Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keygen that messed my computer


  • This topic is locked This topic is locked
13 replies to this topic

#1 Jammedz

Jammedz

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 26 February 2018 - 08:07 PM

Hello, i have downloaded a keygen which happened to be malicious software. To install keygen i had to uninstall free Bitdefender i've had (it didnt have turn off option) . 
 
Since that happened, every now and then internet browser starts with random web pages. Also My Task manager shows me 100% CPU usage all the time.
 
So i've managed to install Superantispyware Professional which showed immediately after install: 
Trojan.Agent/Gen-CSRSSFake.Processes                          in two different directories.
 
Later SAS Profeessional maanged to clean some garbage from the computer but i still have the same problems:
-Internet Explorer opens by itself
-computer is slow
-i cannot install bitdefender again
 
I've tried to enter the safe mode by pressing f8. No success. I see the the screen with safe mode options for a split second and then it vannishes. I ve tried it also via msconfig.exe. No success. Access denied (i dont have the permissions)
 
I've also tried with ComboFix which has reduced the pop-ups, but mainly, the problem stays the same. I have the log.txt after Combo fix diagnostic. Sorry for the impatience, i really needed to resolve this asap. The status of the computer now is bearable :)

ComboFix 18-02-16.01 - Maršiæ 7.02.2018. 0:28.1.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.385.1033.18.6023.4632 [GMT 1:00]
Running from: c:\users\MarÜiŠ\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Maršiæ\AppData\Roaming\Microsoft\Network\artstr.exe
c:\windows\msdownld.tmp
c:\windows\PFRO.log
c:\windows\windefender.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINMON
-------\Service_Winmon
-------\Service_WinDefender
.
.
((((((((((((((((((((((((( Files Created from 2018-01-27 to 2018-02-27 )))))))))))))))))))))))))))))))
.
.
2018-02-26 23:47 . 2018-02-26 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-02-26 22:31 . 2018-02-26 23:23 -------- d-----w- C:\SUPERDelete
2018-02-26 22:30 . 2018-02-26 22:30 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\SUPERAntiSpyware.com
2018-02-26 22:30 . 2018-02-26 22:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2018-02-26 22:30 . 2018-02-26 22:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2018-02-26 21:52 . 2018-02-26 21:52 21471 ----a-w- c:\programdata\agent.uninstall.1519681965.bdinstall.bin
2018-02-26 20:43 . 2018-02-26 20:43 -------- d-----w- c:\users\Maršiæ\AppData\Local\54e9d453b635440f898bc37641dcb9b1
2018-02-26 20:43 . 2018-02-26 22:58 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\1e39d0b71e044e87b7adcf04e00c14df
2018-02-26 20:32 . 2018-02-26 20:32 -------- d-----w- c:\program files (x86)\zKUGIuVeiGvyC
2018-02-26 20:31 . 2018-02-26 20:31 -------- d-----w- c:\program files (x86)\eDQUsUcxIryKmPtCCUR
2018-02-26 20:31 . 2018-02-26 20:31 -------- d-----w- c:\program files (x86)\pBsTWTvYOXtU2
2018-02-26 20:31 . 2018-02-26 20:31 -------- d-----w- c:\program files (x86)\seyizDCNnFUn
2018-02-26 20:31 . 2018-02-26 22:57 -------- d-----w- c:\program files (x86)\mexiCphuiIE
2018-02-26 20:31 . 2018-02-26 20:31 -------- d-----w- c:\program files (x86)\GveoMZenU
2018-02-26 20:30 . 2018-02-26 23:07 -------- d-----w- c:\program files\LaCie Private Public
2018-02-26 20:28 . 2018-02-26 20:29 -------- d-----w- c:\program files\0PKV5NOYXS
2018-02-26 20:28 . 2018-02-26 20:28 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\jdab0vlnvj5
2018-02-26 20:28 . 2018-02-26 20:28 -------- d-----w- c:\users\Maršiæ\AppData\Local\8a55adc99bfb4fe19337990580d54179
