Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 64 freezes


  • This topic is locked This topic is locked
9 replies to this topic

#1 hseric

hseric

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 12 April 2017 - 07:32 AM

Hello there!

 

I have a whole lotta issues with Windows 7.

I use cracked Adobe programs.

My antivirus (Avira) detected about 350 items - most of them were TR/AD.ParCrypter.onerr - and put them into quarantine.

Still, the problems didn't disappeare.

The Sims 4 (original) freezes every time the kids play it.

Chrome freezes every now and then.

Alt+Ctrl+Del doesn't work. Nothing works.

I have to shut down the comp with the on/off button a couple of times every day. Slow boot.

 

ComboFix report:

 

ComboFix 17-04-05.01 - Hrvoje 2.04.2017.  14:11:27.7.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.385.1033.18.16305.14296 [GMT 2:00]
Running from: c:\users\Hrvoje\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {B3F630BD-538D-1B4A-14FA-14B63235278F}
SP: Avira Antivirus *Disabled/Updated* {0897D159-75B7-14C4-2E4A-2FC449B26D32}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2017-03-12 to 2017-04-12  )))))))))))))))))))))))))))))))
.
.
2017-04-12 12:13 . 2017-04-12 12:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-04-12 12:13 . 2017-04-12 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-04-06 19:09 . 2017-04-06 19:09 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsignb0861e2d0b34a40e
2017-04-06 19:06 . 2017-04-06 19:06 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsign83929b38617e069e
2017-04-06 18:57 . 2017-04-06 18:57 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsign86a688e3995d2181
2017-04-06 18:56 . 2017-04-06 18:56 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsigneff1fc70a521ebf0
2017-04-06 18:56 . 2017-04-06 18:56 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsign3c7dce3ce3c57fb9
2017-04-02 19:43 . 2017-04-02 19:43 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsignb55dd8138e29c3f7
2017-04-02 19:40 . 2017-04-02 19:40 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsign67a493a739e59dd7
2017-04-02 19:40 . 2017-04-02 19:40 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsigne3a0650203a83888
2017-03-21 20:23 . 2017-03-21 20:23 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsignffe543dd2766d954
2017-03-21 20:18 . 2017-03-21 20:18 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsign3f5d8558edc94ba5
2017-03-21 20:18 . 2017-03-21 20:18 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsigna913541d2641d071
2017-03-18 18:49 . 2017-03-18 18:49 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsign829067f28116ed35
2017-03-18 18:47 . 2017-03-18 18:47 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsign0d83dcc8c44fcb12
2017-03-18 18:30 . 2017-03-18 18:30 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsignf4e43e07ffbc131c
2017-03-18 18:26 . 2017-03-18 18:26 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsigncd49385ff80ac0fa
2017-03-18 18:23 . 2017-03-18 18:23 -------- d-----w- c:\users\Hrvoje\AppData\Local\Tempzxpsignd9331128671f7234
2017-03-17 13:23 . 2017-03-17 13:23 -------- d-----w- c:\programdata\Sandlot Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-04 20:24 . 2017-02-21 08:23 138020592 -c--a-w- c:\windows\system32\MRT.exe
2017-02-15 15:55 . 2017-03-12 13:00 78600 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2017-02-15 15:55 . 2017-03-12 13:00 51248 ----a-w- c:\windows\system32\drivers\avusbflt.sys
2017-02-15 15:55 . 2017-03-12 13:00 35328 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2017-02-15 15:55 . 2017-03-12 13:00 176968 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2017-02-15 15:55 . 2017-03-12 13:00 148104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2017-02-14 18:43 . 2017-01-22 19:18 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-02-14 18:43 . 2017-01-22 19:18 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-22 15:49 . 2017-01-22 15:49 163644 ----a-w- c:\windows\SysWow64\drivers\SECDRV.SYS
2017-01-22 15:46 . 2017-01-22 15:46 45056 ----a-r- c:\users\Hrvoje\AppData\Roaming\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe
2017-01-22 15:46 . 2017-01-22 15:46 45056 ----a-r- c:\users\Hrvoje\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2017-01-22 07:30 . 2017-01-22 07:30 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2017-01-22 07:30 . 2017-01-22 07:30 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2017-01-22 07:30 . 2017-01-22 07:30 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2017-01-22 07:30 . 2017-01-22 07:30 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2017-01-22 07:30 . 2017-01-22 07:30 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2017-01-22 07:30 . 2017-01-22 07:30 235008 ----a-w- c:\windows\system32\elshyph.dll
2017-01-22 07:30 . 2017-01-22 07:30 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2017-01-22 07:30 . 2017-01-22 07:30 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2017-01-22 07:30 . 2017-01-22 07:30 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2017-01-22 07:30 . 2017-01-22 07:30 942592 ----a-w- c:\windows\system32\jsIntl.dll
2017-01-22 07:30 . 2017-01-22 07:30 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2017-01-22 07:30 . 2017-01-22 07:30 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2017-01-22 07:30 . 2017-01-22 07:30 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2017-01-22 07:30 . 2017-01-22 07:30 77312 ----a-w- c:\windows\system32\tdc.ocx
2017-01-22 07:30 . 2017-01-22 07:30 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2017-01-22 07:30 . 2017-01-22 07:30 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2017-01-22 07:30 . 2017-01-22 07:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2017-01-22 07:30 . 2017-01-22 07:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2017-01-22 07:30 . 2017-01-22 07:30 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2017-01-22 07:30 . 2017-01-22 07:30 247808 ----a-w- c:\windows\system32\msls31.dll
