-9C7D-04943CD2575B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-15] (Adobe Systems Incorporated)
Task: {0EB2D778-D0F3-4262-84A9-5B99D708C09B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {14C37673-38CD-4DC5-A10A-54124A84FA0D} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2016-07-05] (SEC)
Task: {14D6373A-BE18-4610-90E3-8BCFCDBC0912} - System32\Tasks\Opera scheduled Autoupdate 1378886386 => C:\Program Files (x86)\Opera\launcher.exe [2017-01-16] (Opera Software)
Task: {153F63BB-F077-4707-A386-40321BD35254} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {254504B7-46AD-482B-A394-5618587DCE0D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {25FB372E-C00E-4B1B-A1A7-1F0B8828782F} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-23] (Samsung Electronics Co. Ltd.)
Task: {28187B4E-A910-4E96-921A-CED685744646} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {28F3FDB5-6F31-4A72-84EE-3ADED37D2299} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2E01E104-B839-461F-BCBB-496DE139FD5D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {32321D04-E882-4A18-A558-5184E05F38E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {367C5958-355E-4847-AF82-7C907A5DB0E1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {38DA00E5-E83A-42B4-98E7-13B930E11180} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {399C8F51-99BC-4012-AFE3-52B50D1A9805} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-15] (Microsoft Corporation)
Task: {3BB6741E-931E-43AF-AF68-EA507BEA02A0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-09-23] (Realtek Semiconductor)
Task: {3E2A8596-BA47-4F2D-A8A2-F41B4BF57157} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E3CD0C4-4A4B-423F-B659-5D78D10FED63} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {44535BAE-C225-4CA0-882A-18D4D19D0914} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {45BF9C91-9499-480A-8BDA-7225524A0EBC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {47E8EC1D-E2D5-4D71-8611-D918834545A6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {509CF6CC-EEDE-4908-A436-27025395C221} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {51B7475D-3CA4-4381-A7CD-D7D12A4474E7} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {52C11D6F-9276-42DD-AC12-77BC91EB8022} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {596584F7-993A-40DB-8A23-3FFB08D546AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {60ABF4A2-CACB-474B-9BB2-2509F3E79902} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60DD0F19-86EA-49D5-AA76-63E17157F172} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {64CEB826-E4C7-4F02-A39D-C47C327CA450} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {64F433D9-AD7E-43C3-8157-698AC3A8CF42} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {681D2AA0-CCA3-4D35-BD7F-46009CDE3273} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6A93FA23-05DB-4421-8AF9-6F0AF5BB62F5} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2016-02-24] (Samsung Electronics Co., Ltd.)
Task: {70621D71-580B-4949-BDDC-EA760F358F4B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {73D52BD6-98F5-4D3C-B617-DF32665D5B30} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [2017-01-14] (Goversoft LLC)
Task: {7650053D-A11C-4A40-B992-E7F8C3ED341D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {7CE7B7AD-E089-42E7-B58E-0A0793CA9B10} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {81FD773F-4FAF-4B1B-8317-01132B091FA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {84E48C5B-94E3-4BB5-92A4-04CEFDF405AA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {8CB3F630-5BFE-48C9-A2A4-BF91DE15B573} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8DAA6D19-86BB-405D-BFEE-676B4EECA912} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {910D27D9-D958-44E1-A2E9-B775E61A7737} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9547A726-12A9-44C9-96E6-3B8E29A27CBE} - System32\Tasks\SamsungLinkTray => C:\Program Files\Samsung\SamsungLink\SLServiceUserApp.exe [2016-03-21] (Samsung Electronics CO., LTD.)
Task: {96C1BEF4-E956-4F08-AC4A-3DD924F78A21} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {9949E161-14C1-4343-84C0-E01A74E01A77} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-15] (Adobe Systems Incorporated)
Task: {9994DCAE-B157-4BD4-8218-9EC0A76D87C4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 23431a6c-e26a-4ecd-8689-d5b28a34009d => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2015-05-12] (SUPERAdBlocker.com)
Task: {9F8EB6A0-2CEC-41B3-81DE-670CE27D1861} - System32\Tasks\PrivaZer_cleanup => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [2017-01-14] (Goversoft LLC)
Task: {A4795AEE-0594-439B-931F-BF66977297D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A8EA5417-602C-4168-AD32-31080842D5F4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {B0EC4F94-B9E4-45CC-B1BF-BFB4492733AC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B22F9A9A-BE91-4BFE-94D6-85B45B4FB67B} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3ba67162-6300-4520-aa29-ae2126287995 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2015-05-12] (SUPERAdBlocker.com)
Task: {B48CACA4-9B61-4011-973A-4CBA946547B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {B74AC8EF-A23D-4DC3-B665-1943DCE2A289} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BAC2A3AF-2590-461A-86D1-405C2667124B} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2015-06-19] (Samsung Electronics CO., LTD.)
Task: {CCAAEE9B-BF73-41FE-A7FB-4BF3AD5CEE9A} - System32\Tasks\HPCeeScheduleForUser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {CFDFB591-AA7C-4A48-A805-D96B5EC85DC1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {D3368778-CBF0-41FE-A547-FEA1254B0335} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D3B715CF-2ECD-40B6-88A1-D2BAA1F1DAC0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D42B4C83-412E-4E76-8A80-32FF9F7923F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {D7C0914C-99F3-47D7-A0DE-F84B44D81E26} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DD9F73EF-7FB8-4403-9F9E-98E42E86350F} - \WPD\SqmUpload_S-1-5-21-2027014631-3366834958-3693072843-1001 -> No File <==== ATTENTION