2018-02-26 20:16 . 2018-02-26 20:16 35072 ----a-w- c:\windows\system32\drivers\WinmonProcessMonitor.sys
2018-02-26 20:15 . 2018-02-26 20:15 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\k335zcvsmiq
2018-02-26 20:15 . 2018-02-26 20:15 -------- d-----w- c:\programdata\c7a04653260040a6b77b9371462af065
2018-02-26 20:07 . 2018-02-26 20:07 -------- d-----w- c:\windows\Panther
2018-02-26 20:01 . 2018-02-26 20:01 77068 ----a-w- c:\programdata\cl.kit.1519674997.bdinstall.bin
2018-02-26 20:01 . 2018-02-26 20:01 219896 ----a-w- c:\programdata\cl.1519675004.bdinstall.bin
2018-02-26 19:57 . 2017-05-11 03:37 187688 ----a-w- c:\windows\system32\drivers\gzflt.sys
2018-02-26 19:57 . 2018-02-26 19:57 -------- d-----w- c:\program files\Bitdefender
2018-02-26 19:57 . 2017-04-11 02:19 439576 ----a-w- c:\windows\system32\drivers\trufos.sys
2018-02-26 19:56 . 2018-02-26 19:57 -------- d-----w- c:\program files\Common Files\Bitdefender
2018-02-26 19:56 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2018-02-26 19:49 . 2018-02-26 19:49 31104 ----a-w- c:\programdata\agent.update.1519674562.bdinstall.bin
2018-02-26 18:35 . 2018-02-26 18:35 -------- d-----w- c:\program files\Bitdefender Antivirus Free
2018-02-26 18:26 . 2018-02-26 18:26 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\EpicNet Inc
2018-02-26 18:25 . 2018-02-26 18:25 9352 ----a-w- c:\windows\system32\drivers\Winmon.sys
2018-02-26 18:25 . 2018-02-26 18:25 23272 ----a-w- c:\windows\system32\drivers\WinmonFS.sys
2018-02-26 18:25 . 2018-02-26 18:25 -------- d-----w- c:\users\Maršiæ\AppData\Local\SeleniumHelper
2018-02-26 18:24 . 2018-02-26 18:25 605552 ----a-w- c:\windows\system32\osloader.exe
2018-02-26 18:24 . 2018-02-26 18:25 5562240 ----a-w- c:\windows\system32\ntkrnlmp.exe
2018-02-26 18:23 . 2018-02-26 23:06 -------- d-----w- c:\program files\HW07R6TI53
2018-02-26 18:23 . 2018-02-26 18:23 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\l3m1dwvsfzr
2018-02-26 18:23 . 2018-02-26 18:23 -------- d-----w- c:\programdata\d6e8c71da3994028ab1b4700b612a90a
2018-02-26 18:21 . 2018-02-26 18:21 -------- d-----w- c:\programdata\768914e2-6f65-0
2018-02-26 18:21 . 2018-02-26 18:21 -------- d-----w- c:\programdata\768914e2-1e35-1
2018-02-26 18:21 . 2018-02-26 18:21 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\WidModule
2018-02-26 18:20 . 2018-02-26 22:30 -------- d--h--w- c:\windows\rss
2018-02-26 18:18 . 2018-02-26 18:18 -------- d-----w- C:\Windat
2018-02-26 18:18 . 2018-02-26 20:30 -------- d-----w- C:\Disk
2018-02-26 18:18 . 2018-02-26 23:07 -------- d-----w- c:\program files\IRM4RTTMNF
2018-02-26 18:18 . 2018-02-26 22:57 -------- d-----w- c:\users\Maršiæ\AppData\Local\Optimizer
2018-02-26 18:18 . 2018-02-26 18:18 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\pi2cwfjee0j
2018-02-26 18:18 . 2018-02-26 18:18 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\SystemHealer
2018-02-26 18:18 . 2018-02-26 18:18 -------- d-----w- c:\programdata\b52a424380034f7bbde952c054521b01
2018-02-26 18:18 . 2018-02-26 18:18 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\92a75c3dba474cf991f455271528e7ae
2018-02-26 18:18 . 2018-02-26 18:18 -------- d-----w- c:\programdata\30d0848d6329410aa92bb12354a8c9eb
2018-02-26 18:17 . 2018-02-26 22:57 -------- d-----w- c:\program files (x86)\texttotalk
2018-02-26 18:17 . 2018-02-26 18:17 -------- d-----w- c:\programdata\9968eb06-5717-0
2018-02-26 18:17 . 2018-02-26 18:34 -------- d-----w- c:\program files (x86)\Multitimer
2018-02-26 18:17 . 2018-02-26 18:17 -------- d-----w- c:\programdata\9968eb06-0543-1
2018-02-26 18:17 . 2018-02-26 18:17 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\OneSystemCare
2018-02-26 18:17 . 2018-02-26 18:17 -------- d-----w- c:\program files (x86)\flop
