Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me clean a laptop. (URGENT)


  • This topic is locked This topic is locked
2 replies to this topic

#1 softwaremaniac

softwaremaniac

  • Malware Study Hall Senior
  • 945 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Croatia
  • Local time:08:59 AM

Posted 06 July 2016 - 02:12 PM

Hi, I'm cleaning a friends laptop and I cannot format it nor enter BIOS since it is password protected.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by iva (administrator) on IVAA94 (06-07-2016 21:00:13)
Running from C:\Users\iva\Desktop
Loaded Profiles: iva (Available Profiles: iva & Guest)
Platform: Windows 8.1 (Update) (X64) Language: hrvatski (Hrvatska)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Junedoor\Application\chrome.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CryptoMill Technologies Ltd.) C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
() C:\ProgramData\Junedoor\Junedoor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [147160 2013-08-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => "C:\windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe"
HKLM\...\Run: [CryptoMill Refresh] => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-07-04] (IDT, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-08-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-07-31] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-12] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [493528 2013-05-21] (CyberLink Corp.)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2013-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8897712 2016-07-06] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\Run: [Facebook Update] => C:\Users\iva\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-19] (Facebook Inc.)
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\Run: [uTorrent] => C:\Users\iva\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-21] (BitTorrent Inc.)
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\Run: [DriverMax_RESTART] => [X]
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\MountPoints2: {09a8ba0e-8792-11e4-824f-806e6f6e6963} - "F:\setup.exe"
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\MountPoints2: {5003ee24-84a3-11e4-be81-28e34724d765} - "G:\Setup.exe"
AppInit_DLLs: Files => No File
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-08-22] (CryptoMill Technologies Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-06] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-08-22] (CryptoMill Technologies Ltd.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3D5C58F0-B1D6-4482-9ECA-BE6EC204EAAD}: [DhcpNameServer] 172.168.0.2
Tcpip\..\Interfaces\{53905BB6-6D71-449C-B991-09B3CE63D992}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE07&ocid=UE07DHP
SearchScopes: HKU\S-1-5-21-1905122888-3701062671-1954668978-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: VauDDix -> {09bd77b9-04ae-4b93-98f6-8b691ea98752} -> C:\Program Files (x86)\VauDDix\fUtvXU7tVBucD5.x64.dll => No File
BHO: YoutuBBeeAdBlocKie -> {29485773-42cf-47e4-a947-4b634092502e} -> C:\Program Files (x86)\YoutuBBeeAdBlocKie\XJd510GqF0XpsN.x64.dll => No File
BHO: BeSotSSaveFForYYou -> {3d98fc77-5608-467d-8482-c6b6ad7c8602} -> No File
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-06] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-08-07] (Hewlett-Packard)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-07-06] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-06] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-06] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-26] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-26] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-23] (Google Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll [2013-08-05] (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-1905122888-3701062671-1954668978-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\iva\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-06]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-06]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-02-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\iva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google disk) - C:\Users\iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-11]
CHR Extension: (Google pretraživanje) - C:\Users\iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Avast SafePrice) - C:\Users\iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-05-23]
CHR Extension: (Google dokumenti izvanmrežno) - C:\Users\iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-23]
CHR Extension: (Avast Online Security) - C:\Users\iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-06]
CHR Extension: (DigitalPersona Extension) - C:\Users\iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2014-09-15]
CHR Extension: (Gmail) - C:\Users\iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-07-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-08-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-02]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2013-08-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-06] (AVAST Software)
R2 CreoService; C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [1366488 2013-08-22] (CryptoMill Technologies Ltd.)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-07] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-07-15] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-07-15] (CyberLink)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-08-05] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [558392 2013-08-06] (Hewlett-Packard Company)
S3 HotSpotSrv; C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe [373432 2013-08-14] (Hewlett-Packard Development Company, L.P.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-07-31] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-26] (Intel Corporation)
R2 JunedoorP; C:\ProgramData\Junedoor\Junedoor.exe [424832 2016-06-28] ()
S2 JunedoorU; C:\Program Files (x86)\Junedoor\Update\JunedoorUpdate.exe [589184 2016-06-28] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2013-07-04] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [290088 2016-07-06] (AVAST Software)
S3 athrx64; C:\Windows\System32\drivers\anwiwdmx.sys [28160 2013-06-27] () [File not signed]
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [65752 2013-06-13] (Hewlett-Packard Company)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-12-18] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 IceKore; C:\Windows\System32\DRIVERS\IceKore.sys [397784 2013-08-19] (CryptoMill Technologies Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)
R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2013-07-16] (WinMagic Inc.)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418520 2013-06-17] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8873688 2013-08-02] (Realtek Semiconductor Corp.)
R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2013-07-16] (WinMagic Inc.)
R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2013-07-16] (WinMagic Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-20] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-06 21:00 - 2016-07-06 21:00 - 00025470 _____ C:\Users\iva\Desktop\FRST.txt
2016-07-06 20:59 - 2016-07-06 20:52 - 02390016 _____ (Farbar) C:\Users\iva\Desktop\FRST64.exe
2016-07-06 20:54 - 2016-07-06 20:55 - 00042468 _____ C:\Users\iva\Downloads\Addition.txt
2016-07-06 20:52 - 2016-07-06 21:00 - 00000000 ____D C:\FRST
2016-07-06 20:52 - 2016-07-06 20:58 - 00053020 _____ C:\Users\iva\Downloads\FRST.txt
2016-07-06 20:51 - 2016-07-06 20:52 - 02390016 _____ (Farbar) C:\Users\iva\Downloads\FRST64.exe