Task: {DE8A711C-AD66-4B18-9C35-C1C9570A921B} - System32\Tasks\RunUninstallTool_SkipUac => C:\Program Files\Uninstall Tool\UninstallTool.exe [2016-04-21] (CrystalIDEA Software)
Task: {E8B97A0F-A050-45A5-92AF-700F3F907A9A} - System32\Tasks\AutoPico Daily Restart => C:\Program [Argument = Files\KMSpico\AutoPico.exe]
Task: {E9DE3911-0FE7-40E4-A9BC-14E4933210D2} - System32\Tasks\AviatorUpdateTask => Wscript.exe "C:\Program Files (x86)\WhiteHat\Aviator\Update\BatchLauncher.vbs" "C:\Program Files (x86)\WhiteHat\Aviator\Update\AviatorAutoUpdate.exe"
Task: {ED837A36-0137-46E6-A2CF-58A3B346FC29} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {EDBF6117-4388-4772-B828-2955E532FF6E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EE8489FC-9149-486D-948B-A2B22407EBF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {EF5B2827-905F-4737-8CA1-8470C7BFA34E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {F11A1FB5-4807-47C7-A2E9-42C238B58A3A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F7AAF3E4-5757-4E22-8595-D53D8DB77A43} - System32\Tasks\Intel_C_CVCV243207CL180EGN => C:\Program Files (x86)\Intel\Intel(R) SSD Toolbox\Intel SSD Toolbox.exe [2015-05-05] (Intel)
Task: {F8900C2C-9C7E-47E3-9891-F98A5022EB37} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe
Task: {FA48A24D-F653-40D0-A39C-A879EFE3BE51} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FBC33469-5CA1-425B-962E-99037063A9F5} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FBC38580-57FA-4DD7-8021-78156E2FFF41} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForUser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 23431a6c-e26a-4ecd-8689-d5b28a34009d.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe  C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 3ba67162-6300-4520-aa29-ae2126287995.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> /high-dpi-support=1 /force-device-scale-factor=1
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b47276b438bb7d92\Chromium.lnk -> C:\Program Files\SRWare Iron (64-Bit)\chrome.exe () -> --profile-directory=Default
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\617b47e4d05a8964\Aviator.lnk -> C:\Program Files (x86)\Whitehat\Aviator\Application\Aviator.exe (The Aviator Authors) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3373c9ebc3a5e445\Chromium.lnk -> C:\Program Files (x86)\SRWare Iron\chrome.exe (SRWare) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-18 08:35 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-14 07:05 - 2014-07-30 13:06 - 00705536 _____ () C:\MAMP\bin\emailrelay\emailrelay-service.exe
2016-07-02 17:51 - 2015-11-03 03:53 - 00089128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\EBCClient.exe
2016-10-14 07:05 - 2016-05-05 16:02 - 08152064 _____ () C:\MAMP\bin\mysql\bin\mysqld.exe
2016-09-02 12:48 - 2016-07-18 11:01 - 11738568 _____ () C:\xampp\mysql\bin\mysqld.exe
2013-09-23 14:57 - 2013-06-10 14:08 - 00284160 ___SH () C:\Program Files\KMSpico\Service_KMS.exe
2015-02-28 07:35 - 2017-01-24 11:36 - 00087094 ____H () C:\Program Files\KMSpico\KMSWrapper64.dll
2015-03-11 11:59 - 2015-05-23 12:59 - 00087094 ____H () C:\WINDOWS\System32\KMSWrapper64.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00142056 _____ () C:\Program Files\Samsung\SamsungLink\Logger.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 02817768 _____ () C:\Program Files\Samsung\SamsungLink\scs_masi.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2016-12-18 08:35 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-03 05:51 - 2016-10-03 05:51 - 00959168 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 02041064 _____ () C:\Program Files\Samsung\SamsungLink\SLCtxMenuExtension.dll
2015-03-11 17:19 - 2015-11-03 13:18 - 00249384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2016-10-03 04:47 - 2016-10-03 04:47 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-15 11:30 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-15 11:30 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-15 11:30 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-15 11:30 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-15 11:30 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-15 11:30 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-04 09:23 - 2015-10-19 15:45 - 00992808 _____ () C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe
2016-07-02 18:23 - 2014-11-18 13:44 - 00255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\TrayPopupE\TrayTipAgentE.exe
2017-01-23 06:52 - 2017-01-23 06:53 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 06:52 - 2017-01-23 06:53 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 06:52 - 2017-01-23 06:53 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 06:35 - 2016-12-14 06:36 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-21 20:53 - 2016-12-19 12:26 - 02524792 _____ () C:\Users\User\AppData\Local\Vivaldi\Application\1.6.689.40\libglesv2.dll
2016-12-21 20:53 - 2016-12-19 12:26 - 00100472 _____ () C:\Users\User\AppData\Local\Vivaldi\Application\1.6.689.40\libegl.dll
2015-01-11 08:15 - 2016-12-13 17:24 - 01046104 _____ () C:\Program Files\SRWare Iron (64-Bit)\chrome.exe
2015-01-11 08:15 - 2016-12-13 17:24 - 00544344 _____ () C:\Program Files\SRWare Iron (64-Bit)\chrome_elf.dll
2015-01-11 08:15 - 2016-12-13 17:24 - 55842392 _____ () C:\Program Files\SRWare Iron (64-Bit)\chrome.dll
2015-01-11 08:15 - 2016-12-13 17:24 - 67638360 _____ () C:\Program Files\SRWare Iron (64-Bit)\chrome_child.dll
2015-01-11 08:15 - 2016-12-13 17:24 - 02488920 _____ () C:\Program Files\SRWare Iron (64-Bit)\libglesv2.dll
2015-01-11 08:15 - 2016-12-13 17:24 - 00100952 _____ () C:\Program Files\SRWare Iron (64-Bit)\libegl.dll