2018-02-26 18:17 . 2018-02-26 18:17 -------- d-----w- c:\users\Maršiæ\AppData\Local\FastDataX
2018-02-26 18:14 . 2018-02-26 18:14 210483 ----a-w- c:\programdata\cl.uninstall.1519668753.bdinstall.bin
2018-02-26 18:13 . 2018-02-26 18:13 38363 ----a-w- c:\programdata\dm.uninstall.1519668789.bdinstall.bin
2018-02-26 18:13 . 2018-02-26 18:13 64228 ----a-w- c:\programdata\cl.1519668779.bdinstall.bin
2018-02-26 17:05 . 2018-02-26 17:05 -------- d-----w- c:\programdata\FreeRIP MP3 Converter
2018-02-26 17:05 . 2018-02-26 17:05 -------- d-----w- c:\program files (x86)\FreeRIP
2018-02-21 17:20 . 2018-02-21 17:20 -------- d-----w-r.l c:\users\MARI~1\AppData\Local\VIBERM~1.L
2018-02-21 17:20 . 2018-02-21 17:20 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\ViberPC
2018-02-21 17:20 . 2018-02-21 17:20 -------- d-----w- c:\users\Maršiæ\AppData\Local\Viber
2018-02-21 17:20 . 2018-02-21 17:20 -------- d-----w- c:\users\Maršiæ\AppData\Local\Package Cache
2018-02-20 19:19 . 2018-02-20 21:02 -------- d-----w- C:\_acestream_cache_
2018-02-20 19:04 . 2018-02-26 16:52 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\.ACEStream
2018-02-20 19:03 . 2018-02-20 19:05 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\ACEStream
2018-02-19 16:37 . 2018-02-19 16:44 -------- d-----r- C:\My Documents
2018-02-12 13:38 . 2018-02-12 13:38 45766 ----a-w- c:\programdata\dm.update.1518442646.bdinstall.bin
2018-02-11 22:53 . 2018-02-11 22:53 244208 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2018-02-06 10:20 . 2018-02-26 18:05 -------- d-----w- c:\users\Maršiæ\AppData\Roaming\Arobas Music
2018-02-06 10:16 . 2018-02-06 10:19 -------- d-----w- c:\programdata\Arobas Music
2018-02-06 10:12 . 2018-02-06 10:14 -------- d-----w- c:\programdata\Package Cache
2018-02-06 10:11 . 2018-02-06 10:16 -------- d-----w- c:\program files (x86)\Arobas Music
2018-02-06 10:11 . 2018-02-06 10:11 -------- d-----w- c:\windows\appdata
2018-02-06 10:11 . 2018-02-06 10:11 -------- d-----w- c:\program files (x86)\Arobas
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-02-07 10:37 . 2014-04-05 20:44 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-02-07 10:37 . 2014-04-05 20:44 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-13 09:33 . 2012-11-13 09:33 376512 ----a-w- c:\program files\setup.exe
2012-11-13 09:33 . 2012-11-13 09:33 114368 ----a-w- c:\program files\IDTSetup.exe
2012-11-12 18:44 . 2012-11-12 18:44 629 ----a-w- c:\program files\layout.bin
2012-11-12 18:04 . 2012-11-12 18:04 535552 ----a-w- c:\program files\ISSetup.dll
2012-11-12 18:04 . 2012-11-12 18:04 332744 ----a-w- c:\program files\_Setup.dll
1623-04-04 11:34 . 1623-04-04 11:34 73216 ------w- c:\program files (x86)\OOKmyuwjhia.exe
1623-04-04 11:34 . 1623-04-04 11:34 73216 ------w- c:\program files (x86)\Common Files\siYa.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2014-04-03 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2014-04-03 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}]
2018-02-26 20:31 567296 ----a-w- c:\program files (x86)\mexiCphuiIE\kOL5GTGD.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QJL5EONW3DHT6VX"="c:\program files\0PKV5NOYXS\0PKV5NOYX.exe" [2018-02-26 666112]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2018-01-12 7964080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-22 1226024]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2013-10-16 337184]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-29 636032]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-19 371976]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ ampa\0nt\0??????*???????r???????*????????1??????*?BootExecute\0??*????????2??????*?BootExecute\0??*?BootExecute\0??*????????3??????*?BootExecute\0??*?BootExecute\0??