Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by FoolForGod (2015-07-31 13:54:15)
Running from C:\Users\Well\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3671931335-1126879999-2394397564-500 - Administrator - Disabled)
FoolForGod (S-1-5-21-3671931335-1126879999-2394397564-1001 - Administrator - Enabled) => C:\Users\Well
Guest (S-1-5-21-3671931335-1126879999-2394397564-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Advanced Video FX Engine (HKLM-x32\...\Advanced Video FX Engine) (Version: - )
Agent Ransack x64 (HKLM\...\{58C0AC50-8FA1-4A95-AEC6-5B2727E5CC6A}) (Version: 7.0.820.1 - Mythicsoft Ltd)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AutoIt Debugger 0.47.0 (HKLM-x32\...\AutoIt Debugger) (Version: 0.47.0 - Essential Software)
AutoIt v3.3.12.0 (HKLM-x32\...\AutoItv3) (Version: 3.3.12.0 - AutoIt Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J870DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.8.0.17 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.1.7 - Canon Inc.)
Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.82 - NCH Software)
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.14 - Dolby Laboratories Inc)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
e-Sword Macros for Word 2010 (HKLM-x32\...\{42E7C0DA-0DC2-47FF-A3AF-AF011BC5F21E}) (Version: 10.04.0000 - Rick Meyers)
e-Sword Training Demos (HKLM-x32\...\{94AF494C-9CD7-4D20-B83C-C29D1384BBA6}) (Version: 9.00.0003 - Rick Meyers)
ETDWare X64 11.7.18.2_WHQL (HKLM\...\Elantech) (Version: 11.7.18.2 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{3EA6AB5D-D434-4ACA-9609-48F1319518EF}) (Version: 1.0.94 - Condusiv Technologies)
Expresso (HKLM-x32\...\{81A1B78B-69B5-4F71-950D-598FA62FCB73}) (Version: 3.0.4750 - Ultrapico) <==== ATTENTION
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{7288D4E1-8050-4B81-B9EC-F812D17AD693}) (Version: 16.1.1.0084 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LG USB Drivers (HKLM-x32\...\LG USB Drivers) (Version: - )
Logitech H760 (HKLM\...\{55EEEF58-7B7A-421A-8188-BD62D73E1E64}) (Version: 1.0.161 - Logitech)
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
ModeShift (HKLM-x32\...\{FE9EE5AB-4A44-4FFE-9D2B-250816303352}) (Version: 1.0.0 - Samsung)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.55 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.55 - NTI Corporation) Hidden
Online Support(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Paltalk Messenger 11.6 (HKLM-x32\...\Paltalk Messenger) (Version: 11.6.604.17056 - AVM Software Inc.)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: - NCH Software)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
RadioSure (HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\RadioSure) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.28145 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.53 - Samsung Electronics CO., LTD.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.0.1 - Samsung Electronics)
Samsung Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Samsung Update (HKLM-x32\...\{00ABE05F-DB49-4421-AA35-833DD9A9A94D}) (Version: 2.2.12 - Samsung Electronics CO., LTD.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
SciTE4AutoIt3 14.801.2025.0 (HKLM-x32\...\SciTE4AutoIt3) (Version: 14.801.2025.0 - Jos van der Zande)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Support Center (HKLM\...\{711DE117-767F-48A8-9864-66C525B9539F}) (Version: 2.1.1223 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.17 - Samsung Electronics CO., LTD.) Hidden
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
True Image WD Edition (HKLM-x32\...\{85CB1512-2D4A-4469-AC21-6B111D169CEB}) (Version: 16.0.5962 - Acronis)