2017-01-22 07:30 . 2017-01-22 07:30 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2017-01-22 07:30 . 2017-01-22 07:30 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2017-01-22 07:30 . 2017-01-22 07:30 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2017-01-22 07:30 . 2017-01-22 07:30 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2017-01-22 07:30 . 2017-01-22 07:30 105984 ----a-w- c:\windows\system32\iesysprep.dll
2017-01-22 07:30 . 2017-01-22 07:30 81408 ----a-w- c:\windows\system32\icardie.dll
2017-01-22 07:30 . 2017-01-22 07:30 62464 ----a-w- c:\windows\system32\pngfilt.dll
2017-01-22 07:30 . 2017-01-22 07:30 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2017-01-22 07:30 . 2017-01-22 07:30 48128 ----a-w- c:\windows\system32\imgutil.dll
2017-01-22 07:30 . 2017-01-22 07:30 30208 ----a-w- c:\windows\system32\licmgr10.dll
2017-01-22 07:30 . 2017-01-22 07:30 235520 ----a-w- c:\windows\system32\url.dll
2017-01-22 07:30 . 2017-01-22 07:30 167424 ----a-w- c:\windows\system32\iexpress.exe
2017-01-22 07:30 . 2017-01-22 07:30 143872 ----a-w- c:\windows\system32\wextract.exe
2017-01-22 07:30 . 2017-01-22 07:30 13824 ----a-w- c:\windows\system32\mshta.exe
2017-01-22 07:30 . 2017-01-22 07:30 135680 ----a-w- c:\windows\system32\iepeers.dll
2017-01-22 07:29 . 2017-01-22 07:29 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2017-01-22 07:29 . 2017-01-22 07:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2017-01-22 07:29 . 2017-01-22 07:29 363008 ----a-w- c:\windows\system32\dxgi.dll
2017-01-22 07:29 . 2017-01-22 07:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2017-01-22 07:29 . 2017-01-22 07:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 296960 ----a-w- c:\windows\system32\d3d10core.dll
2017-01-22 07:29 . 2017-01-22 07:29 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2017-01-22 07:29 . 2017-01-22 07:29 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2017-01-22 07:29 . 2017-01-22 07:29 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2017-01-22 07:29 . 2017-01-22 07:29 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2017-01-22 07:29 . 2017-01-22 07:29 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2017-01-22 07:29 . 2017-01-22 07:29 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2017-01-22 07:29 . 2017-01-22 07:29 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2017-01-22 07:29 . 2017-01-22 07:29 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2017-01-22 07:29 . 2017-01-22 07:29 1238528 ----a-w- c:\windows\system32\d3d10.dll
2017-01-22 07:29 . 2017-01-22 07:29 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2017-01-22 07:29 . 2017-01-22 07:29 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2017-01-22 07:29 . 2017-01-22 07:29 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2017-01-22 07:29 . 2017-01-22 07:29 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2017-01-21 22:00 . 2009-07-14 02:36 181760 ----a-w- c:\windows\system32\msclmd.dll
2017-01-21 22:00 . 2009-07-14 02:36 157696 ----a-w- c:\windows\SysWow64\msclmd.dll
2017-01-21 14:17 . 2017-01-21 14:45 12288 ----a-w- c:\windows\SysWow64\sbunattend.exe
2017-01-21 14:17 . 2017-01-21 14:45 13824 ----a-w- c:\windows\system32\sbunattend.exe
2017-01-21 14:17 . 2017-01-21 14:45 38912 ----a-w- c:\windows\system32\hwrcomp.exe
2017-01-21 14:17 . 2017-01-21 14:45 184320 ----a-w- c:\windows\system32\hwrreg.exe
2017-01-21 13:58 . 2017-01-21 13:58 12710 ----a-w- c:\windows\system32\Native.exe
2017-01-20 21:21 . 2017-01-20 21:21 7680000 ----a-w- c:\program files (x86)\GUTC2B3.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2015-11-13 2739240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2017-03-22 909744]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2017-02-22 61944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 panda_url_filteringd;panda_url_filteringd driver;c:\program files\Panda Security URL Filtering\panda_url_filteringd.sys;c:\program files\Panda Security URL Filtering\panda_url_filteringd.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WiaRpc;Still Image Acquisition Events;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 panda_url_filtering;panda_url_filtering Service;c:\program files\Panda Security URL Filtering\Panda_URL_Filteringb.exe;c:\program files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [x]
S0 avusbflt;avusbflt;c:\windows\System32\Drivers\avusbflt.sys;c:\windows\SYSNATIVE\Drivers\avusbflt.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NitroReaderDriverReadSpool5;NitroPDFReaderDriverCreatorReadSpool5;c:\program files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe;c:\program files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalSystemNetworkRestricted
WiaRpc
.
.
Contents of the 'Scheduled Tasks' folder
.
2017-02-17 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-14 18:43]
.
2017-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-22 18:43]
.
2017-01-29 c:\windows\Tasks\EPSON XP-212 213 Series Invitation {154B4CD2-6BD0-427E-92F0-F52F07848703}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2017-01-24 00:20]
.
2017-01-29 c:\windows\Tasks\EPSON XP-212 213 Series Update {154B4CD2-6BD0-427E-92F0-F52F07848703}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2017-01-24 00:20]
.
2017-01-29 c:\windows\Tasks\EPSON XP-215 217 Series Invitation {146E0544-9085-46B6-B536-A276C145EBD9}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2017-01-24 00:20]
.
2017-01-29 c:\windows\Tasks\EPSON XP-215 217 Series Update {146E0544-9085-46B6-B536-A276C145EBD9}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2017-01-24 00:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2016-10-25 08:57 491184 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2016-10-25 08:57 491184 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2016-10-25 08:57 491184 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalSystemNetworkRestricted
WiaRpc
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: I&zvezi u Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.5.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-04-12  14:14:26
ComboFix-quarantined-files.txt  2017-04-12 12:14
ComboFix2.txt  2017-04-07 15:57
ComboFix3.txt  2017-04-05 07:16
ComboFix4.txt  2017-04-04 07:20
ComboFix5.txt  2017-04-12 12:10
.
Pre-Run: 367.105.835.008 bytes free
Post-Run: 367.508.725.760 bytes free
.
- - End Of File - - 5B43F28DE582A03A7604E14C68D8D896
A36C5E4F47E84449FF07ED3517B43A31
 
 
What to do?
 