*????????4??????*?BootExecute\0??*?BootExecute\0??*???????????????*?BootExecute\0??*?SnAgent\0??????*???????????????*???????r???????*?[SetupPath]\0??*???????????????*???????????????*??????????\0bddel.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 ampa;ampa;c:\windows\system32\ampa.sys;c:\windows\SYSNATIVE\ampa.sys [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\system32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\system32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_usbccgpfilter;HwHandSet_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbccgpfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbccgpfilter.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinmonFS;WinmonFS;c:\windows\System32\drivers\WinmonFS.sys;c:\windows\SYSNATIVE\drivers\WinmonFS.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 WinmonProcessMonitor;WinmonProcessMonitor;c:\windows\System32\drivers\WinmonProcessMonitor.sys;c:\windows\SYSNATIVE\drivers\WinmonProcessMonitor.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 ProductAgentService;ProductAgentService;c:\program files\Bitdefender Agent\ProductAgentService.exe;c:\program files\Bitdefender Agent\ProductAgentService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WMS;WMS;c:\windows\appdata\taskmon.exe;c:\windows\appdata\taskmon.exe [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\system32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-08-10 15:24 324080 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2018-02-25 c:\windows\Tasks\HPCeeScheduleForMaršiæ.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43]
.
2018-02-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 36762c8f-42c7-441b-b45f-32ee75f25122.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2018-02-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 681e7934-b354-4c00-b177-f27acf0f3da1.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}]
2018-02-26 20:31 676352 ----a-w- c:\program files (x86)\mexiCphuiIE\tOKPSC3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-12 1664000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-26 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-26 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-26 439064]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{646BAAE7-7538-4866-8EEE-974C0AA910AB} - (no file)
Wow6432Node-HKCU-Run-1ZA0NZ6TV9O480L - c:\program files\IRM4RTTMNF\IRM4RTTMN.exe
Wow6432Node-HKCU-Run-T11JMQWS4HHG5N8 - c:\program files\HW07R6TI53\8SJUZCRNS.exe
Wow6432Node-HKCU-Run-X1OSLZSRUKC0RCR - c:\program files\BD6GXPLL02\BD6GXPLL0.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{646BAAE7-7538-4866-8EEE-974C0AA910AB} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SystemHealer_is1 - c:\program files (x86)\SystemHealer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_28_0_0_161_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_28_0_0_161_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_28_0_0_161_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_28_0_0_161_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_161.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.28"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_161.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_161.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_161.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\disk\WebService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\disk\WEBSER~1.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2018-02-27 01:18:28 - machine was rebooted
ComboFix-quarantined-files.txt 2018-02-27 00:18
.
Pre-Run: 47.154.892.800 bytes free
Post-Run: 47.245.570.048 bytes free
.
- - End Of File - - DC996D1BD8F7A73555891FB293B977EA