2016-07-06 20:41 - 2016-07-06 20:41 - 00000000 ____D C:\Users\iva\AppData\Local\CEF
2016-07-06 20:38 - 2016-07-06 20:38 - 00003910 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1467830324
2016-07-06 20:38 - 2016-07-06 20:38 - 00001060 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-07-06 20:38 - 2016-07-06 20:38 - 00001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-07-06 20:12 - 2016-07-06 20:14 - 00000000 ____D C:\Users\iva\Desktop\Windows 8.1 Pro Vl Update 3 x64 En-Us ESD May2016 Pre-Activated-=TEAM OS=-
2016-07-06 17:33 - 2016-07-06 20:25 - 00000417 _____ C:\Users\iva\AppData\Roaming\burnaware.ini
2016-07-06 17:33 - 2016-07-06 17:33 - 00001077 _____ C:\Users\Public\Desktop\BurnAware Free.lnk
2016-07-06 17:33 - 2016-07-06 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2016-07-06 17:33 - 2016-07-06 17:33 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2016-07-06 17:32 - 2016-07-06 17:32 - 09881576 _____ (Burnaware ) C:\Users\iva\Downloads\burnaware_free_9.2.exe
2016-07-06 16:30 - 2016-07-06 16:42 - 00000000 ____D C:\Users\iva\Documents\My Drivers
2016-07-06 16:29 - 2016-07-06 20:55 - 00003376 _____ C:\WINDOWS\System32\Tasks\DriverMaxAgent
2016-07-06 16:29 - 2016-07-06 20:52 - 00003456 _____ C:\WINDOWS\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c
2016-07-06 16:29 - 2016-07-06 16:29 - 00001261 _____ C:\Users\iva\Desktop\DriverMax.lnk
2016-07-06 16:29 - 2016-07-06 16:29 - 00000000 ____D C:\Users\iva\AppData\Roaming\Innovative Solutions
2016-07-06 16:29 - 2016-07-06 16:29 - 00000000 ____D C:\Users\iva\AppData\Local\Innovative Solutions
2016-07-06 16:29 - 2016-07-06 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2016-07-06 16:29 - 2016-07-06 16:29 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2016-07-06 16:27 - 2016-07-06 16:27 - 05629424 _____ (Innovative Solutions ) C:\Users\iva\Downloads\drivermax.exe
2016-07-06 15:25 - 2016-07-06 15:25 - 00000949 _____ C:\Users\iva\Desktop\HD Tune.lnk
2016-07-06 15:25 - 2016-07-06 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2016-07-06 15:25 - 2016-07-06 15:25 - 00000000 ____D C:\Program Files (x86)\HD Tune
2016-07-06 15:24 - 2016-07-06 15:24 - 00642632 _____ (EFD Software ) C:\Users\iva\Downloads\hdtune_255.exe
2016-07-06 15:11 - 2016-07-06 15:10 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-07-06 15:10 - 2016-07-06 15:10 - 00390984 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-07-06 15:10 - 2016-07-06 15:10 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-07-06 14:05 - 2016-07-06 14:47 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-06 14:04 - 2016-07-06 14:04 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-06 14:04 - 2016-07-06 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-06 14:04 - 2016-07-06 14:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-06 14:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-07-06 14:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-06 14:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-07-06 14:03 - 2016-07-06 14:03 - 00000000 ____D C:\Users\iva\AppData\Roaming\Sun
2016-07-06 14:03 - 2016-07-06 14:03 - 00000000 ____D C:\Users\iva\.oracle_jre_usage
2016-07-06 14:02 - 2016-07-06 14:02 - 00097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-07-06 14:02 - 2016-07-06 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-06 14:02 - 2016-07-06 14:02 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-06 14:00 - 2016-07-06 14:00 - 00737856 _____ (Oracle Corporation) C:\Users\iva\Downloads\chromeinstall-8u91.exe
2016-07-06 14:00 - 2016-07-06 14:00 - 00000000 ____D C:\Users\iva\AppData\LocalLow\Oracle
2016-07-06 13:45 - 2016-07-06 13:45 - 00002782 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-07-06 13:45 - 2016-07-06 13:45 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-06 13:45 - 2016-07-06 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-06 13:45 - 2016-07-06 13:45 - 00000000 ____D C:\Program Files\CCleaner
2016-07-06 13:19 - 2016-07-06 13:19 - 00000000 ____D C:\Users\iva\AppData\Roaming\FastStone
2016-07-06 13:19 - 2016-07-06 13:19 - 00000000 ____D C:\Users\iva\AppData\Local\FastStone
2016-07-06 12:11 - 2016-07-06 13:35 - 00000000 ____D C:\AdwCleaner
2016-07-06 12:11 - 2016-07-06 12:11 - 03712064 _____ C:\Users\iva\Downloads\AdwCleaner.exe
2016-07-06 08:15 - 2016-07-06 08:16 - 22851472 _____ (Malwarebytes ) C:\Users\iva\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-05 23:24 - 2016-07-05 23:24 - 00002115 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-05 23:22 - 2016-07-06 12:07 - 00000000 ____D C:\Users\iva\Desktop\spremiti
2016-07-05 23:21 - 2016-07-06 14:47 - 00003948 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0FF8F0CA-B290-47DB-AE76-E14C643490DE}
2016-07-03 16:52 - 2016-07-03 16:52 - 01012961 _____ C:\Users\iva\Desktop\Iva Ivančić_Oplemenjivanje vinove loze na otpornost prema gljivičnim bolestima_završni rad.pdf
2016-07-03 15:47 - 2016-07-05 12:04 - 09713723 _____ C:\Users\iva\Desktop\Završni rad- Oplemenjivanje vinove loze na otporonost prema gljivičnim bolestima.pptx
2016-07-01 11:34 - 2016-07-01 11:34 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1118457750.html
2016-07-01 11:34 - 2016-07-01 11:34 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1118455281.html
2016-07-01 11:34 - 2016-07-01 11:34 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1118454906.html
2016-07-01 11:34 - 2016-07-01 11:34 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1118452406.html
2016-07-01 11:34 - 2016-07-01 11:34 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1118451609.html
2016-07-01 11:34 - 2016-07-01 11:34 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1118446734.html
2016-07-01 11:34 - 2016-07-01 11:34 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1118446421.html
2016-07-01 11:33 - 2016-07-01 11:33 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1118384125.html
2016-07-01 11:33 - 2016-07-01 11:33 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1118383781.html
2016-07-01 11:33 - 2016-07-01 11:33 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1118381125.html
2016-07-01 11:33 - 2016-07-01 11:33 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1118379359.html
2016-07-01 11:33 - 2016-07-01 11:33 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1118372375.html
2016-07-01 11:33 - 2016-07-01 11:33 - 00000072 _____ C:\WINDOWS\SysWOW64\en_1118371843.html
2016-07-01 11:33 - 2016-07-01 11:33 - 00000000 ____D C:\WINDOWS\SysWOW64\_TSpm
2016-06-29 22:14 - 2016-06-29 22:14 - 00937734 _____ C:\Users\iva\Downloads\Outlook.com (7).zip
2016-06-29 22:10 - 2016-06-29 22:10 - 00000000 ____D C:\Users\iva\AppData\Local\Junedoor
2016-06-29 18:24 - 2016-06-29 18:24 - 00003544 _____ C:\WINDOWS\System32\Tasks\JunedoorUpdateTaskMachineCore
2016-06-29 18:24 - 2016-06-29 18:24 - 00003462 _____ C:\WINDOWS\System32\Tasks\JunedoorUpdateTaskMachineUA
2016-06-29 18:24 - 2016-06-29 18:24 - 00000000 ____D C:\ProgramData\Junedoor
2016-06-29 18:24 - 2016-06-29 18:24 - 00000000 ____D C:\Program Files (x86)\Junedoor
2016-06-29 18:22 - 2016-06-29 18:24 - 00000000 ____D C:\Users\Public\Documents\chrome