User Guide (HKLM-x32\...\{1AF4E383-CB84-4759-850E-FA584635905A}) (Version: 1.1.00 - Samsung Electronics CO., LTD.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoipStunt (HKLM-x32\...\VoipStunt_is1) (Version: 4.13 build 737 - Finarea S.A. Switzerland)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{B74717F4-9E4D-4FEF-B234-97EC2ADACFD8}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{E0223E66-5682-4F65-9F5D-A2AB7C593323}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{f8b1c3bb-688a-4421-a45e-a22dd15f22ee}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
XNote Stopwatch (HKLM-x32\...\XNote Stopwatch) (Version: 1.66 - dnSoft Research Group)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3671931335-1126879999-2394397564-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Well\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3671931335-1126879999-2394397564-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Well\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
30-07-2015 18:55:17 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 01:26 - 2013-05-20 20:39 - 00002023 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 exitpop.paltalk.com
127.0.0.1 advertising.paltalk.com
127.0.0.1 yads.zedo.com
127.0.0.1 bannerfarm.ace.advertising.com
127.0.0.1 udmserve.net
127.0.0.1 19.142.13/s0.2mdn.net
127.0.0.1 download.myads.com
127.0.0.1 ec.atdmt.com
127.0.0.1 dspads.sitescout.netdna-cdn.com
127.0.0.1 imagen01.247realmedia.com
127.0.0.1 choices.truste.com
127.0.0.1 cadreon.com
127.0.0.1 mcdonalds.com
127.0.0.1 dspads.sitescout.netdna-cdn.com
127.0.0.1 clickserv2.sitescout.com
127.0.0.1 ads.lfstmedia.com
127.0.0.1 content.quantserve.com
127.0.0.1 cdn.invitemedia.net
127.0.0.1 ib.adnxs.com
127.0.0.1 s0.2mdn.net
127.0.0.1 tag.admeld.com
127.0.0.1 ads.adsonar.com
127.0.0.1 media.gevalia.com
127.0.0.1 speed.pointroll.com
127.0.0.1 ad.adorika.com
127.0.0.1 media.fastclick.net
127.0.0.1 ads.adbrite.com
127.0.0.1 adserving.cpxinteractive.com
127.0.0.1 ad.doubleclick.net
There are 9 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01BAE8A1-B071-408E-8E41-BA8C5204E4ED} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {0C2E1900-25BF-4D46-BA99-63FA3D533B64} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-30] (AVAST Software)
Task: {148BB49E-9F05-4E96-892A-555B6121E94B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {16A10116-A55F-40DB-A8A2-A73000529293} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {190DDF05-5615-4485-90BB-FFDAC2466F35} - System32\Tasks\{CC3C42C5-A13A-4C00-8014-75F95CFE54D5} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {2377E46E-E4C4-4A77-A6BA-50CF6682E248} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {3DDD787D-788D-42E3-8053-CCDFE166BCBA} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-07-02] (Samsung Electronics CO., LTD.)
Task: {458A1C5E-8587-441E-84E8-312DF9EFBD8D} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-06-14] (Dolby Laboratories Inc.)
Task: {53F14695-2E20-4695-A285-AF65699AB444} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2015-06-19] (Samsung Electronics CO., LTD.)
Task: {5781272D-0187-4DC1-BA82-F74217D83264} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {82F43275-372D-4086-BF08-DFE396D580A2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001Core => C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)
Task: {9C0B667C-6A32-426E-826F-D5616847D58B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C0E70ABA-4ADC-4E31-B44E-996D75743A46} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001UA => C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)
Task: {CCB6F802-0A04-4A6F-AC19-61A4B9B65A40} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {D5596368-64A5-4034-A9CE-D15E44989D6A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {E85A4125-24F2-4A54-8142-F69F6CB2DD0A} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {F41D5CB8-0162-4F58-A627-DFCD3ED6982C} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-07-01] (Samsung Electronics CO., LTD.)