2016-10-10 07:25 - 2016-10-10 07:25 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2016-05-17 23:42 - 2016-05-17 23:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2009-09-25 19:57 - 2016-01-16 07:27 - 01141760 _____ () C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
2016-10-14 07:04 - 2016-02-03 11:45 - 00067584 _____ () C:\MAMP\bin\apache\bin\zlib1.dll
2016-10-14 07:05 - 2014-07-31 14:09 - 00072704 _____ () C:\MAMP\bin\apache\modules\mod_wsgi.so
2016-10-14 07:05 - 2014-07-31 14:09 - 00127056 _____ () C:\MAMP\bin\apache\modules\mod_perl.so
2016-10-14 07:04 - 2014-07-30 13:04 - 00960512 _____ () C:\MAMP\bin\apache\bin\perl516.dll
2015-03-11 17:19 - 2015-09-21 18:00 - 00080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2016-07-02 17:51 - 2015-11-03 03:45 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2016-07-02 17:51 - 2015-11-03 03:45 - 00186408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2016-07-02 17:51 - 2015-11-03 03:45 - 00165416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2016-07-02 17:51 - 2015-11-03 03:45 - 00058408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2016-07-02 17:51 - 2015-11-03 03:45 - 00015912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2015-03-11 17:19 - 2015-06-22 17:58 - 00108072 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-03-11 17:19 - 2015-09-23 17:58 - 00030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-03-11 17:19 - 2015-09-23 17:58 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-03-11 17:19 - 2014-12-14 17:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-03-11 17:19 - 2015-03-14 04:54 - 00281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-03-11 17:19 - 2015-09-23 17:58 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-03-11 17:19 - 2015-09-23 17:58 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-03-11 17:19 - 2015-06-22 17:58 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2014-07-19 17:00 - 2013-09-04 10:19 - 00293960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2015-03-11 17:19 - 2015-11-02 23:03 - 00769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2014-07-19 17:00 - 2013-09-04 10:19 - 00468040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-03-11 17:19 - 2015-06-22 17:58 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2016-07-02 17:51 - 2015-11-03 13:18 - 00111656 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2016-07-02 17:51 - 2015-11-02 23:03 - 00169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
2016-07-02 17:51 - 2015-11-10 11:07 - 00501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
2015-03-11 17:19 - 2015-06-22 17:58 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-03-11 17:19 - 2016-05-10 09:00 - 00019456 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-03-11 17:19 - 2015-09-23 17:58 - 00201768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-03-11 17:19 - 2015-06-22 17:58 - 00136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2015-03-11 17:19 - 2015-09-23 17:58 - 00138792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2015-03-11 17:19 - 2015-09-23 17:58 - 00146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00050216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00061992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00089640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00056360 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2016-07-02 17:51 - 2015-11-03 03:53 - 00018984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\fsclog.dll
2016-07-02 17:51 - 2015-11-03 03:53 - 00058920 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\RemoteInstall.dll
2016-07-02 17:51 - 2015-11-03 03:53 - 00023080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\CMCInit.dll
2016-07-02 17:51 - 2015-11-03 03:53 - 00205352 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\CMCMsgCenter.dll
2016-07-02 17:51 - 2015-11-03 03:53 - 00192552 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\NetComm.dll
2016-07-02 17:51 - 2015-11-03 03:53 - 00108584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\CMCLogCli.dll
2016-07-02 17:51 - 2015-11-03 03:53 - 00026664 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\LocalDB.dll
2016-07-02 17:51 - 2015-11-03 03:53 - 00534056 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\sqlite.dll
2016-07-02 17:51 - 2015-11-03 03:53 - 00116776 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\CMCTaskCli.dll
2016-07-02 17:51 - 2015-11-03 03:53 - 00043560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\CMCNetToken.dll
2016-07-02 17:51 - 2015-11-03 03:53 - 00805928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\HostMgr.dll
2014-01-09 11:13 - 2014-01-09 11:13 - 00016896 _____ () C:\Windows\Prey\versions\1.0.7\bin\windows\Cronsvclib.dll
2016-09-28 18:03 - 2016-06-15 11:26 - 00419328 _____ () C:\xampp\apache\bin\pcre.dll
2016-09-02 12:49 - 2016-07-20 19:44 - 00149504 _____ () C:\xampp\php\libpq.dll
2017-01-20 11:20 - 2016-12-15 10:29 - 00692224 _____ () C:\xampp\php\ioncube\ioncube_loader_win_7.0.dll
2016-11-08 18:14 - 2016-11-08 18:14 - 00326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-01-16 14:43 - 2017-01-16 14:43 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 01138176 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DMSManager.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00038912 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_date_time-vc90-mt-1_47.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00227840 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_serialization-vc90-mt-1_47.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00012800 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_system-vc90-mt-1_47.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00046592 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_thread-vc90-mt-1_47.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00707072 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ContentDirectoryPresenter.