2016-06-22 09:43 - 2016-07-06 20:52 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-06-15 14:44 - 2016-04-12 17:46 - 14467584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 14:44 - 2016-04-12 17:30 - 12879872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 14:42 - 2016-06-03 19:11 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-06-15 14:42 - 2016-06-03 15:38 - 01413120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 14:42 - 2016-06-02 19:51 - 00050352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 14:42 - 2016-05-29 17:04 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 14:42 - 2016-05-29 17:04 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-06-15 14:42 - 2016-05-29 17:04 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 14:42 - 2016-05-29 17:04 - 00276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 14:42 - 2016-05-29 17:04 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-06-15 14:42 - 2016-05-29 17:04 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 14:42 - 2016-04-14 17:25 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-06-15 14:42 - 2016-04-14 17:11 - 02464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-06-15 14:42 - 2016-01-31 21:17 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-06-15 14:42 - 2016-01-31 20:07 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-06-15 14:42 - 2016-01-31 19:42 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-06-15 14:42 - 2016-01-31 19:14 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-06-15 14:30 - 2016-05-16 23:13 - 00563016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 14:30 - 2016-05-16 23:13 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 14:30 - 2016-05-16 23:13 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 14:30 - 2016-05-16 23:13 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 14:30 - 2016-05-14 01:07 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 14:30 - 2016-05-14 01:07 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 14:30 - 2016-05-14 01:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 14:30 - 2016-05-14 00:34 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-06-15 14:30 - 2016-05-13 23:58 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-06-15 14:29 - 2016-05-18 07:31 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 14:29 - 2016-05-18 07:31 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 14:29 - 2016-05-14 01:09 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-06-15 14:29 - 2016-05-14 01:04 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 14:29 - 2016-05-14 00:19 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 14:29 - 2016-05-12 20:38 - 00135336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 14:29 - 2016-05-12 19:43 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2016-06-15 14:29 - 2016-05-12 18:17 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 14:29 - 2016-05-12 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 14:29 - 2016-05-12 18:07 - 01360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 14:29 - 2016-05-12 17:59 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 14:29 - 2016-05-12 17:43 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 14:29 - 2016-05-12 17:37 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 14:29 - 2016-05-09 23:35 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-06-15 14:29 - 2016-05-09 22:56 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-06-15 14:29 - 2016-05-09 22:45 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 14:29 - 2016-05-09 22:23 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 14:29 - 2016-05-06 17:45 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 14:29 - 2016-05-06 17:23 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 14:26 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 14:26 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 14:26 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 14:26 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 14:26 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 14:26 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 14:26 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-06-15 14:26 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-06-15 14:26 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 14:26 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-06-15 14:26 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 14:26 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-06-15 14:26 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-06-15 14:26 - 2016-05-20 23:25 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-06-15 14:26 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-06-15 14:26 - 2016-05-20 23:21 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-06-15 14:26 - 2016-05-20 23:19 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-06-15 14:26 - 2016-05-20 23:16 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-06-15 14:26 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 14:26 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-06-15 14:26 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 14:26 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-06-15 14:26 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 14:26 - 2016-05-20 23:09 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-06-15 14:26 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-06-15 14:26 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 14:26 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-06-15 14:26 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 14:26 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 14:26 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 14:26 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-06-15 14:26 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 14:26 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-06-15 14:26 - 2016-05-19 01:15 - 01379040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 14:26 - 2016-05-18 22:35 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 14:26 - 2016-05-14 22:01 - 00363104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 14:26 - 2016-05-14 22:01 - 00320720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 14:26 - 2016-05-14 01:07 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 14:26 - 2016-05-13 23:58 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 14:26 - 2016-05-13 23:45 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 14:26 - 2016-05-13 23:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 14:26 - 2016-05-13 23:26 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-13 08:18 - 2016-06-17 09:21 - 00000001 _____ C:\WINDOWS\SysWOW64\en.html
2016-06-13 08:18 - 2016-06-13 08:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1267145234.html
2016-06-13 08:18 - 2016-06-13 08:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1267122453.html
2016-06-13 08:18 - 2016-06-13 08:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1267122218.html
2016-06-13 08:18 - 2016-06-13 08:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1267120843.html
2016-06-13 08:18 - 2016-06-13 08:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1267120625.html
2016-06-13 08:18 - 2016-06-13 08:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1267116515.html
2016-06-13 08:18 - 2016-06-13 08:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1267116156.html
2016-06-13 08:18 - 2016-06-13 08:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1267115250.html
2016-06-13 08:18 - 2016-06-13 08:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1267114750.html
2016-06-13 08:18 - 2016-06-13 08:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1267101359.html
2016-06-13 08:18 - 2016-06-13 08:18 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1267101078.html
2016-06-13 08:18 - 2016-06-13 08:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-06-13 08:17 - 2016-06-13 08:17 - 00000072 _____ C:\WINDOWS\SysWOW64\EN_1267074734.html
2016-06-13 08:17 - 2016-06-13 08:17 - 00000072 _____ C:\WINDOWS\SysWOW64\en_1267073062.html
2016-06-13 08:17 - 2016-06-13 08:17 - 00000000 ____D C:\WINDOWS\SysWOW64\_tWm
2016-06-10 21:29 - 2016-07-06 11:14 - 00000000 ____D C:\Users\iva\Desktop\Tinka muzika