Task: {F448C3B2-A612-42AB-8C7B-58C46E2A9646} - System32\Tasks\ModeShift => C:\Program Files (x86)\Samsung\ModeShift\ModeShift.exe [2013-04-25] (Samsung Electronics Co., Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001Core.job => C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001UA.job => C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe
==================== Loaded Modules (Whitelisted) ==============
2014-11-06 16:31 - 2013-04-15 12:50 - 00198144 _____ () C:\WINDOWS\System32\HP1006LM.DLL
2014-11-06 16:31 - 2013-04-15 12:50 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1006PP.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-11-07 21:54 - 2005-04-22 00:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2015-07-01 20:50 - 2015-07-01 20:50 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2015-07-30 17:31 - 2015-07-30 17:31 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-30 17:31 - 2015-07-30 17:31 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-30 17:00 - 2015-07-30 17:00 - 02959360 _____ () C:\Program Files\AVAST Software\Avast\defs\15073003\algo.dll
2015-07-31 13:43 - 2015-07-31 13:43 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15073101\algo.dll
2013-04-25 09:15 - 2013-04-25 09:15 - 00017920 _____ () C:\Program Files (x86)\Samsung\ModeShift\WSABI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 01272128 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsAPI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-11-07 17:14 - 2013-11-07 17:14 - 00465824 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2015-07-17 15:10 - 2015-07-17 15:10 - 01020928 _____ () C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\extensions\
[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2015-03-05 11:50 - 2015-03-05 11:50 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-25 19:41 - 2013-09-16 13:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-03-06 01:10 - 2014-03-06 01:10 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Well\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "ImageBrowser EX Agent.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Logitech H760"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run32: => "BackupNowEZtray"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\StartupFolder: => "Logitech H760 Product Registration.lnk"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\Run: => "SandboxieControl"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{8D0908B4-C0A6-4216-8978-4A3444C7C1A4}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe] => (Allow) C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe
FirewallRules: [TCP Query User{DF6F32E1-8F15-4D6E-9522-D7FD379AFB15}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe] => (Allow) C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe
FirewallRules: [UDP Query User{EC593F76-03E6-482A-85E2-EC860800DE0D}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{BD1AB08A-09C9-4008-9EF1-2E0D8C4A07D8}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{A522B52F-365D-4915-9281-8FA014DB0390}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{7D861602-0693-43C9-8BEE-23549BF8B19B}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{4C4EDDB9-5AF7-465E-8D77-2B863AB93F01}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{29CD4B59-66DD-47E0-9C01-12D9ECB74531}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E3DC4304-CAAA-4BA5-BE7B-1B0DE616442A}] => (Allow) LPort=1900
FirewallRules: [{6C1B83AD-9D75-4EE8-B3B2-2EEA5B2008B1}] => (Allow) LPort=2869
FirewallRules: [{36617355-9767-40F4-80A0-343ED497E7B1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E4810909-9E08-4944-9349-4317240BC0C0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{55086C40-6C60-4776-B84F-E19C46A36596}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{3F68F9C3-4277-41AC-9F4C-8985DD7E7DF7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{AD8286FF-D204-49F8-A9B0-783AE96617C3}C:\users\well\appdata\local\radiosure\radiosure.exe] => (Block) C:\users\well\appdata\local\radiosure\radiosure.exe
FirewallRules: [UDP Query User{337E534C-1DEF-4846-90DD-F38A16A063EB}C:\users\well\appdata\local\radiosure\radiosure.exe] => (Block) C:\users\well\appdata\local\radiosure\radiosure.exe
FirewallRules: [TCP Query User{9002FAEA-9578-43BE-8733-D5B5785FE62C}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe
FirewallRules: [UDP Query User{04444AAA-D272-4434-9B6F-CA0889B5F868}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe
FirewallRules: [TCP Query User{1E35576B-E5A4-4490-875C-02DE274FFDC2}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe] => (Allow) C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe
FirewallRules: [UDP Query User{ABC627F6-4A54-4F0C-88A7-9F63DBA39076}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe] => (Allow) C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe
FirewallRules: [{6512B074-4292-45B6-A2D9-BDAF6E8AE997}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{F7863D64-C61D-407C-8D98-4B7E7A779696}] => (Allow) LPort=54925
FirewallRules: [{8F575D0E-709A-4926-B3C8-A8C6428D82DE}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{FE9013C6-5FBA-4F8A-A87F-7CBC207C9083}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{96B7ECE7-DA12-4CDB-8891-6A8A315BEC6A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DF1D136B-750A-4463-9C55-4D4E0F47CD9C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F2B4AF0-B7C5-4AE0-A88E-9B3D7140F349}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{370406F2-B574-4D25-A1FC-8C2101742102}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EBF1A2EC-A278-4394-B9B5-541DD9EA1122}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F61D6865-8843-49C5-B487-5FA0F5E533E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6E39BA6C-B680-432E-8604-BCFD593E03A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5142ABC5-9430-4C27-AC68-BDDD37BBD012}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{102087B8-370D-4F07-A951-F2FD1CD8F072}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E3BEEA0D-6C18-4754-B7B7-68BAD70EC00B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{911568F1-566B-4701-8A7D-032104B2EE1C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BC555189-D3E1-4EDD-BB85-0B3463D1EE5B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{552D6BFB-8115-497F-B832-90866C781A88}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F0BD1075-5161-497B-94A6-0AC4FA466B0F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8AF6EAC6-09E7-48CB-9C50-0029B3E61882}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/31/2015 01:43:12 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (07/31/2015 01:43:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (07/30/2015 06:54:09 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (07/30/2015 06:54:08 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (07/30/2015 06:43:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasySettingsCmdServer.exe, version: 0.0.0.0, time stamp: 0x5583ba20
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000005
Fault offset: 0x0004212f
Faulting process id: 0x1664
Faulting application start time: 0xEasySettingsCmdServer.exe0
Faulting application path: EasySettingsCmdServer.exe1
Faulting module path: EasySettingsCmdServer.exe2
Report Id: EasySettingsCmdServer.exe3
Faulting package full name: EasySettingsCmdServer.exe4
Faulting package-relative application ID: EasySettingsCmdServer.exe5
Error: (07/30/2015 05:14:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (07/30/2015 05:14:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (07/30/2015 04:59:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasySettingsCmdServer.exe, version: 0.0.0.0, time stamp: 0x5583ba20
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000005
Fault offset: 0x000491af
Faulting process id: 0x1874
Faulting application start time: 0xEasySettingsCmdServer.exe0
Faulting application path: EasySettingsCmdServer.exe1
Faulting module path: EasySettingsCmdServer.exe2
Report Id: EasySettingsCmdServer.exe3
Faulting package full name: EasySettingsCmdServer.exe4
Faulting package-relative application ID: EasySettingsCmdServer.exe5
Error: (07/30/2015 04:53:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (07/30/2015 04:53:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
System errors:
=============
Error: (07/30/2015 06:03:08 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.