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00107008 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DCMCDP.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00102400 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\FolderCDP.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00041472 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DirectoryScanner.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00032768 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\Autobackup.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00055808 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\RosettaAllShare.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00078336 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\MetadataFramework.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00520234 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\sqlite3.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00450560 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\MoodExtractor.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 05717504 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DCMImgExtractor.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00028672 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AutoChaptering.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00028160 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AudioExtractor.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00017920 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\VideoExtractor.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00012288 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ImageExtractor.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00013824 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\TextExtractor.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00147456 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libexpat.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00012288 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\VideoThumb.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00064000 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ID3Driver.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00022528 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\RichInfoDriver.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00125952 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ThumbnailMaker.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00137216 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\VideoMetadataDriver.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00024064 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\photoDriver.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00024064 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\SECMetaDriver.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00289792 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libThumbnail.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 01033216 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ImageMagickWrapper.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00686080 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\avformat-52.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00366592 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\tag.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 04671488 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\avcodec-52.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00070656 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\avutil-50.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00152064 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\swscale-0.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00290816 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libKeyFrame.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00399826 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libexif-12.dll.dll
2016-03-21 09:13 - 2016-03-21 09:13 - 00044032 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\us.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 01272128 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsAPI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-11 17:19 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-09-11 18:41 - 2013-07-22 18:12 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-09-11 18:41 - 2013-07-22 18:12 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-09-11 18:41 - 2013-07-22 18:12 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-09-11 18:41 - 2013-07-22 18:12 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-09-11 18:41 - 2013-07-22 18:12 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-09-11 18:41 - 2013-07-22 18:12 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-09-11 18:41 - 2013-07-22 18:12 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-09-11 18:41 - 2013-07-22 18:12 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-09-11 18:41 - 2013-07-22 18:12 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2016-07-02 18:23 - 2014-02-13 14:27 - 00222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\TrayPopupE\traynet.dll
2016-07-02 18:23 - 2014-02-13 14:27 - 00275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\TrayPopupE\libcurl.dll
2016-07-02 18:23 - 2014-02-13 14:27 - 00113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\TrayPopupE\zlib1.dll
2016-07-02 18:23 - 2014-02-13 14:27 - 00249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\TrayPopupE\uexper.dll
2017-01-24 11:37 - 2017-01-16 17:00 - 00042064 _____ () C:\Users\User\AppData\Local\Viber\qrencode.dll
2017-01-24 11:37 - 2017-01-16 17:01 - 00398416 _____ () C:\Users\User\AppData\Local\Viber\imageformats\qsvg.dll
2016-10-28 16:58 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-10-28 16:58 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2017-01-10 11:27 - 00009302 ____A C:\WINDOWS\system32\Drivers\etc\hosts