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-06 20:58 - 2014-12-18 22:10 - 00000000 ____D C:\Users\iva\AppData\Roaming\ClassicShell
2016-07-06 20:56 - 2016-04-09 20:49 - 00003758 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-07-06 20:53 - 2014-09-15 19:02 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1905122888-3701062671-1954668978-1002
2016-07-06 20:51 - 2013-09-12 12:02 - 00000000 ____D C:\ProgramData\PDFC
2016-07-06 20:49 - 2014-09-15 19:04 - 00000966 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-06 20:48 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-06 20:42 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-07-06 20:38 - 2014-02-08 23:56 - 00000225 _____ C:\WINDOWS\CryptoMill_CreoService.001
2016-07-06 20:19 - 2014-09-15 19:04 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-06 20:11 - 2014-09-24 08:32 - 00978044 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-06 20:11 - 2014-09-22 13:52 - 00027952 _____ C:\WINDOWS\system32\perfh01A.dat
2016-07-06 20:11 - 2014-09-22 13:52 - 00008986 _____ C:\WINDOWS\system32\perfc01A.dat
2016-07-06 20:11 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-07-06 18:05 - 2014-09-17 22:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-06 16:13 - 2014-12-18 22:19 - 00473592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-07-06 15:53 - 2014-09-19 12:48 - 00000934 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1905122888-3701062671-1954668978-1002UA.job
2016-07-06 15:11 - 2014-12-18 22:19 - 00004180 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-07-06 15:10 - 2014-12-18 22:19 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-07-06 15:10 - 2014-12-18 22:19 - 00290088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-07-06 15:10 - 2014-12-18 22:19 - 00162904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-07-06 15:10 - 2014-12-18 22:19 - 00108304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-07-06 15:10 - 2014-12-18 22:19 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-07-06 15:10 - 2014-12-18 22:19 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-07-06 15:10 - 2014-12-18 22:19 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-07-06 15:10 - 2014-12-18 22:14 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-06 15:10 - 2014-12-18 22:14 - 00000000 ____D C:\Program Files\AVAST Software
2016-07-06 14:56 - 2014-02-08 23:56 - 00000225 _____ C:\WINDOWS\CryptoMill_CreoService.002
2016-07-06 14:52 - 2014-02-08 23:56 - 00000225 _____ C:\WINDOWS\CryptoMill_CreoService.003
2016-07-06 14:46 - 2014-02-08 23:56 - 00000225 _____ C:\WINDOWS\CryptoMill_CreoService.004
2016-07-06 14:45 - 2014-12-19 17:51 - 00000278 __RSH C:\ProgramData\ntuser.pol
2016-07-06 14:42 - 2013-08-22 17:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-07-06 14:03 - 2014-12-19 17:29 - 00000000 ____D C:\Users\iva
2016-07-06 14:02 - 2014-09-17 21:07 - 00000000 ____D C:\ProgramData\Oracle
2016-07-06 13:49 - 2014-12-28 16:36 - 00000000 ____D C:\Users\iva\AppData\Roaming\PhotoScape
2016-07-06 13:49 - 2014-12-18 21:40 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-07-06 13:49 - 2014-12-18 21:29 - 00000000 ____D C:\Users\iva\AppData\Roaming\DAEMON Tools Lite
2016-07-06 13:49 - 2014-09-29 17:03 - 00000000 ____D C:\Users\iva\AppData\Roaming\uTorrent
2016-07-06 13:48 - 2015-11-16 20:36 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-06 13:48 - 2014-12-19 17:16 - 00000000 ___DC C:\WINDOWS\Panther
2016-07-06 13:48 - 2014-09-15 20:29 - 00000000 ____D C:\Users\iva\AppData\Local\CrashDumps
2016-07-06 13:40 - 2014-02-08 23:56 - 00000225 _____ C:\WINDOWS\CryptoMill_CreoService.005
2016-07-06 13:37 - 2014-09-15 18:56 - 00000994 _____ C:\Users\iva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-06 12:53 - 2014-09-19 12:48 - 00000912 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1905122888-3701062671-1954668978-1002Core.job
2016-07-06 07:32 - 2016-01-21 17:17 - 00000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleForiva.job
2016-07-05 23:24 - 2014-09-15 19:06 - 00002250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-05 23:20 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-05 17:44 - 2016-05-10 13:41 - 00003148 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForiva
2016-07-03 16:38 - 2016-01-03 00:18 - 00000000 ____D C:\Users\iva\AppData\Local\Popcorn-Time-Community
2016-06-25 14:55 - 2015-12-10 00:21 - 00012288 ____H C:\Users\iva\Desktop\photothumb.db
2016-06-25 14:55 - 2015-03-23 21:08 - 00473088 ____H C:\Users\iva\Downloads\photothumb.db
2016-06-18 16:01 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-17 21:14 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-17 14:05 - 2014-09-17 22:03 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-06-16 12:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-06-16 09:33 - 2013-08-22 16:44 - 00481864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-16 00:00 - 2014-12-15 00:19 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-06-16 00:00 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-06-15 23:29 - 2014-09-18 17:14 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-15 23:29 - 2014-09-18 17:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-14 19:13 - 2016-03-12 17:16 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 19:13 - 2016-03-12 17:16 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 09:10 - 2014-09-15 19:04 - 00000000 ____D C:\Users\iva\AppData\Local\Google