Attached Files


Edited by Oh My!, 27 February 2018 - 10:33 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 PM

Posted 27 February 2018 - 10:32 AM

Greetings Jammedz and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this. If necessary, download the below program onto a USB device from a clean computer and transfer it over to the infected computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for 64 bit systems and save it to your Desktop. <<< Important
  • Right click on the icon, rename it to FRST64english
  • Right click on the icon and select Run as administrator
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Edited by Oh My!, 27 February 2018 - 10:36 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Jammedz

Jammedz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 27 February 2018 - 12:41 PM

Thank You for replying :) Here are the notepad texts, FRST.txt first, Addition.txt second

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.02.2018
Ran by Maršić (administrator) on HP-PROBOOK (27-02-2018 18:24:10)
Running from C:\Users\Maršić\Desktop
Loaded Profiles: Maršić (Available Profiles: Maršić)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
() C:\Windows\appdata\taskmon.exe
() C:\Windows\Temp\gEC71.tmp.exe
(google.com) C:\Windows\appdata\wdf.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(TODO: <Company name>) C:\Disk\WebService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\0PKV5NOYXS\0PKV5NOYX.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(TODO: <Company name>) C:\Disk\WebService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(PC Tools) C:\Disk\securedisk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1226024 2010-02-22] (Nero AG)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-60233126-3472939666-3335248029-1000\...\Run: [QJL5EONW3DHT6VX] => C:\Program Files\0PKV5NOYXS\0PKV5NOYX.exe [666112 2018-02-26] ()
HKU\S-1-5-21-60233126-3472939666-3335248029-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964080 2018-01-12] (SUPERAntiSpyware)
BootExecute: ampant??????* ???????r???????* ????????1??????* ?BootExecute??* ????????2??????* ?BootExecute??* ?BootExecute??* ????????3??????* ?BootExecute??* ?BootExecute??* ????????4??????* ?BootExecute??* ?BootExecute??* ???????????????* ?BootExecute??* ?SnAgent??????* ???????????????* ???????r???????* ?[SetupPath]??* ???????????????* ???????????????* ??????????bddel.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4BCE3ED6-BD51-4489-8AE0-C49CAC5362F0}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{B28F8443-070F-46B1-83B7-0883B26099D8}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-60233126-3472939666-3335248029-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-60233126-3472939666-3335248029-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-60233126-3472939666-3335248029-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-60233126-3472939666-3335248029-1000 -> {89450EF7-ED1A-4CAF-8206-831931B563F7} URL = hxxps://mysearch.avg.com/search?cid={3C620E8D-C93F-44E3-B395-13AF21E53D7E}&mid=94d1e6ddf9d347d293d16dcc10f7213d-bc5c2aee4f9ac945c770b38e3d2930dc281915cb&lang=en&ds=AVG&coid=avgtbavg&cmpid=1116tb&pr=fr&d=2016-03-11 17:59:49&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-60233126-3472939666-3335248029-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\mexiCphuiIE\tOKPSC3.dll [2018-02-26] ()
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\mexiCphuiIE\kOL5GTGD.dll [2018-02-26] ()
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll [2012-09-19] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Maršić\AppData\Roaming\Mozilla\Firefox\Profiles\35yv9orq.default-1478104074583 [2018-02-26]
FF user.js: detected! => C:\Users\Maršić\AppData\Roaming\Mozilla\Firefox\Profiles\35yv9orq.default-1478104074583\user.js [2017-06-30]
FF Homepage: Mozilla\Firefox\Profiles\35yv9orq.default-1478104074583 -> hxxps://www.google.hr/
FF Extension: (System Table) - C:\Users\Maršić\AppData\Roaming\Mozilla\Firefox\Profiles\35yv9orq.default-1478104074583\Extensions\383882@modext.tech.xpi [2018-02-22]
FF HKU\S-1-5-21-60233126-3472939666-3335248029-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Maršić\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (__MSG_extName__) - C:\Users\Maršić\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-01-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-60233126-3472939666-3335248029-1000: @acestream.net/acestreamplugin,version=3.1.20.4 -> C:\Users\Maršić\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)