Greetings,
 
Hrvoje

Edited by hamluis, 12 April 2017 - 11:10 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 16 April 2017 - 05:52 PM

Hi Hrvoje :)
 
My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

In order for me to give you the best help possible:
 
Please download the 64-bit version of Farbar Recovery Scan Tool and save it to your Desktop

  • Right-click FRST64 then click Run as administrator
  • When the tool opens, click Yes to disclaimer
  • Press the Scan button
  • When finished, it will produce two logs named, FRST.txt and Addition.txt in the same directory from which the tool was run
  • Please copy and paste those two logs into your next reply to me

In summary I will need from you:

  • FRST.txt
  • Addition.txt

Let me know if you have any questions.

 

polskamachina



#3 hseric

hseric
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 17 April 2017 - 11:39 AM

 
Hi polskamachina!
 
Thank you for your effort.
Happy Easter to you and your family!
 
I will be away from home (and computer) until Thuresday evening.
 
Here are the reports:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2017 01
Ran by Hrvoje (administrator) on HARDMACK (17-04-2017 18:22:13)
Running from C:\Users\Hrvoje\Desktop
Loaded Profiles: Hrvoje (Available Profiles: Hrvoje)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Nitro Software, Inc.) C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKU\S-1-5-21-3606797580-931150277-32810312-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2739240 2015-11-13] ()
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [95712 2015-11-05] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86936 2015-11-05] (Zemana Ltd.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{03B0B08D-997A-469E-82BC-859B8A972701}: [DhcpNameServer] 192.168.5.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3606797580-931150277-32810312-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3606797580-931150277-32810312-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3606797580-931150277-32810312-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Hrvoje\AppData\Roaming\Mozilla\Firefox\Profiles\b3gCVORN.default [2017-04-17]
FF Homepage: Mozilla\Firefox\Profiles\b3gCVORN.default -> hxxps://www.google.hr/
FF Extension: (Avira Browser Safety) - C:\Users\Hrvoje\AppData\Roaming\Mozilla\Firefox\Profiles\b3gCVORN.default\Extensions\abs@avira.com.xpi [2017-04-13]
FF Extension: (AdBlocker Ultimate) - C:\Users\Hrvoje\AppData\Roaming\Mozilla\Firefox\Profiles\b3gCVORN.default\Extensions\adblockultimate@adblockultimate.net.xpi [2017-04-13]
FF Extension: (Custom New Tab) - C:\Users\Hrvoje\AppData\Roaming\Mozilla\Firefox\Profiles\b3gCVORN.default\Extensions\CNT@ednovak.net.xpi [2017-04-15]
FF Extension: (Forecastfox (fix version)) - C:\Users\Hrvoje\AppData\Roaming\Mozilla\Firefox\Profiles\b3gCVORN.default\Extensions\forecastfox@s3_fix_version.xpi [2017-04-13]
FF Extension: (YouTube Plus) - C:\Users\Hrvoje\AppData\Roaming\Mozilla\Firefox\Profiles\b3gCVORN.default\Extensions\particle@particlecore.github.io.xpi [2017-04-13]
FF Extension: (Private Tab) - C:\Users\Hrvoje\AppData\Roaming\Mozilla\Firefox\Profiles\b3gCVORN.default\Extensions\privateTab@infocatcher.xpi [2017-04-13]
FF Extension: (Download Manager (S3)) - C:\Users\Hrvoje\AppData\Roaming\Mozilla\Firefox\Profiles\b3gCVORN.default\Extensions\s3download@statusbar.xpi [2017-04-13]
FF Extension: (Lyrics Here by Rob W) - C:\Users\Hrvoje\AppData\Roaming\Mozilla\Firefox\Profiles\b3gCVORN.default\Extensions\youtube-lyrics-by-rob-w@jetpack.xpi [2017-04-13]
FF Extension: (YouTube High Definition) - C:\Users\Hrvoje\AppData\Roaming\Mozilla\Firefox\Profiles\b3gCVORN.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-04-13]
FF Extension: (Video DownloadHelper) - C:\Users\Hrvoje\AppData\Roaming\Mozilla\Firefox\Profiles\b3gCVORN.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-04-15]
FF Extension: (Adblock Plus) - C:\Users\Hrvoje\AppData\Roaming\Mozilla\Firefox\Profiles\b3gCVORN.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-04-13]
FF Extension: (YouTube Flash Video Player) - C:\Users\Hrvoje\AppData\Roaming\Mozilla\Firefox\Profiles\b3gCVORN.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-04-13]
FF Extension: (Disable Prefetch) - C:\Users\Hrvoje\AppData\Roaming\Mozilla\Firefox\Profiles\b3gCVORN.default\features\{2ce48e52-ca4f-4537-ba32-cf6c873b608f}\disable-prefetch@mozilla.org.xpi [2017-04-13]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-23] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 5\npnitromozilla.dll [2016-08-02] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
Chrome:
=======
CHR NewTab: Default ->  Active:"chrome-extension://ojhmphdkpgbibohbnpbfiefkgieacjmh/app/index.html"
CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms}
CHR DefaultSearchKeyword: Default -> safeWeb
CHR Profile: C:\Users\Hrvoje\AppData\Local\Google\Chrome\User Data\Default [2017-04-17]
CHR Extension: (Google Slides) - C:\Users\Hrvoje\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-20]
CHR Extension: (Google Docs) - C:\Users\Hrvoje\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-20]
CHR Extension: (Google Drive) - C:\Users\Hrvoje\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-20]
CHR Extension: (YouTube) - C:\Users\Hrvoje\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-20]
CHR Extension: (Google Search) - C:\Users\Hrvoje\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2017-01-20]
CHR Extension: (Panda Safe Web) - C:\Users\Hrvoje\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagakgcelolinfnkfgekcnedpaklfcok [2017-01-29]
CHR Extension: (Google Sheets) - C:\Users\Hrvoje\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-20]
CHR Extension: (Avira Browser Safety) - C:\Users\Hrvoje\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-03-12]
CHR Extension: (Google Docs Offline) - C:\Users\Hrvoje\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hrvoje\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Currently) - C:\Users\Hrvoje\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh [2017-01-29]
CHR Extension: (Gmail) - C:\Users\Hrvoje\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Hrvoje\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-05]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