==================== Files in the root of some directories =======

2016-07-06 17:33 - 2016-07-06 20:25 - 0000417 _____ () C:\Users\iva\AppData\Roaming\burnaware.ini

Some files in TEMP:
====================
C:\Users\iva\AppData\Local\Temp\libeay32.dll
C:\Users\iva\AppData\Local\Temp\msvcr120.dll
C:\Users\iva\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-06 15:05

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by iva (2016-07-06 21:00:32)
Running from C:\Users\iva\Desktop
Windows 8.1 (Update) (X64) (2014-12-19 15:51:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1905122888-3701062671-1954668978-500 - Administrator - Disabled)
Guest (S-1-5-21-1905122888-3701062671-1954668978-501 - Limited - Disabled) => C:\Users\Guest.ivaa94
iva (S-1-5-21-1905122888-3701062671-1954668978-1002 - Administrator - Enabled) => C:\Users\iva

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C4CB2534-82F4-F4AF-5767-9EE64EF9EB64}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BurnAware Free 9.2 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2921 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3115 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DriverMax 8 (HKLM-x32\...\DMX5_is1) (Version: 8.25.0.453 - Innovative Solutions)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.62.5207 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Hewlett-Packard ACLM.NET v1.2.2.2 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.2.0.1663 - Hewlett-Packard Company)
HP Device Access Manager (HKLM\...\{9F7FF800-8C11-4741-8D20-92E43CA02FD6}) (Version: 8.2.0.10 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{7940DAB9-AC72-4422-8908-DCF58C2C1D21}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.1.160 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 8 (HKLM-x32\...\{2F8A00FC-1F12-44B2-AA37-F9A358EDC161}) (Version: 1.2.2 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{547607B0-3294-4ECA-8F5E-921404676CBB}) (Version: 8.4.11.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.)
HP Hotkey Support (HKLM-x32\...\{C807BEFB-0F17-41AC-B307-D7B5E1553040}) (Version: 5.0.20.1 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6978.4563 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM-x32\...\{5C2D96B7-0468-4450-8BD9-63AB796D72CF}) (Version: 3.4.11.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{7EF08127-4C30-4C05-8CEB-544F8A71C080}) (Version: 8.7.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{A3B64280-DE4C-40F0-86BB-CCB2A6056BA2}) (Version: 7.3.32.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP System Default Settings (HKLM-x32\...\{5D3BD11C-03AC-443D-A865-C5A43836C91F}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Theft Recovery (HKLM-x32\...\InstallShield_{BAC712C6-4061-4C9F-AB58-A5C53E76704A}) (Version: 8.2.0.9 - Hewlett-Packard Company)
HP Trust Circles (HKLM-x32\...\HP Trust Circles) (Version: 8.2.15.16418 - CryptoMill Technologies)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HP Wireless Hotspot (HKLM-x32\...\{D0A91F7D-702A-4340-A195-7E994256D66D}) (Version: 1.0.23.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.12.1688 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31119 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{CCBD6679-C7CF-2030-2A1F-3640781DF4F4}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Popcorn Time (HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\Popcorn Time) (Version:  - Popcorn Official) <==== ATTENTION
Popcorn Time Community 0.3.8-6 (HKLM-x32\...\Popcorn Time Community 0.3.8-6) (Version: 0.3.8-6 - Popcorn Time Community) <==== ATTENTION
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.18 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Ski Challenge 16 (HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\sc16-GAMETWIST_MAIN) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
The Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip (HKLM-x32\...\WinZip) (Version: 2.2.27 - Winzipper Pvt Ltd.) <==== ATTENTION
YoutuBBeeAdBlocKie (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 4.0.0.1755 - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1905122888-3701062671-1954668978-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09C47F9D-D2EB-44F7-90C7-CA6FA21DCBDE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-23] (Google Inc.)
Task: {0B392B8C-CC00-4095-AA24-E15DB48B119A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {1480ABA9-43B3-4929-B23B-9F7698480116} - System32\Tasks\SafeZone scheduled Autoupdate 1467830324 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {57C828D5-D3A9-4B50-806C-C51B3B63FBBC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-06] (AVAST Software)
Task: {5E401AE2-717A-4B33-AFA5-F477ABEC5BA1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {86B16B25-3DC7-4D72-BDC6-F42E2F245BCC} - System32\Tasks\JunedoorUpdateTaskMachineCore => C:\Program Files (x86)\Junedoor\Update\JunedoorUpdate.exe [2016-06-28] () <==== ATTENTION
Task: {87339601-70C6-4CF3-A0BC-8CBDB69BF126} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe [2016-06-29] (Innovative Solutions)
Task: {8BE31B54-D167-4707-9160-C5C783BE851D} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-04-14] ()
Task: {8C68A056-CCED-4675-9E20-E92D28ED1028} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-04] (AVAST Software)
Task: {8CE5ECE6-69C2-4265-851A-9356423D12BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-08] (Hewlett-Packard Company)
Task: {961B4762-C443-4DD6-8E24-114B9929A5C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-08] (Hewlett-Packard Company)
Task: {A1ED076D-8C4D-4BF9-B7E2-027EC927627F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-30] (Synaptics Incorporated)
Task: {B3F33058-B680-4459-90E5-4704A1198BCF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {B57751DA-B884-483E-8ACE-63E0AA01322F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {D0500CBB-BE1B-418E-BD22-D512964E2311} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-23] (Google Inc.)
Task: {D3952FD6-B76E-42D9-83B0-7A343FC3896F} - System32\Tasks\HPCeeScheduleForiva => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {D63F88C5-C781-4E76-B6DF-9D53A7362F11} - System32\Tasks\JunedoorUpdateTaskMachineUA => C:\Program Files (x86)\Junedoor\Update\JunedoorUpdate.exe [2016-06-28] () <==== ATTENTION
Task: {D98D4650-DD4A-4860-92F7-195A92DE6107} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {DF71D7B6-0477-41C1-9A49-BB835DD53F05} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1905122888-3701062671-1954668978-1002Core => C:\Users\iva\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-19] (Facebook Inc.)
Task: {E1462FBE-801D-4BE4-B2D2-9C8C43300783} - System32\Tasks\DriverMaxAgent => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [2016-06-29] (Innovative Solutions)
Task: {EB0C6EC4-84DD-4559-A125-17110EC6C715} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1905122888-3701062671-1954668978-1002UA => C:\Users\iva\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-19] (Facebook Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1905122888-3701062671-1954668978-1002Core.job => C:\Users\iva\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1905122888-3701062671-1954668978-1002UA.job => C:\Users\iva\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForiva.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\iva\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Junedoor\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Junedoor\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Junedoor\Application\chrome.exe (Google Inc.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-07 17:02 - 2013-08-07 17:02 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\office.odf