Chrome:
=======
CHR Profile: C:\Users\Maršić\AppData\Local\Google\Chrome\User Data\Default [2018-02-26]
CHR Extension: (Google Slides) - C:\Users\Maršić\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-22]
CHR Extension: (Google Docs) - C:\Users\Maršić\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-22]
CHR Extension: (Google Drive) - C:\Users\Maršić\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-22]
CHR Extension: (YouTube) - C:\Users\Maršić\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-22]
CHR Extension: (Google Sheets) - C:\Users\Maršić\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\Maršić\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Maršić\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-22]
CHR Extension: (Quick Searcher) - C:\Users\Maršić\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-02-26]
CHR Extension: (Gmail) - C:\Users\Maršić\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-22]
CHR Extension: (Chrome Media Router) - C:\Users\Maršić\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-22]
CHR HKU\S-1-5-21-60233126-3472939666-3335248029-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com) [File not signed]
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] ()
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WMS; C:\Windows\appdata\taskmon.exe [329728 2014-08-31] () [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.)
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] () [File not signed]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] () [File not signed]
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [187688 2017-05-11] (BitDefender LLC) [File not signed]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2017-05-20] (SlimWare Utilities, Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [439576 2017-04-11] (BitDefender S.R.L.) [File not signed]
S3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [23272 2018-02-26] (Windows ® Win 7 DDK provider) [File not signed]
R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [35072 2018-02-26] () [File not signed]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-27 18:24 - 2018-02-27 18:24 - 000024415 _____ C:\Users\Maršić\Desktop\FRST.txt
2018-02-27 18:20 - 2018-02-27 18:24 - 000000000 ____D C:\FRST
2018-02-27 18:20 - 2018-02-27 18:17 - 002403328 _____ (Farbar) C:\Users\Maršić\Desktop\FRST64.exe
2018-02-27 18:01 - 2018-02-27 18:01 - 000279832 _____ C:\Windows\Minidump\022718-26161-01.dmp
2018-02-27 01:44 - 2018-02-27 01:45 - 000000000 ____D C:\Users\Maršić\AppData\Local\Viber
2018-02-27 01:29 - 2018-02-27 18:01 - 000004572 __RSH C:\ProgramData\ntuser.pol
2018-02-27 01:18 - 2018-02-27 01:18 - 000028677 _____ C:\ComboFix.txt
2018-02-27 01:02 - 2018-02-27 01:03 - 000279832 _____ C:\Windows\Minidump\022718-22994-01.dmp
2018-02-27 00:25 - 2018-02-27 01:19 - 000000000 ____D C:\Qoobox
2018-02-27 00:25 - 2011-06-26 07:45 - 000256000 _____ C:\Windows\PEV.exe
2018-02-27 00:25 - 2010-11-07 18:20 - 000208896 _____ C:\Windows\MBR.exe
2018-02-27 00:25 - 2009-04-20 05:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-02-27 00:25 - 2000-08-31 01:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-02-27 00:25 - 2000-08-31 01:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-02-27 00:25 - 2000-08-31 01:00 - 000098816 _____ C:\Windows\sed.exe
2018-02-27 00:25 - 2000-08-31 01:00 - 000080412 _____ C:\Windows\grep.exe