R2 NitroReaderDriverReadSpool5; C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [327328 2016-08-02] (Nitro Software, Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-04-06] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-04-06] (Electronic Arts)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-25] (Microsoft Corporation)
S4 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [51248 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31728 2015-11-12] (Intel Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-08] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2017-01-22] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-17 18:22 - 2017-04-17 18:22 - 00018126 _____ C:\Users\Hrvoje\Desktop\FRST.txt
2017-04-17 18:22 - 2017-04-17 18:22 - 00000000 ____D C:\FRST
2017-04-17 18:21 - 2017-04-17 18:21 - 02424832 _____ (Farbar) C:\Users\Hrvoje\Desktop\FRST64.exe
2017-04-16 20:12 - 2017-04-16 20:12 - 00746887 _____ C:\Users\Hrvoje\Desktop\plan_ financiranja_ programskih_ aktivnosti_ udruga_ sredstvima_prorauna_osjecko_baranjske_zupanije_u_2017_godini.pdf
2017-04-16 07:37 - 2017-04-16 07:37 - 00000622 _____ C:\Users\Hrvoje\Desktop\Slikovni rezultat za resurrection 1682 × 957 - thebrooknetwork.org.URL
2017-04-15 21:00 - 2017-04-15 21:00 - 00000000 ____D C:\Users\Hrvoje\dwhelper
2017-04-15 14:19 - 2017-04-15 14:19 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign94d6809193c81721
2017-04-15 14:18 - 2017-04-15 14:18 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsignf9f0be9e687ad8c5
2017-04-15 12:03 - 2017-04-15 12:03 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsigne5aa0928e61c564e
2017-04-15 11:58 - 2017-04-15 11:58 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign178d0c09c997acdc
2017-04-15 08:56 - 2017-04-15 08:56 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign61ca9a8487d73ee9
2017-04-15 08:54 - 2017-04-15 08:54 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign53c893a71dfc487a
2017-04-15 08:54 - 2017-04-15 08:54 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign2068756322c45e33
2017-04-14 10:26 - 2017-04-14 10:26 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsignbf9c7592cbad1434
2017-04-14 10:26 - 2017-04-14 10:26 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign94d4ec353c171522
2017-04-14 10:25 - 2017-04-14 10:25 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign49f1e0e3ce123973
2017-04-14 10:25 - 2017-04-14 10:25 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign0ad07380d824d406
2017-04-14 09:49 - 2017-04-14 09:49 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Macromedia
2017-04-13 19:10 - 2017-04-17 07:52 - 00000000 ____D C:\Users\Hrvoje\AppData\LocalLow\Mozilla
2017-04-13 19:10 - 2017-04-13 19:15 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Mozilla
2017-04-13 19:10 - 2017-04-13 19:10 - 00001155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-13 19:10 - 2017-04-13 19:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-13 19:10 - 2017-04-13 19:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-13 19:09 - 2017-04-13 19:09 - 00245416 _____ C:\Users\Hrvoje\Downloads\Firefox Setup Stub 52.0.2.exe
2017-04-13 12:19 - 2017-04-13 12:19 - 00000194 _____ C:\Users\Hrvoje\Downloads\Unconfirmed 194843.crdownload
2017-04-13 12:17 - 2017-04-13 12:17 - 02030536 _____ (Bleeping Computer, LLC) C:\Program Files\rkill.exe
2017-04-13 12:16 - 2017-04-13 12:16 - 01663672 _____ (Malwarebytes) C:\Users\Hrvoje\Downloads\JRT (1).exe
2017-04-13 12:12 - 2017-04-13 12:12 - 01663672 _____ (Malwarebytes) C:\Users\Hrvoje\Downloads\JRT.exe
2017-04-13 12:09 - 2017-04-13 12:09 - 03719928 _____ (Zemana Ltd. ) C:\Users\Hrvoje\Downloads\AntiLoggerFree_Setup.exe
2017-04-13 12:09 - 2017-04-13 12:09 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Zemana
2017-04-13 12:09 - 2017-04-13 12:09 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\AntiLogger Free
2017-04-13 12:09 - 2017-04-13 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2017-04-13 12:09 - 2017-04-13 12:09 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2017-04-13 12:09 - 2017-04-13 12:09 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2017-04-13 12:09 - 2015-11-05 15:00 - 00143904 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2017-04-13 12:04 - 2017-04-13 12:05 - 00000000 ____D C:\Program Files\PowerDataRecovery
2017-04-13 12:04 - 2017-04-13 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 7.0
2017-04-13 12:03 - 2017-04-13 12:03 - 22568112 _____ (MiniTool Solution Ltd. ) C:\Users\Hrvoje\Downloads\pdr7free.exe
2017-04-13 11:58 - 2017-04-13 11:58 - 00000000 ____D C:\Program Files\CryptoSearch
2017-04-13 11:57 - 2017-04-13 11:57 - 00879612 _____ C:\Users\Hrvoje\Downloads\CryptoSearch.zip
2017-04-13 11:56 - 2017-04-13 11:57 - 00002498 _____ C:\RakhniDecryptor.1.17.17.0_13.04.2017_11.56.08_log.txt
2017-04-13 11:55 - 2017-04-13 11:56 - 00000000 ____D C:\Program Files\RakhniDecryptor
2017-04-13 11:54 - 2017-04-13 11:54 - 05212623 _____ C:\Users\Hrvoje\Downloads\rakhnidecryptor.zip
2017-04-13 08:47 - 2017-04-13 08:47 - 00071168 _____ C:\Users\Hrvoje\Downloads\obrazac_financijskog_plana_ud2_2017 (1).xls
2017-04-12 17:05 - 2017-04-12 17:05 - 00063903 _____ C:\Users\Hrvoje\Downloads\oxygene8-2.mid
2017-04-12 16:09 - 2017-04-12 16:09 - 01106840 _____ (Unity Technologies ApS) C:\Users\Hrvoje\Downloads\UnityWebPlayer64.exe
2017-04-12 14:14 - 2017-04-12 14:14 - 00021291 _____ C:\ComboFix.txt
2017-04-11 09:55 - 2017-04-11 09:55 - 00404264 _____ C:\Windows\Minidump\041117-9968-01.dmp
2017-04-09 12:25 - 2017-04-09 12:25 - 00039994 _____ C:\Users\Hrvoje\Downloads\Drawing (5).jpeg
2017-04-06 21:09 - 2017-04-06 21:09 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsignb0861e2d0b34a40e
2017-04-06 21:06 - 2017-04-06 21:06 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign83929b38617e069e
2017-04-06 20:57 - 2017-04-06 20:57 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign86a688e3995d2181
2017-04-06 20:56 - 2017-04-06 20:56 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsigneff1fc70a521ebf0
2017-04-06 20:56 - 2017-04-06 20:56 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign3c7dce3ce3c57fb9
2017-04-06 12:57 - 2017-04-06 12:57 - 00032256 _____ C:\Users\Hrvoje\Downloads\Obrazac loko vožnje.xls
2017-04-06 08:03 - 2017-04-06 08:03 - 00398568 _____ C:\Windows\Minidump\040617-10654-01.dmp
2017-04-05 22:04 - 2017-04-05 23:04 - 09361287 _____ C:\Users\Hrvoje\Downloads\2826.pptx