There are 130 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Bitcasa => C:\Program Files\Bitcasa\Bitcasa.exe /startup
MSCONFIG\startupreg: EaseUs Tray => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: KiesPreload => "C:\Program Files (x86)\Samsung\Kies\Kies.exe" /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
HKLM\...\StartupApproved\Run: => "Bitcasa"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\StartupApproved\StartupFolder: => "Celine Dion   Goodbyesthe Saddest Word.lnk"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\StartupApproved\StartupFolder: => "EaseUS EverySync.lnk"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\StartupApproved\Run: => ""
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1002\...\StartupApproved\Run: => "Bose Updater"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{29331992-2BC5-4E85-826A-8EBAFA030E26}] => LPort=80
FirewallRules: [{9213B361-BF50-4A40-94BC-B9AE03EB7279}] => C:\xampp\xampp-control.exe
FirewallRules: [{D761706B-9C57-4C45-BCD2-06EB54A8AD31}] => C:\xampp\xampp-control.exe
FirewallRules: [{5EB6FCCA-9F67-4B44-83B5-27BCDAC2AFEE}] => C:\xampp\xampp-control.exe
FirewallRules: [{94D1DAC6-923F-4821-A8CC-3B017E4D3878}] => C:\xampp\xampp-control.exe
FirewallRules: [{03BB9D8D-0539-4274-916A-22E15ECE2A45}] => C:\Windows\Prey\versions\1.6.2\bin\node.exe
FirewallRules: [UDP Query User{EC82520F-4E92-4616-B7E2-7A9B9BD46552}D:\xampp\mysql\bin\mysqld.exe] => D:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{8D47AABE-41F1-4F3D-A158-CFE49524EBA7}D:\xampp\mysql\bin\mysqld.exe] => D:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{1B9A926C-EDA2-4528-9095-318546D5366E}D:\xampp\filezillaftp\filezillaserver.exe] => D:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [TCP Query User{C4A911D1-181D-4EE0-8C18-624AF85F01E9}D:\xampp\filezillaftp\filezillaserver.exe] => D:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [{CF41E7F6-355E-42F1-B230-A041EED73AE0}] => D:\xampp\apache\bin\httpd.exe
FirewallRules: [{716D3F05-7570-43E8-8F68-5B34B0C03AB3}] => D:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{693F1691-AD2C-43E9-A475-45BF9446299D}D:\xampp\apache\bin\httpd.exe] => D:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{5086A628-75B1-488E-A3AF-1CA1417D2D33}D:\xampp\apache\bin\httpd.exe] => D:\xampp\apache\bin\httpd.exe
FirewallRules: [{E7E14FEA-E512-40CC-854A-461E14CE1FD3}] => C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\EBCClient.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\Efficient Password Manager Pro\EfficientPasswordManagerPro.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\Efficient Password Manager Pro\EfficientPasswordManagerPro.exe
FirewallRules: [{37B6654D-4C4B-4166-82A2-4DB1F80396EE}] => C:\Users\User\AppData\Local\Temp\7zS5461\hppiw.exe
FirewallRules: [{A4124C7C-837C-43FA-8E27-7FA4B180448C}] => C:\Users\User\AppData\Local\Temp\7zS5461\hppiw.exe
FirewallRules: [{47673A06-989E-4CD3-814B-304ADE85CF55}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{69FC6EAE-3C70-48CE-AF50-7A6E82A1C74D}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{21EA7D8A-D9A8-4C31-9DA1-EF6D7CE04773}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{521C9568-3675-482B-BB77-AE120CDB9199}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{8C7E9DB2-AF40-4E21-B300-5979D9C87C13}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{19F2C1E0-844A-4A37-877B-37F855764CE8}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{6E0A47B7-92F8-470A-A015-0BFC345EF37A}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{78925CA9-E363-4FBF-ACD3-02606E0751E8}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{B87B3363-C323-45A0-8D71-1E385B120BCC}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{BFCC522E-ED69-48C7-8A5A-1803AE0044F8}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{853D9B8D-221F-4773-839C-720D07E8D640}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{E200DD3C-8024-4726-BDB2-CF21E3E7F1C2}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{7BED1A07-9E5F-4C8A-9A23-71B5A1801613}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{CEDBFA77-D997-478C-A896-EF5612967A6F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{199D7E67-A2FD-4294-9795-1A14757B7134}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{43BB45F1-7E26-4F16-9844-B0BE405765F0}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{2F3568CE-F46F-41EE-A12E-C222EFEC1FE7}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{0220EDFF-F5D7-4FB2-A428-3CDC13DA3F4A}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{50E07EF3-3B4E-484C-A886-48232B654859}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{51302AC8-6906-4B1E-BE89-930FFAF0DA8E}] => LPort=16720