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-07 16:01 - 2013-08-07 16:01 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2013-05-22 15:21 - 2013-05-22 15:21 - 00299832 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2014-10-03 18:36 - 2014-10-03 18:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-06-29 18:24 - 2016-06-28 11:27 - 00424832 _____ () C:\ProgramData\Junedoor\Junedoor.exe
2016-07-06 15:10 - 2016-07-06 15:10 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-06 20:39 - 2016-07-06 20:39 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\16070601\algo.dll
2016-07-06 15:10 - 2016-07-06 15:10 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-06 16:29 - 2016-06-29 09:59 - 00010728 _____ () C:\Program Files (x86)\Innovative Solutions\DriverMax\sync.dll
2016-07-06 16:29 - 2014-03-07 10:23 - 00151552 _____ () C:\Program Files (x86)\Innovative Solutions\DriverMax\ssleay32.dll
2016-07-06 16:29 - 2014-03-07 10:23 - 00692224 _____ () C:\Program Files (x86)\Innovative Solutions\DriverMax\LIBEAY32.dll
2016-07-06 15:10 - 2016-07-06 15:10 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-08 23:39 - 2013-07-26 07:24 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\Software\Classes\exefile:  <===== ATTENTION
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\Software\Classes\.exe: exefile =>  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2014-09-29 17:19 - 00000860 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\iva\Desktop\iva\P60206-144537-001.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run: => "AccelerometerSysTrayApplet"
HKLM\...\StartupApproved\Run32: => "PDF Complete"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "QLBController"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "HP File Sanitizer"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "CryptoMill Refresh"
HKLM\...\StartupApproved\Run32: => "HotKeysCmds"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "Persistence"
HKLM\...\StartupApproved\Run32: => "RtsCM"
HKLM\...\StartupApproved\Run32: => "SynTPEnh"
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{20200D38-31E5-4C1D-9AB3-DB8BD006BB86}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7A3169E9-040F-4F9B-A567-8CFB2B8036D4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C7678BAE-2062-461F-854E-1C0E38CCEC0C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{493D9796-6621-4FDE-B321-637C06691A0D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{648388D2-CAE9-4B00-AA47-7EA39023C4D7}C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{8AFD24DC-BDA6-4B91-84AC-7963CF03C8CB}C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{98CB38F5-34B5-4275-B006-DF377AD19909}] => (Allow) C:\Users\iva\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C4C5173E-406F-4C32-A280-B8CA6322EA98}] => (Allow) C:\Users\iva\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F8BB6C08-1F77-4F1C-AE51-99A22C7EB99A}] => (Allow) C:\Users\iva\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{F427998A-0BA0-4A16-9BE7-2FC681D1B879}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{38D8CCFD-5F1F-4B6B-88F6-C4844B0F732D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{FCF9CF15-0892-4D1E-95F6-6D7A34784DA1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{5A1F7472-3455-422F-8AD8-89E4DC5D0926}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{BD0E0FE2-49CC-4741-B575-8B3BB492F695}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{90C54A4C-1A1F-486C-9411-17B318BE1C6E}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{A7820062-9182-464F-BBEA-57FBB5095650}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A47715CB-D1B1-434D-AEA2-D759E73FEA8E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EB7DD289-E397-48B5-AC2E-5083D8753C5F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5414A318-5E2D-4DB2-9A12-E6EA21247F1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B7642727-9C0C-4ABB-B896-B4CA7B82881D}] => (Allow) C:\Program Files (x86)\Qualcomm Atheros\Driver\otp_patch_for_installer\nart.exe
FirewallRules: [TCP Query User{EBF52E4E-5F95-49E5-8A18-820E96AEDC0F}C:\users\iva\appdata\local\popcorn time\nw.exe] => (Block) C:\users\iva\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{B6119800-82B9-45C6-962D-76EAEAD0E9F4}C:\users\iva\appdata\local\popcorn time\nw.exe] => (Block) C:\users\iva\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{CA73F9F4-F21D-47D3-BCB6-80DC892A484B}C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Block) C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{BBAC6266-6637-48D5-A2B2-5C6524203E81}C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Block) C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{0A09A2CC-C4D6-4141-9CE1-E46D21C97CF3}C:\users\iva\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\iva\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{5FC31108-7613-49C7-AA7E-7B9CF6A8E339}C:\users\iva\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\iva\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{48423D3D-3C62-4385-B3E5-FEF720640378}C:\users\iva\appdata\local\popcorn time community\nw.exe] => (Block) C:\users\iva\appdata\local\popcorn time community\nw.exe
FirewallRules: [UDP Query User{B645C5DC-AEE2-4CEA-BC58-C270E98FDE13}C:\users\iva\appdata\local\popcorn time community\nw.exe] => (Block) C:\users\iva\appdata\local\popcorn time community\nw.exe
FirewallRules: [TCP Query User{13B0DC1D-2CDF-468D-BF53-FA8B537AD1E5}C:\users\iva\appdata\roaming\utorrent\updates\3.4.5_41865.exe] => (Block) C:\users\iva\appdata\roaming\utorrent\updates\3.4.5_41865.exe
FirewallRules: [UDP Query User{BAA2F5D4-4952-4F27-BE58-07ACADDE2879}C:\users\iva\appdata\roaming\utorrent\updates\3.4.5_41865.exe] => (Block) C:\users\iva\appdata\roaming\utorrent\updates\3.4.5_41865.exe
FirewallRules: [{7733C291-E011-4C2C-A004-959BD0F60B3A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0C8E1ADB-1F34-404C-B8F2-2B3D4726A31A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EDF81CAB-6E83-41EF-ABE5-C8CB429BF7ED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C1BB70C3-BD0A-4566-A2F3-6BB94AC3F2B4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EBF9005F-A791-4050-AA1E-E4907014E889}] => (Allow) C:\ProgramData\Google\update\GoogleUpdate.exe
FirewallRules: [{0786EA95-97C9-4B56-8DE0-9AA7B9E056A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D15865EE-1141-47C2-B530-34479D3495D1}] => (Allow) C:\ProgramData\Junedoor\Junedoor.exe
FirewallRules: [{86FD0292-9319-466C-A194-34E23AF221F3}] => (Allow) C:\Program Files (x86)\Junedoor\Update\JunedoorUpdate.exe
FirewallRules: [{612B7D0C-1E5C-4D06-8428-F0552ABD296C}] => (Allow) C:\Program Files (x86)\chroomium Browser\chroomium\chrome.exe
FirewallRules: [{87E62195-A932-45B3-8F24-20870BF68011}] => (Allow) C:\Program Files (x86)\chroomium Browser\chroomium\bin\browserServer.exe