2017-04-05 09:27 - 2017-04-05 09:27 - 00200428 _____ C:\Users\Hrvoje\Downloads\Kalendar_za_skolsku_godinu_2016-2017.pdf
2017-04-05 09:26 - 2017-04-05 09:26 - 02297945 _____ C:\Users\Hrvoje\Downloads\e-D_Razrednik_17-3-2017.pdf
2017-04-05 09:12 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-04-05 09:12 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-04-05 09:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-04-05 09:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-04-05 09:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-04-05 09:12 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-04-05 09:12 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-04-05 09:12 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-04-05 09:11 - 2017-04-05 09:11 - 05659546 ____R (Swearware) C:\Users\Hrvoje\Downloads\ComboFix.exe
2017-04-05 09:01 - 2017-04-12 21:24 - 00003380 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-05 09:01 - 2017-04-12 21:24 - 00003252 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-05 09:01 - 2017-04-05 09:01 - 00002263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 08:54 - 2017-04-17 15:19 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E3E670A8-F476-4ADD-BBDF-0AB7B8194347}
2017-04-04 09:13 - 2017-04-12 14:14 - 00000000 ____D C:\Qoobox
2017-04-03 22:36 - 2017-04-03 22:39 - 00000000 ____D C:\Users\Hrvoje\Desktop\miruan
2017-04-03 22:00 - 2017-04-03 22:00 - 04796036 _____ C:\Users\Hrvoje\Downloads\Miruan.pdf
2017-04-02 21:43 - 2017-04-02 21:43 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsignb55dd8138e29c3f7
2017-04-02 21:40 - 2017-04-02 21:40 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsigne3a0650203a83888
2017-04-02 21:40 - 2017-04-02 21:40 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign67a493a739e59dd7
2017-03-30 08:37 - 2017-04-07 22:24 - 00582408 _____ C:\Windows\ntbtlog.txt
2017-03-21 22:23 - 2017-03-21 22:23 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsignffe543dd2766d954
2017-03-21 22:18 - 2017-03-21 22:18 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsigna913541d2641d071
2017-03-21 22:18 - 2017-03-21 22:18 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign3f5d8558edc94ba5
2017-03-18 20:49 - 2017-03-18 20:49 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign829067f28116ed35
2017-03-18 20:47 - 2017-03-18 20:47 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsign0d83dcc8c44fcb12
2017-03-18 20:30 - 2017-03-18 20:30 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsignf4e43e07ffbc131c
2017-03-18 20:26 - 2017-03-18 20:26 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsigncd49385ff80ac0fa
2017-03-18 20:23 - 2017-03-18 20:23 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Tempzxpsignd9331128671f7234
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-17 17:53 - 2009-07-14 06:45 - 00020368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-17 17:53 - 2009-07-14 06:45 - 00020368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-17 15:15 - 2017-02-14 17:27 - 00000000 ____D C:\Users\Hrvoje\Desktop\PUKS - Natječaj OBŽ
2017-04-17 11:39 - 2009-07-14 07:13 - 00006166 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-17 11:17 - 2017-01-20 23:20 - 00000000 ____D C:\ProgramData\Origin
2017-04-17 11:16 - 2017-01-21 12:37 - 00000000 ____D C:\Users\Hrvoje\AppData\Roaming\Origin
2017-04-17 07:50 - 2017-01-21 20:32 - 00000000 ____D C:\Users\Hrvoje\.rainlendar2
2017-04-17 07:50 - 2017-01-20 23:20 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-17 07:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-16 22:12 - 2017-01-21 20:47 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Adobe
2017-04-16 21:41 - 2017-02-03 19:44 - 00000034 _____ C:\Users\Hrvoje\AppData\Roaming\AdobeWLCMCache.dat
2017-04-16 06:24 - 2009-07-14 07:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-15 21:00 - 2017-01-20 22:35 - 00000000 ____D C:\Users\Hrvoje
2017-04-15 18:24 - 2017-01-21 20:47 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\CrashDumps
2017-04-14 21:26 - 2017-01-21 20:46 - 00000000 ____D C:\Users\Hrvoje\AppData\Roaming\XnView
2017-04-14 12:06 - 2017-02-04 14:12 - 00001334 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2017-04-14 09:48 - 2017-01-22 21:18 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-14 09:48 - 2017-01-22 21:18 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-14 09:48 - 2017-01-22 21:18 - 00004314 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-14 09:48 - 2017-01-22 21:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-14 09:48 - 2017-01-22 17:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-13 19:10 - 2017-03-12 20:21 - 00000000 ____D C:\Users\Hrvoje\AppData\Roaming\Mozilla
2017-04-13 12:00 - 2017-01-20 22:54 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Google
2017-04-12 17:10 - 2017-03-05 20:39 - 00000000 ____D C:\Users\Hrvoje\Desktop\PUKS - Škola kao mjesto kriznih situacija
2017-04-12 14:13 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2017-04-11 17:33 - 2017-01-21 20:24 - 00000000 ____D C:\Users\Hrvoje\AppData\Roaming\foobar2000
2017-04-11 09:55 - 2017-02-17 18:00 - 1236834848 _____ C:\Windows\MEMORY.DMP
2017-04-11 09:55 - 2017-02-17 18:00 - 00000000 ____D C:\Windows\Minidump
2017-04-10 18:37 - 2017-01-21 09:48 - 00000000 ____D C:\Users\Hrvoje\AppData\Roaming\vlc
2017-04-10 18:10 - 2009-07-14 06:45 - 06323688 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-10 09:31 - 2017-01-22 09:49 - 00000000 ____D C:\Users\Hrvoje\AppData\Roaming\Adobe
2017-04-10 09:31 - 2017-01-20 23:10 - 00464576 _____ C:\Users\Hrvoje\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-07 22:23 - 2017-02-04 08:35 - 00000000 ____D C:\Users\Hrvoje\AppData\Roaming\ehHK2ChaZfQ7phGu
2017-04-06 18:39 - 2017-01-21 12:36 - 00000000 ____D C:\Program Files (x86)\Origin
2017-04-06 12:36 - 2017-01-21 15:37 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\ElevatedDiagnostics
2017-04-05 09:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-05 09:01 - 2017-01-20 22:54 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-05 08:49 - 2017-03-08 22:50 - 00000000 ____D C:\Windows\erdnt
2017-04-05 08:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-03-29 22:31 - 2017-01-21 19:59 - 00000000 ____D C:\Users\Hrvoje\AppData\Local\Microsoft Help
2017-03-22 22:40 - 2017-03-12 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-18 20:49 - 2017-02-17 16:15 - 00001456 _____ C:\Users\Hrvoje\AppData\Local\Adobe Save for Web 13.0 Prefs