FirewallRules: [{94AE5924-429F-49EB-9CAE-167D9EB93513}] => LPort=16720
FirewallRules: [{0D21FB85-53A0-4205-A63A-6C4DEB684151}] => LPort=2869
FirewallRules: [{A449499C-7CF1-442B-BAAF-1CE19B185744}] => LPort=1900
FirewallRules: [{75D3EFA3-12A7-4477-9452-6CFD849F8177}] => C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe
FirewallRules: [{47FAC737-3909-45A0-A0B3-D9CE6EC3AEF7}] => C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe
FirewallRules: [{111148A3-9E3D-4406-82CC-543C6F12966F}] => LPort=1900
FirewallRules: [{3F02141F-A1D3-4CAE-A85F-1AED69EC9FEA}] => LPort=8643
FirewallRules: [{E6518441-D93A-4A5D-864A-CC3DB553BF99}] => LPort=8743
FirewallRules: [{1A4F34F1-8C28-442D-B836-A8344B6936EC}] => LPort=7679
FirewallRules: [{5C554DAE-DBFD-4CC4-8A18-5DA1CBF60F28}] => LPort=7676
FirewallRules: [{E2694746-6AB8-4CD9-B99E-3109CDBE2D89}] => LPort=7900
FirewallRules: [{C5AB9F3F-0654-444F-AF1F-19E7740F507D}] => LPort=24234
FirewallRules: [{67A19979-E144-454D-AF93-B8C4D71AFAAE}] => C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe
FirewallRules: [{7FA9082A-7100-4A9D-949E-ADC0981ADAF5}] => C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe
FirewallRules: [{F6D1BE10-9DE0-4944-BC51-7E4BD3E04E8F}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{3730CB47-EF43-4545-B45C-B027CDBE5763}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{0588828C-6919-42A3-A256-FF8BFBCBC652}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{73C85359-C427-41DE-A7BF-868933D694FD}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D63BADC5-9958-426B-82B1-25DBB78D6C67}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{2113E5FD-5EA8-40FF-A71C-1D4FF42DA493}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{67A2EB1D-9254-42B4-B35C-B15C4D278BFF}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{147BF8EB-3F48-4915-8C2D-9087111EEB6F}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [UDP Query User{CB89653B-2F53-48BA-A05B-82D5FFE1988B}C:\xampp-new\mercurymail\mercury.exe] => C:\xampp-new\mercurymail\mercury.exe
FirewallRules: [TCP Query User{3FCE2E46-9315-4040-88DF-69C0E30D8F2D}C:\xampp-new\mercurymail\mercury.exe] => C:\xampp-new\mercurymail\mercury.exe
FirewallRules: [UDP Query User{0E97D187-FC31-4F9F-A121-4B34606223B0}C:\xampp-new\apache\bin\httpd.exe] => C:\xampp-new\apache\bin\httpd.exe
FirewallRules: [TCP Query User{4DF4A650-D0EB-408B-9339-02EBE344654F}C:\xampp-new\apache\bin\httpd.exe] => C:\xampp-new\apache\bin\httpd.exe
FirewallRules: [{7B01562E-B2B5-4D1B-AB7D-0463B40AB35A}] => LPort=139
FirewallRules: [UDP Query User{24A5B9C3-D331-4AD7-940F-9C9442100248}C:\program files (x86)\java\jre1.8.0_31\bin\java.exe] => C:\program files (x86)\java\jre1.8.0_31\bin\java.exe
FirewallRules: [TCP Query User{A2798CB7-B676-4C03-B332-D6F636EE7E5F}C:\program files (x86)\java\jre1.8.0_31\bin\java.exe] => C:\program files (x86)\java\jre1.8.0_31\bin\java.exe
FirewallRules: [{63A53C1E-914E-4DC8-AB7B-EB0559D6A4DA}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DF5AF6B5-2A79-482F-82A8-8D9C4D6817C3}] => LPort=2869
FirewallRules: [{DFAD30A5-9A65-4489-9DD2-FFCF31E72EB9}] => LPort=1900
FirewallRules: [TCP Query User{F0BF143D-BF78-4FC7-BD47-C8E8E37C2323}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{25EC7EAC-3759-4648-9EEA-6A7AEB062BA0}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{E191339F-CAAF-4257-8CCD-AC2B8794DE31}] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{8148F1A7-0435-49BB-AA99-F41DA93DFD8E}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [TCP Query User{A4B2A245-2DBF-4EF7-8D35-EE1320BD24AD}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{40AFBB9A-BE19-4E8D-991D-61188E6CC846}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe
FirewallRules: [{A0635FB2-4432-4B45-B003-30A34CA785E2}] => C:\xampp\apache\bin\httpd.exe
FirewallRules: [{795475B8-362B-4E9F-94AD-76E1FE58D985}] => C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{54E59921-799C-443F-BC00-29495F60F528}C:\xampp\filezillaftp\filezilla server.exe] => C:\xampp\filezillaftp\filezilla server.exe
FirewallRules: [UDP Query User{0700A480-BD11-477F-A044-470899F3E1A7}C:\xampp\filezillaftp\filezilla server.exe] => C:\xampp\filezillaftp\filezilla server.exe
FirewallRules: [TCP Query User{3EF91FCE-DB83-4DCC-854B-480E9FC181BF}C:\xampp\mercurymail\mercury.exe] => C:\xampp\mercurymail\mercury.exe
FirewallRules: [UDP Query User{405AC75D-1A7A-492B-95A7-A5B9645728AC}C:\xampp\mercurymail\mercury.exe] => C:\xampp\mercurymail\mercury.exe