2018-02-27 00:25 - 2000-08-31 01:00 - 000068096 _____ C:\Windows\zip.exe
2018-02-27 00:23 - 2018-02-27 01:13 - 000000000 ____D C:\Windows\erdnt
2018-02-27 00:23 - 2018-02-27 00:24 - 000279832 _____ C:\Windows\Minidump\022718-22760-01.dmp
2018-02-27 00:21 - 2018-02-27 00:21 - 005660720 ____R (Swearware) C:\Users\Maršić\Desktop\ComboFix.exe
2018-02-26 23:31 - 2018-02-27 00:23 - 000000000 ____D C:\SUPERDelete
2018-02-26 23:30 - 2018-02-26 23:30 - 000001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2018-02-26 23:30 - 2018-02-26 23:30 - 000000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 681e7934-b354-4c00-b177-f27acf0f3da1.job
2018-02-26 23:30 - 2018-02-26 23:30 - 000000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 36762c8f-42c7-441b-b45f-32ee75f25122.job
2018-02-26 23:30 - 2018-02-26 23:30 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\SUPERAntiSpyware.com
2018-02-26 23:30 - 2018-02-26 23:30 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-02-26 23:30 - 2018-02-26 23:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-02-26 23:30 - 2018-02-26 23:30 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-02-26 22:52 - 2018-02-26 22:52 - 000021471 _____ C:\ProgramData\agent.uninstall.1519681965.bdinstall.bin
2018-02-26 21:43 - 2018-02-26 23:58 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\1e39d0b71e044e87b7adcf04e00c14df
2018-02-26 21:43 - 2018-02-26 21:43 - 000000000 ____D C:\Users\Maršić\AppData\Local\54e9d453b635440f898bc37641dcb9b1
2018-02-26 21:42 - 2018-02-26 21:43 - 000279832 _____ C:\Windows\Minidump\022618-45973-01.dmp
2018-02-26 21:32 - 2018-02-26 21:39 - 000000000 ____D C:\Users\Maršić\AppData\LocalLow\LrNtDeMxGEQXs
2018-02-26 21:32 - 2018-02-26 21:32 - 000002860 _____ C:\Windows\System32\Tasks\oWotDXBujaUxMpNAqmS2
2018-02-26 21:32 - 2018-02-26 21:32 - 000000000 ____D C:\Program Files (x86)\zKUGIuVeiGvyC
2018-02-26 21:31 - 2018-02-26 23:57 - 000000000 ____D C:\Program Files (x86)\mexiCphuiIE
2018-02-26 21:31 - 2018-02-26 21:31 - 000023930 _____ C:\Windows\System32\Tasks\{7D090B47-0E7D-7905-0F11-0B04097D117D}
2018-02-26 21:31 - 2018-02-26 21:31 - 000003570 _____ C:\Windows\System32\Tasks\SystemHealer Task
2018-02-26 21:31 - 2018-02-26 21:31 - 000003060 _____ C:\Windows\System32\Tasks\OHurYzwpfZsLsh
2018-02-26 21:31 - 2018-02-26 21:31 - 000002872 _____ C:\Windows\System32\Tasks\VTsFYYvpoVEusFPoU2
2018-02-26 21:31 - 2018-02-26 21:31 - 000002850 _____ C:\Windows\System32\Tasks\wXkHuguozQzssiw2
2018-02-26 21:31 - 2018-02-26 21:31 - 000000000 ____D C:\Program Files (x86)\seyizDCNnFUn
2018-02-26 21:31 - 2018-02-26 21:31 - 000000000 ____D C:\Program Files (x86)\pBsTWTvYOXtU2
2018-02-26 21:31 - 2018-02-26 21:31 - 000000000 ____D C:\Program Files (x86)\GveoMZenU
2018-02-26 21:31 - 2018-02-26 21:31 - 000000000 ____D C:\Program Files (x86)\eDQUsUcxIryKmPtCCUR
2018-02-26 21:30 - 2018-02-27 00:07 - 000000000 ____D C:\Program Files\LaCie Private Public
2018-02-26 21:29 - 2018-02-26 21:29 - 000003324 _____ C:\Windows\System32\Tasks\System Healer Monitor
2018-02-26 21:28 - 2018-02-26 21:29 - 000000000 ____D C:\Program Files\0PKV5NOYXS
2018-02-26 21:28 - 2018-02-26 21:28 - 000279832 _____ C:\Windows\Minidump\022618-47439-01.dmp
2018-02-26 21:28 - 2018-02-26 21:28 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\jdab0vlnvj5
2018-02-26 21:28 - 2018-02-26 21:28 - 000000000 ____D C:\Users\Maršić\AppData\Local\8a55adc99bfb4fe19337990580d54179