==================== Files in the root of some directories =======
2017-04-13 12:17 - 2017-04-13 12:17 - 2030536 _____ (Bleeping Computer, LLC) C:\Program Files\rkill.exe
2017-02-03 19:44 - 2017-04-16 21:41 - 0000034 _____ () C:\Users\Hrvoje\AppData\Roaming\AdobeWLCMCache.dat
2017-02-17 16:15 - 2017-03-18 20:49 - 0001456 _____ () C:\Users\Hrvoje\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-02-02 20:32 - 2017-02-02 20:32 - 0000771 _____ () C:\Users\Hrvoje\AppData\Local\recently-used.xbel
2017-01-20 22:57 - 2017-01-20 22:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-13 09:29
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01
Ran by Hrvoje (17-04-2017 18:22:30)
Running from C:\Users\Hrvoje\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2017-01-20 20:35:19)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3606797580-931150277-32810312-500 - Administrator - Disabled)
Guest (S-1-5-21-3606797580-931150277-32810312-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3606797580-931150277-32810312-1002 - Limited - Enabled)
Hrvoje (S-1-5-21-3606797580-931150277-32810312-1000 - Administrator - Enabled) => C:\Users\Hrvoje
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3606797580-931150277-32810312-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
ACDSee Pro 9 (64-bit) (HKLM\...\{AAB2B2D2-1B27-4EEC-B033-6F9B6FFEEF4C}) (Version: 9.1.0.453 - ACD Systems International Inc.)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_0) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.2.1 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.7 - Adobe Systems Incorporated)
Adobe Lightroom (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Adobe Photoshop (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Premiere (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Ansel (Version: 375.63 - NVIDIA Corporation) Hidden
AntiLogger Free version 1.8.2.320 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
encoder (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-212 213 Series Printer Uninstall (HKLM\...\EPSON XP-212 213 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.2.42 - Intel Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.5.8 - PandoraTV)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Macromedia Flash Player 8 (HKLM-x32\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla)
Nitro Reader 5 (HKLM\...\{42BEF461-E91D-4C9E-94A2-790D973CE971}) (Version: 5.5.9.2 - Nitro)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.6.33873 - Electronic Arts, Inc.)
Python 3.6.0 (32-bit) (HKU\S-1-5-21-3606797580-931150277-32810312-1000\...\{8ba65a8c-cb48-4716-bc24-47c148808015}) (Version: 3.6.150.0 - Python Software Foundation)
Python 3.6.0 Core Interpreter (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Development Libraries (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Documentation (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 pip Bootstrap (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Utility Scripts (32-bit) (x32 Version: 3.6.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{A674B2CB-13CA-437B-A215-9DD257959A49}) (Version: 3.6.5835.0 - Python Software Foundation)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Ranch Rush 2 Collector's Edition (HKLM-x32\...\BFG-Ranch Rush 2 Collector's Edition) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SketchUp 2016 (HKLM\...\{D87EE6DC-32BA-4219-AC75-0A6FD54ED058}) (Version: 16.0.19912 - Trimble Navigation Limited)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.29.69.1020 - Electronic Arts Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3606797580-931150277-32810312-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0DE723B3-F185-4DAE-A157-ECAC7B2D4460} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {10B40189-9705-444C-8A3C-21E725E2D55B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-05] (Google Inc.)
Task: {1A8A556D-B6C5-4883-BBCA-6AB39CE6FC4E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] ()
Task: {248D4226-C1BB-45FA-A79D-6E3D4010609B} - System32\Tasks\EPSON XP-212 213 Series Update {154B4CD2-6BD0-427E-92F0-F52F07848703} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {70D0D27E-A573-491C-8A70-AC1BA84F1AB2} - System32\Tasks\{758FB480-8AF3-4940-A745-ADD4F5D2BEE3} => G:\Igrice\FarCry\Bin32\FarCry.exe [2004-03-15] (Crytek)
Task: {82704899-A655-4FAA-897F-185152E01869} - System32\Tasks\{F4CF6C8B-ACCC-4951-BC3E-144E7B030943} => G:\Igrice\FarCry\Bin32\FarCry.exe [2004-03-15] (Crytek)
Task: {8562FD03-1C5C-4F27-AE7E-44623D66CFE2} - System32\Tasks\EPSON XP-215 217 Series Update {146E0544-9085-46B6-B536-A276C145EBD9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A627687D-5C2F-4F27-9AA8-B7D9D5C93C87} - System32\Tasks\EPSON XP-215 217 Series Invitation {146E0544-9085-46B6-B536-A276C145EBD9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {C0A6D893-E0E2-4407-AAB2-FFC6EE6EB367} - System32\Tasks\AdobeAAMUpdater-1.0-HardMack-Hrvoje => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {C97AB230-47CF-4F79-8CF9-0453C5BDDF3C} - System32\Tasks\EPSON XP-212 213 Series Invitation {154B4CD2-6BD0-427E-92F0-F52F07848703} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D960ACFF-1956-4EFB-8871-97BF030BDC38} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {F0D96DD6-D44B-4399-87E2-3FFEF783206E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-05] (Google Inc.)
Task: {FBDBE7B7-239F-4CF0-847B-CA6D744D2C45} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-14] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\Windows\Tasks\EPSON XP-212 213 Series Invitation {154B4CD2-6BD0-427E-92F0-F52F07848703}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE
Task: C:\Windows\Tasks\EPSON XP-212 213 Series Update {154B4CD2-6BD0-427E-92F0-F52F07848703}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE :/EXE:{154B4CD2-6BD0-427E-92F0-F52F07848703} /F:Update  �SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON XP-215 217 Series Invitation {146E0544-9085-46B6-B536-A276C145EBD9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE
Task: C:\Windows\Tasks\EPSON XP-215 217 Series Update {146E0544-9085-46B6-B536-A276C145EBD9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE :/EXE:{146E0544-9085-46B6-B536-A276C145EBD9} /F:Update  �SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-10-25 10:57 - 2016-10-25 10:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-11-13 13:57 - 2015-11-13 13:57 - 02739240 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2017-01-21 19:45 - 2016-12-29 14:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-14 08:31 - 2015-08-14 08:31 - 00252928 _____ () C:\Program Files (x86)\Rainlendar2\libical.dll