==================== Restore Points =========================

17-06-2016 21:13:31 Windows Update
27-06-2016 14:46:53 Scheduled Checkpoint
06-07-2016 11:38:33 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros QCA9565 Bluetooth 4.0 + HS Adapter
Description: Qualcomm Atheros QCA9565 Bluetooth 4.0 + HS Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2016 08:54:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacija koja je prouzročila pogrešku: DPAgent.exe, verzija: 5.5.0.2890, vremenska oznaka: 0x520ecf52
Modul koji je prouzročio pogrešku: ptdmlitemanagerdp.dll, verzija: 8.2.0.10, vremenska oznaka: 0x52010164
Kôd iznimke: 0xc000041d
Pomak pogreške 0x00149b12
Id postupka: 0x938
Vrijeme pokretanja aplikacije koja je prouzročila pogrešku: 0xDPAgent.exe0
Put aplikacije koja je prouzročila pogrešku: DPAgent.exe1
Put modula koji je prouzročio pogrešku: DPAgent.exe2
Id izvješća: DPAgent.exe3
Puni naziv paketa koji je prouzročio pogrešku: DPAgent.exe4
Relativni ID aplikacije paketa koji je prouzročio pogrešku: DPAgent.exe5

Error: (07/06/2016 08:54:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacija koja je prouzročila pogrešku: DPAgent.exe, verzija: 5.5.0.2890, vremenska oznaka: 0x520ecf52
Modul koji je prouzročio pogrešku: ptdmlitemanagerdp.dll, verzija: 8.2.0.10, vremenska oznaka: 0x52010164
Kôd iznimke: 0xc0000005
Pomak pogreške 0x00149b12
Id postupka: 0x938
Vrijeme pokretanja aplikacije koja je prouzročila pogrešku: 0xDPAgent.exe0
Put aplikacije koja je prouzročila pogrešku: DPAgent.exe1
Put modula koji je prouzročio pogrešku: DPAgent.exe2
Id izvješća: DPAgent.exe3
Puni naziv paketa koji je prouzročio pogrešku: DPAgent.exe4
Relativni ID aplikacije paketa koji je prouzročio pogrešku: DPAgent.exe5

Error: (07/06/2016 08:08:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6838938

Error: (07/06/2016 08:08:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6838938

Error: (07/06/2016 08:08:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/06/2016 06:14:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/06/2016 02:01:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (07/06/2016 08:17:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12984

Error: (07/06/2016 08:17:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12984

Error: (07/06/2016 08:17:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/06/2016 09:00:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje servisa IceKore nije uspjelo zbog sljedeće pogreške:
%%577 = Windows ne može provjeriti digitalni potpis za ovu datoteku. Nedavnom promjenom hardvera ili softvera možda je instalirana nepravilno potpisana ili oštećena datoteka ili je riječ o zlonamjernom programu iz nepoznatog izvora.


Error: (07/06/2016 09:00:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje servisa IceKore nije uspjelo zbog sljedeće pogreške:
%%577 = Windows ne može provjeriti digitalni potpis za ovu datoteku. Nedavnom promjenom hardvera ili softvera možda je instalirana nepravilno potpisana ili oštećena datoteka ili je riječ o zlonamjernom programu iz nepoznatog izvora.


Error: (07/06/2016 09:00:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje servisa IceKore nije uspjelo zbog sljedeće pogreške:
%%577 = Windows ne može provjeriti digitalni potpis za ovu datoteku. Nedavnom promjenom hardvera ili softvera možda je instalirana nepravilno potpisana ili oštećena datoteka ili je riječ o zlonamjernom programu iz nepoznatog izvora.


Error: (07/06/2016 09:00:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje servisa IceKore nije uspjelo zbog sljedeće pogreške:
%%577 = Windows ne može provjeriti digitalni potpis za ovu datoteku. Nedavnom promjenom hardvera ili softvera možda je instalirana nepravilno potpisana ili oštećena datoteka ili je riječ o zlonamjernom programu iz nepoznatog izvora.


Error: (07/06/2016 08:59:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje servisa IceKore nije uspjelo zbog sljedeće pogreške:
%%577 = Windows ne može provjeriti digitalni potpis za ovu datoteku. Nedavnom promjenom hardvera ili softvera možda je instalirana nepravilno potpisana ili oštećena datoteka ili je riječ o zlonamjernom programu iz nepoznatog izvora.


Error: (07/06/2016 08:59:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje servisa IceKore nije uspjelo zbog sljedeće pogreške:
%%577 = Windows ne može provjeriti digitalni potpis za ovu datoteku. Nedavnom promjenom hardvera ili softvera možda je instalirana nepravilno potpisana ili oštećena datoteka ili je riječ o zlonamjernom programu iz nepoznatog izvora.


Error: (07/06/2016 08:59:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje servisa IceKore nije uspjelo zbog sljedeće pogreške:
%%577 = Windows ne može provjeriti digitalni potpis za ovu datoteku. Nedavnom promjenom hardvera ili softvera možda je instalirana nepravilno potpisana ili oštećena datoteka ili je riječ o zlonamjernom programu iz nepoznatog izvora.


Error: (07/06/2016 08:58:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje servisa IceKore nije uspjelo zbog sljedeće pogreške:
%%577 = Windows ne može provjeriti digitalni potpis za ovu datoteku. Nedavnom promjenom hardvera ili softvera možda je instalirana nepravilno potpisana ili oštećena datoteka ili je riječ o zlonamjernom programu iz nepoznatog izvora.


Error: (07/06/2016 08:58:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje servisa IceKore nije uspjelo zbog sljedeće pogreške:
%%577 = Windows ne može provjeriti digitalni potpis za ovu datoteku. Nedavnom promjenom hardvera ili softvera možda je instalirana nepravilno potpisana ili oštećena datoteka ili je riječ o zlonamjernom programu iz nepoznatog izvora.