The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x2000000000024. The name of the file is "<unable to determine file name>".
Error: (07/30/2015 05:38:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F319F1B8-7587-4146-AF9C-0D6D77819BF1}
Error: (07/30/2015 11:57:52 AM) (Source: DCOM) (EventID: 10010) (User: UrimAndThummim)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/30/2015 11:57:22 AM) (Source: DCOM) (EventID: 10010) (User: UrimAndThummim)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/30/2015 11:46:01 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Malwarebytes Anti-Exploit Service service hung on starting.
Error: (07/27/2015 04:45:54 AM) (Source: DCOM) (EventID: 10010) (User: UrimAndThummim)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/27/2015 04:45:24 AM) (Source: DCOM) (EventID: 10010) (User: UrimAndThummim)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/26/2015 10:54:10 AM) (Source: DCOM) (EventID: 10010) (User: UrimAndThummim)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/26/2015 10:53:40 AM) (Source: DCOM) (EventID: 10010) (User: UrimAndThummim)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/26/2015 10:34:46 AM) (Source: DCOM) (EventID: 10010) (User: UrimAndThummim)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Microsoft Office:
=========================
Error: (07/31/2015 01:43:12 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (07/31/2015 01:43:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (07/30/2015 06:54:09 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\The parameter is incorrect. (0x80070057)
Error: (07/30/2015 06:54:08 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)
Error: (07/30/2015 06:43:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EasySettingsCmdServer.exe0.0.0.05583ba20ntdll.dll6.3.9600.17736550f42c2c00000050004212f166401d0cb1919b5e070C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exeC:\WINDOWS\SYSTEM32\ntdll.dll5ab5aea4-370c-11e5-82d8-50b7c37841b3
Error: (07/30/2015 05:14:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\The parameter is incorrect. (0x80070057)
Error: (07/30/2015 05:14:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)
Error: (07/30/2015 04:59:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EasySettingsCmdServer.exe0.0.0.05583ba20ntdll.dll6.3.9600.17736550f42c2c0000005000491af187401d0cb0aa5239612C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exeC:\WINDOWS\SYSTEM32\ntdll.dlle5de5346-36fd-11e5-82d6-50b7c37841b3
Error: (07/30/2015 04:53:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\The parameter is incorrect. (0x80070057)
Error: (07/30/2015 04:53:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)
CodeIntegrity:
===================================
Date: 2015-07-21 13:12:42.266
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-07-21 13:12:41.984
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-07-21 13:12:41.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-07-21 13:12:41.375
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-07-21 13:12:36.265
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-07-21 13:12:35.952
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-07-21 13:12:26.967
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-07-21 13:12:26.639
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-07-21 13:12:26.248
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-07-21 13:12:25.848
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 16342.2 MB
Available physical RAM: 12249.58 MB
Total Virtual: 32726.2 MB
Available Virtual: 28410.64 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:231.63 GB) (Free:102.7 GB) NTFS
Drive d: (2ndHDD) (Fixed) (Total:465.76 GB) (Free:391.3 GB) NTFS
Drive e: (PLAYDISC) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 267D4F5E)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 92CDA70E)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of log ============================