2015-08-14 08:31 - 2015-08-14 08:31 - 00051200 _____ () C:\Program Files (x86)\Rainlendar2\libicalss.dll
2014-05-04 12:48 - 2014-05-04 12:48 - 00197632 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2015-11-13 13:57 - 2015-11-13 13:57 - 00068136 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2014-05-04 12:49 - 2014-05-04 12:49 - 00027648 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2017-01-21 12:36 - 2017-04-06 07:24 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-10-16 07:14 - 2015-10-16 07:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\TEMP:A5264343 [210]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2017-03-11 23:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3606797580-931150277-32810312-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hrvoje\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.5.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: PandaAgent => 2
MSCONFIG\Services: panda_url_filtering => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\startupreg: ACPW09EN => "C:\Program Files\ACD Systems\ACDSee Pro\9.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: PSUAMain => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8EDBC6CC-F953-47CE-BEB1-A67CA9E2643B}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{CF54F04F-493F-4C3D-9091-3542270A58EF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{01B6EE2D-0593-46F0-9812-DD75A76C1905}] => (Allow) C:\Users\Hrvoje\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8E3DA654-7E06-492D-8876-1F460FD6EEB9}] => (Allow) C:\Users\Hrvoje\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{918BDA64-D5BB-4A4F-A43A-E57D579F9875}] => (Allow) C:\Users\Hrvoje\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9DF74530-D44E-4C1F-9C02-2ECDABC470BA}] => (Allow) C:\Users\Hrvoje\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{195A2ADB-F0AF-433B-8D83-43F454B93478}] => (Allow) C:\Users\Hrvoje\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CFD2B8EA-9AAF-4EF8-836E-E8CC64FC21BB}] => (Allow) C:\Users\Hrvoje\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{66DB8E90-D930-40D3-B83A-89BA1DAD0C6E}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{F9552E00-05E4-4F94-B53E-06E96168B106}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{36965999-8C20-43FF-B559-F0A406E9E83C}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{E095F94C-8CFD-4F51-A050-41F39C3E4A79}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{935D5B2F-CA42-459D-AB99-CBB0AF09C865}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{374B7638-2EA9-4D96-8BB8-A41D5CA5AD9C}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{8F7137D7-9470-46A0-B72A-E4701E5D3ECA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{A773BB77-F618-4FFD-9447-A7EFF2F21169}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{41DDDC85-4388-4C5B-8ADD-21C03D93C648}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{0871A656-8163-4E09-8F4A-1DB569251BBE}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [TCP Query User{56BE99B5-E6F4-4271-B274-9B7F8DE933FF}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{1923A1E4-5BB7-4FDE-8BA9-89F174A7B761}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{77B5B890-6A8F-4572-A411-F76FA104B51E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{D9E446E7-8220-4896-94EE-9FAA60EFF239}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{C7322EE9-645B-4AC6-AF61-649084A4DFD1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3ED96605-389D-471B-AC57-202D0C8670A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4E3A8D3F-E17B-40BE-A154-52733741B253}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{98529CDA-6FF4-479C-8C27-A81D0FEAD853}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{77D1C28E-3709-48B1-8214-B9EC9701D932}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{C7A316CD-1EDD-426F-8380-3B7B1284FFBF}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
==================== Restore Points =========================
05-04-2017 08:48:31 Restore Operation
09-04-2017 19:00:05 Windows Backup
12-04-2017 14:10:57 ComboFix created restore point
13-04-2017 12:12:52 JRT Pre-Junkware Removal
14-04-2017 12:06:14 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
14-04-2017 12:06:20 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
16-04-2017 19:00:08 Windows Backup
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (04/17/2017 11:39:13 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (04/17/2017 11:39:13 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (04/17/2017 07:55:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (04/17/2017 07:55:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (04/17/2017 07:51:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/17/2017 07:47:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (04/17/2017 07:47:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (04/17/2017 07:41:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/16/2017 07:20:13 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Invalid window handle. (0x80070578).
Error: (04/16/2017 05:20:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (04/17/2017 01:28:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR11.
Error: (04/17/2017 01:28:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR11.
Error: (04/17/2017 01:28:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR11.
Error: (04/17/2017 01:28:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR11.
Error: (04/17/2017 01:28:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR11.
Error: (04/17/2017 11:58:48 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer VANESA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{03B0B08D-997A-469E-82BC-859B8A972701}.
The master browser is stopping or an election is being forced.
Error: (04/17/2017 07:51:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
Error: (04/17/2017 07:51:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535
Error: (04/17/2017 07:51:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
Error: (04/17/2017 07:51:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