FirewallRules: [TCP Query User{9F43ECAC-A67D-4D00-903F-5FBB01F02B8B}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{763D4EC5-9E1F-4970-8E2B-4A021D1FBDD4}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{CE70C37F-563B-46FE-B711-BC6A2C57E09E}] => C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1\RpcAgentSrv.exe
FirewallRules: [{88062A23-2145-47A3-8305-7A6AB65F90B6}] => LPort=8743
FirewallRules: [{95B3844E-0243-4AAE-AF68-B8362F76DD67}] => LPort=8643
FirewallRules: [{83E72B34-5DB9-4F54-B7F6-6257BE48E80C}] => LPort=7676
FirewallRules: [{7D42CDF8-E19F-403B-9B48-87DA7561A5A7}] => LPort=7679
FirewallRules: [{4E5BB4AF-ACE4-46A1-B132-53B7FA572642}] => LPort=24234
FirewallRules: [{C1EA704E-2BAD-4F7A-A161-EBCD4DD8FAF7}] => LPort=7900
FirewallRules: [{79011C62-EE7E-40D7-BFAD-78E92214AD6E}] => LPort=1900
FirewallRules: [TCP Query User{84CA1761-175F-49E1-8AEA-43C9713122BD}C:\program files (x86)\filezilla ftp client\filezilla.exe] => C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{35BE1743-C5A4-4157-8D00-DE120B2724C6}C:\program files (x86)\filezilla ftp client\filezilla.exe] => C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{1F9F1F4C-D5E1-439C-B7CF-6929B257FEC9}C:\xampp\filezillaftp\filezillaserver.exe] => C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [UDP Query User{1825BF8C-04EB-4059-9510-52BB5BF2AE45}C:\xampp\filezillaftp\filezillaserver.exe] => C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [TCP Query User{92704C4C-87F9-4ED7-9252-4EE57F5DE125}C:\xampp\filezillaftp\filezillaserver.exe] => C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [UDP Query User{9C1EEC9D-5FF5-43EC-9887-D23AFAB781D6}C:\xampp\filezillaftp\filezillaserver.exe] => C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [TCP Query User{1A5958C5-7F53-418E-B3FD-5A03ACE73286}C:\program files (x86)\coreftp\coreftp.exe] => C:\program files (x86)\coreftp\coreftp.exe
FirewallRules: [UDP Query User{8E780427-CC03-4012-B9B0-9704D2C1761C}C:\program files (x86)\coreftp\coreftp.exe] => C:\program files (x86)\coreftp\coreftp.exe
FirewallRules: [TCP Query User{EDC22E25-8B37-4225-9CBF-B1CAD54492B4}C:\xampp\mercurymail\mercury.exe] => C:\xampp\mercurymail\mercury.exe
FirewallRules: [UDP Query User{3F589D56-5690-4047-842E-277F114F77D1}C:\xampp\mercurymail\mercury.exe] => C:\xampp\mercurymail\mercury.exe
FirewallRules: [TCP Query User{030D22B1-BB77-4CDC-9548-D7ACFFBC6183}C:\program files (x86)\filezilla ftp client\filezilla.exe] => C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{8398E66B-B722-435A-878E-68F70B812B2D}C:\program files (x86)\filezilla ftp client\filezilla.exe] => C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [{27A7A5B0-F4CF-47DF-BBB0-5FF83755A0A4}] => C:\xampp\xampp_start.exe
FirewallRules: [{BA14A96F-3084-4D53-AACF-0199DAA72522}] => C:\xampp\xampp_start.exe
FirewallRules: [{289DF8E2-4556-449C-9C80-C3835F5DCAED}] => C:\xampp\xampp_start.exe
FirewallRules: [{B81BC225-DEB8-43C6-8983-543A3761911D}] => C:\xampp\xampp_start.exe
FirewallRules: [TCP Query User{F439A78C-8F72-4D51-A278-E0211687461E}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{80D3F50F-45C9-4EB8-9328-81C164CB41CC}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{522704C5-D32F-4C1E-B821-802E0E369B8B}] => C:\Windows\Prey\versions\1.1.3\bin\node.exe
FirewallRules: [TCP Query User{5AC6A41E-7854-4B97-A880-2FC47017844F}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{71519970-517A-44AC-A8BB-9B1291656BAF}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{9BEF6B1B-0F36-4F18-BA75-EC2751B050D5}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{885B86B8-A46C-42E8-883E-A534BC735F4D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D8CB1EE8-EE90-4A8C-BD2E-FDF1AAA7E07C}] => C:\Users\User\AppData\Local\Vivaldi\Application\vivaldi.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{98A2F5EC-9616-4713-B5F1-E63A09F7560E}] => C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{96706C1E-C3D9-4482-B7BA-0C8561FA6BA7}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\Efficient Password Manager Pro\EfficientPasswordManagerPro.exe
FirewallRules: [{XXXXX}] => C:\Program Files (x86)\Efficient Password Manager Pro\EfficientPasswordManagerPro.exe
FirewallRules: [{CA711A3F-6280-480B-9F87-FD419078CA72}] => C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
FirewallRules: [{CD537D5B-0393-472D-8825-B6934569E7F9}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C8C0AAB8-2C7B-4AFE-B74E-76F3972BBE7A}] => C:\Program Files\KMSpico\Service_KMS.exe