Error: (07/06/2016 08:57:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje servisa IceKore nije uspjelo zbog sljedeće pogreške:
%%577 = Windows ne može provjeriti digitalni potpis za ovu datoteku. Nedavnom promjenom hardvera ili softvera možda je instalirana nepravilno potpisana ili oštećena datoteka ili je riječ o zlonamjernom programu iz nepoznatog izvora.



CodeIntegrity:
===================================
  Date: 2016-07-06 21:00:36.594
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\IceKore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-06 21:00:26.438
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\IceKore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-06 21:00:16.281
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\IceKore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-06 21:00:06.111
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\IceKore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-06 20:59:55.955
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\IceKore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-06 20:59:45.799
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\IceKore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-06 20:59:35.633
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\IceKore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-06 20:58:18.347
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\IceKore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-06 20:58:08.160
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\IceKore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-06 20:57:57.965
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\IceKore.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 3977.11 MB
Available physical RAM: 2553.04 MB
Total Virtual: 5641.11 MB
Available Virtual: 4037.72 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:449.36 GB) (Free:383.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:12.49 GB) (Free:1.23 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32
Drive f: (win_8.1_Pro) (CDROM) (Total:3.76 GB) (Free:0 GB) UDF
Drive h: (KINGSTON) (Removable) (Total:234.3 GB) (Free:187.29 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A50E1C7D)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 234.4 GB) (Disk ID: 6484A162)
Partition 1: (Active) - (Size=234.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:59 AM

Posted 07 July 2016 - 09:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs via the Control Panel > Programs > Programs and Features.
Popcorn Time (HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\Popcorn Time) (Version: - Popcorn Official) <==== ATTENTION
Popcorn Time Community 0.3.8-6 (HKLM-x32\...\Popcorn Time Community 0.3.8-6) (Version: 0.3.8-6 - Popcorn Time Community) <==== ATTENTION
WinZip (HKLM-x32\...\WinZip) (Version: 2.2.27 - Winzipper Pvt Ltd.) <==== ATTENTION
YoutuBBeeAdBlocKie (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 4.0.0.1755 - ) <==== ATTENTION

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\ProgramData\Junedoor\Junedoor.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\...\Run: [DriverMax_RESTART] => [X]
AppInit_DLLs: Files => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: VauDDix -> {09bd77b9-04ae-4b93-98f6-8b691ea98752} -> C:\Program Files (x86)\VauDDix\fUtvXU7tVBucD5.x64.dll => No File
BHO: YoutuBBeeAdBlocKie -> {29485773-42cf-47e4-a947-4b634092502e} -> C:\Program Files (x86)\YoutuBBeeAdBlocKie\XJd510GqF0XpsN.x64.dll => No File
BHO: BeSotSSaveFForYYou -> {3d98fc77-5608-467d-8482-c6b6ad7c8602} -> No File
CHR Extension: (Avast SafePrice) - C:\Users\iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-05-23]
CHR Extension: (Avast Online Security) - C:\Users\iva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-08-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-02]
R2 JunedoorP; C:\ProgramData\Junedoor\Junedoor.exe [424832 2016-06-28] ()
S2 JunedoorU; C:\Program Files (x86)\Junedoor\Update\JunedoorUpdate.exe [589184 2016-06-28] ()
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
C:\ProgramData\Junedoor
C:\WINDOWS\AutoKMS

Task: {86B16B25-3DC7-4D72-BDC6-F42E2F245BCC} - System32\Tasks\JunedoorUpdateTaskMachineCore => C:\Program Files (x86)\Junedoor\Update\JunedoorUpdate.exe [2016-06-28] () <==== ATTENTION
Task: {8BE31B54-D167-4707-9160-C5C783BE851D} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-04-14] ()
Task: {D63F88C5-C781-4E76-B6DF-9D53A7362F11} - System32\Tasks\JunedoorUpdateTaskMachineUA => C:\Program Files (x86)\Junedoor\Update\JunedoorUpdate.exe [2016-06-28] () <==== ATTENTION
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\Software\Classes\exefile:  <===== ATTENTION
HKU\S-1-5-21-1905122888-3701062671-1954668978-1002\Software\Classes\.exe: exefile =>  <===== ATTENTION
FirewallRules: [UDP Query User{648388D2-CAE9-4B00-AA47-7EA39023C4D7}C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{8AFD24DC-BDA6-4B91-84AC-7963CF03C8CB}C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{EBF52E4E-5F95-49E5-8A18-820E96AEDC0F}C:\users\iva\appdata\local\popcorn time\nw.exe] => (Block) C:\users\iva\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{B6119800-82B9-45C6-962D-76EAEAD0E9F4}C:\users\iva\appdata\local\popcorn time\nw.exe] => (Block) C:\users\iva\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{CA73F9F4-F21D-47D3-BCB6-80DC892A484B}C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Block) C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{BBAC6266-6637-48D5-A2B2-5C6524203E81}C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Block) C:\users\iva\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{0A09A2CC-C4D6-4141-9CE1-E46D21C97CF3}C:\users\iva\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\iva\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{5FC31108-7613-49C7-AA7E-7B9CF6A8E339}C:\users\iva\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\iva\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{48423D3D-3C62-4385-B3E5-FEF720640378}C:\users\iva\appdata\local\popcorn time community\nw.exe] => (Block) C:\users\iva\appdata\local\popcorn time community\nw.exe
FirewallRules: [UDP Query User{B645C5DC-AEE2-4CEA-BC58-C270E98FDE13}C:\users\iva\appdata\local\popcorn time community\nw.exe] => (Block) C:\users\iva\appdata\local\popcorn time community\nw.exe
FirewallRules: [{D15865EE-1141-47C2-B530-34479D3495D1}] => (Allow) C:\ProgramData\Junedoor\Junedoor.exe
FirewallRules: [{86FD0292-9319-466C-A194-34E23AF221F3}] => (Allow) C:\Program Files (x86)\Junedoor\Update\JunedoorUpdate.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 softwaremaniac

softwaremaniac
  • Topic Starter

  • Malware Study Hall Senior
  • 945 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Croatia
  • Local time:08:59 AM

Posted 07 July 2016 - 09:48 AM

The laptop has been cleaned and I no longer require assistance.

Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users