CodeIntegrity:
===================================
  Date: 2017-03-11 22:06:29.518
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2017-03-11 22:06:29.487
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2017-03-11 22:06:29.471
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2017-03-11 22:06:29.455
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2017-03-08 21:57:29.070
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2017-03-08 21:57:29.055
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================
Processor: Intel® Core™ i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 18%
Total physical RAM: 16304.75 MB
Available physical RAM: 13296.14 MB
Total Virtual: 32607.69 MB
Available Virtual: 28486.28 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:464.94 GB) (Free:340.26 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (FAMILY) (Fixed) (Total:111.78 GB) (Free:29.55 GB) NTFS
Drive g: (EVERYTHING) (Fixed) (Total:921.41 GB) (Free:132.37 GB) NTFS
Drive h: (STARI SSD) (Fixed) (Total:55.8 GB) (Free:55.7 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1C1EE471)
Partition 1: (Active) - (Size=839 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 92AC78F9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: E2BBE2BB)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A991F8FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=921.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
 
All the best!
 

 



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 18 April 2017 - 12:57 PM

Hi Hrvoje,
 

Thank you for the Easter greetings and I wish the same to you. :)

 

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel > Programs and Features
If you wish to keep it, please do not use it until your computer is cleaned.
 
Next:

Unfortunately you have told me that you have illegal software on your computer:
I am going to request that you completely uninstall your cracked  Adobe programs and all other products for which you do not have a valid Product Key.
 
If you are willing to do that, please run another FRST64 scan after you have uninstalled the cracked programs. If you prefer to leave the program(s) on your computer, let me know that and I will be closing the topic.

If you decide to remove the program(s) please do this.

===================================================

CKScanner

--------------------

  • Download CKScanner and save it to your Desktop
  • Right-click CKScanner and select, Run as administrator
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • CKScanner report
  • FRST report
  • Addition report

Let me know if you have any questions.
 
polskamachina



#5 hseric

hseric
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 21 April 2017 - 01:57 PM

Removing nTorrent will not be a problem.

But I'm doing graphic design, video editing and photography and I simply can't afford Adobe products.

I would gladly buy them, but currently I just can't.

So, please give me a couple of days to see if I can manage to find some free software that I could work with.

 

Thank you.

 

Hrvoje



#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 21 April 2017 - 04:22 PM

Hi Hrvoje :)
 
I understand the affordability issue involved. I can keep your topic open for three more days while you do your research.
 
Good luck!
 
polskamachina



#7 hseric

hseric
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 24 April 2017 - 05:54 AM

Hi polskamachina!

I have a couple of projects going on and I can't switch to another software right now.
Feel free to close this thread.
I'm sorry it didn't work out.
Thank you anyway.

All the best,

Hrvoje

#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:57 AM

Posted 24 April 2017 - 04:52 PM

Hey,

 

can you give me a fresh set of FRST logs?

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 hseric

hseric
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 25 April 2017 - 01:40 PM

Hi Machiavelli!

 

I have downgraded video card drivers to originals (not updated) and it works good so far.

 

I hope that it was the problem.

 

If it doesn't solve the issue, I'll be back.

 

All the best,

 

Hrvoje



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:57 AM

Posted 25 April 2017 - 03:04 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users