==================== Restore Points =========================

12-01-2017 04:55:57 Garmin Express
15-01-2017 12:46:02 Windows Update
18-01-2017 06:32:48 Garmin Express

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2017 12:37:33 PM) (Source: PreyCronService) (EventID: 0) (User: )
Description: Monitoring node process with id: 12384

Error: (01/24/2017 12:37:32 PM) (Source: PreyCronService) (EventID: 0) (User: )
Description: Monitoring node process with id: 20220

Error: (01/24/2017 12:37:32 PM) (Source: PreyCronService) (EventID: 0) (User: )
Description: Monitoring node process with id: 22564

Error: (01/24/2017 12:37:32 PM) (Source: PreyCronService) (EventID: 0) (User: )
Description: Monitoring node process with id: 18832

Error: (01/24/2017 12:37:31 PM) (Source: PreyCronService) (EventID: 0) (User: )
Description: Monitoring node process with id: 2768

Error: (01/24/2017 12:37:31 PM) (Source: PreyCronService) (EventID: 0) (User: )
Description: Monitoring node process with id: 12364

Error: (01/24/2017 12:37:30 PM) (Source: PreyCronService) (EventID: 0) (User: )
Description: Monitoring node process with id: 1052

Error: (01/24/2017 12:37:30 PM) (Source: PreyCronService) (EventID: 0) (User: )
Description: Monitoring node process with id: 3996

Error: (01/24/2017 12:37:30 PM) (Source: PreyCronService) (EventID: 0) (User: )
Description: Monitoring node process with id: 22740

Error: (01/24/2017 12:37:29 PM) (Source: PreyCronService) (EventID: 0) (User: )
Description: Monitoring node process with id: 12748


System errors:
=============
Error: (01/24/2017 11:46:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Definition Update for Windows Defender - KB2267602 (Definition 1.235.1075.0).

Error: (01/24/2017 11:36:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 11:36:10 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MAMPPRO-Apache service terminated with the following service-specific error: 
Incorrect function.

Error: (01/24/2017 11:36:06 AM) (Source: DCOM) (EventID: 10010) (User: User)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/24/2017 11:36:06 AM) (Source: DCOM) (EventID: 10010) (User: User)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/24/2017 11:36:06 AM) (Source: DCOM) (EventID: 10010) (User: User)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/24/2017 11:36:06 AM) (Source: DCOM) (EventID: 10010) (User: User)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/24/2017 11:36:06 AM) (Source: DCOM) (EventID: 10010) (User: User)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/24/2017 11:36:06 AM) (Source: DCOM) (EventID: 10010) (User: User)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/24/2017 11:36:06 AM) (Source: DCOM) (EventID: 10010) (User: User)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2017-01-16 08:26:29.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-16 08:26:29.087
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 12:22:57.062
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 12:22:57.041
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-02 07:13:16.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-02 07:13:16.245
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-19 07:11:26.897
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-19 07:11:26.873
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-18 10:26:29.490
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-18 10:26:29.467
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3635QM CPU @ 2.40GHz
Percentage of memory in use: 68%
Total physical RAM: 12174.88 MB
Available physical RAM: 3791.2 MB
Total Virtual: 32654.88 MB
Available Virtual: 17532.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:453.17 GB) (Free:251.05 GB) NTFS
Drive e: (SvarturUSB3) (Fixed) (Total:465.76 GB) (Free:168.34 GB) NTFS
Drive f: (Sammi 1GB) (Fixed) (Total:908.68 GB) (Free:500.54 GB) NTFS
Drive g: (XAMPP) (Fixed) (Total:232.88 GB) (Free:202.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 52337D59)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 28B2554E)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 0002941A)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 232.9 GB) (Disk ID: D2CB391F)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Thanks for this fix, it worked, I got the browser back, but it would have been better to have a warning that this fixer will close ALL open programs! Luckily I did save my work before running this fix, so no harm was done. 

 

Thanks again.

Dennis

Link to post
Share on other sites

How does this lock attach itself to the browser? I run two other chromium browsers which are not affected.

Without any warnings the last run of this recommended tool, it wiped out ALL settings in two browsers, it took me nearly 3 hours to restore everything, I don't have the luxury of wasting time restoring things over and over again.

As the two other browsers seem not to be infected, I am going to use my uninstaller to remove the browser and all files related to the browser. I assume this lock is not hiding somewhere on the computer and would think it is safe to run a total uninstall of all browser files, and the lock will be deleted as well?

Can anyone confirm that this block is not hiding on the machine and it would be safe to run the uninstaller?

Edited by Hummm
Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.