2018-02-26 21:16 - 2018-02-26 21:16 - 000035072 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
2018-02-26 21:15 - 2018-02-26 21:15 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\k335zcvsmiq
2018-02-26 21:15 - 2018-02-26 21:15 - 000000000 ____D C:\ProgramData\c7a04653260040a6b77b9371462af065
2018-02-26 21:07 - 2018-02-26 21:07 - 000000000 ____D C:\Windows\Panther
2018-02-26 21:01 - 2018-02-26 21:01 - 000219896 _____ C:\ProgramData\cl.1519675004.bdinstall.bin
2018-02-26 21:01 - 2018-02-26 21:01 - 000077068 _____ C:\ProgramData\cl.kit.1519674997.bdinstall.bin
2018-02-26 20:57 - 2018-02-26 20:57 - 000000000 ____D C:\Program Files\Bitdefender
2018-02-26 20:57 - 2017-05-11 04:37 - 000187688 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2018-02-26 20:57 - 2017-04-11 03:19 - 000439576 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2018-02-26 20:56 - 2018-02-26 20:57 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2018-02-26 20:56 - 2013-10-14 18:00 - 000028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2018-02-26 20:49 - 2018-02-26 20:49 - 000031104 _____ C:\ProgramData\agent.update.1519674562.bdinstall.bin
2018-02-26 20:42 - 2018-02-26 20:43 - 000279888 _____ C:\Windows\Minidump\022618-37923-01.dmp
2018-02-26 19:35 - 2018-02-26 19:35 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-02-26 19:34 - 2018-02-26 19:34 - 000003162 _____ C:\Windows\System32\Tasks\{B225A21D-5FB0-428A-8F83-9482D74FDACD}
2018-02-26 19:27 - 2018-02-26 19:27 - 010160608 _____ C:\Users\Maršić\Downloads\bitdefender_online.exe
2018-02-26 19:26 - 2018-02-26 19:26 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\EpicNet Inc
2018-02-26 19:25 - 2018-02-26 19:25 - 000023272 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\WinmonFS.sys
2018-02-26 19:25 - 2018-02-26 19:25 - 000009352 _____ C:\Windows\system32\Drivers\Winmon.sys
2018-02-26 19:25 - 2018-02-26 19:25 - 000000000 ____D C:\Users\Maršić\AppData\Local\SeleniumHelper
2018-02-26 19:24 - 2018-02-26 19:25 - 005562240 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2018-02-26 19:24 - 2018-02-26 19:25 - 000605552 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2018-02-26 19:23 - 2018-02-27 00:06 - 000000000 ____D C:\Program Files\HW07R6TI53
2018-02-26 19:23 - 2018-02-26 19:23 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\l3m1dwvsfzr
2018-02-26 19:23 - 2018-02-26 19:23 - 000000000 ____D C:\ProgramData\d6e8c71da3994028ab1b4700b612a90a
2018-02-26 19:22 - 2018-02-26 19:22 - 000000258 __RSH C:\Users\Maršić\ntuser.pol
2018-02-26 19:21 - 2018-02-26 19:21 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\WidModule
2018-02-26 19:21 - 2018-02-26 19:21 - 000000000 ____D C:\ProgramData\768914e2-6f65-0
2018-02-26 19:21 - 2018-02-26 19:21 - 000000000 ____D C:\ProgramData\768914e2-1e35-1
2018-02-26 19:20 - 2018-02-26 23:30 - 000000000 ___HD C:\Windows\rss
2018-02-26 19:20 - 2018-02-26 19:20 - 000003242 _____ C:\Windows\System32\Tasks\LaCieS
2018-02-26 19:19 - 2018-02-26 19:19 - 000000000 ____D C:\Windows\System32\Tasks\Defender
2018-02-26 19:18 - 2018-02-27 18:27 - 000016696 _____ C:\Windows\System32\Tasks\AddOnTop
2018-02-26 19:18 - 2018-02-27 00:07 - 000000000 ____D C:\Program Files\IRM4RTTMNF
2018-02-26 19:18 - 2018-02-26 23:57 - 000000000 ____D C:\Users\Maršić\AppData\Local\Optimizer
2018-02-26 19:18 - 2018-02-26 21:45 - 000016080 _____ C:\Users\Maršić\AppData\Local\InstallationConfiguration.xml
2018-02-26 19:18 - 2018-02-26 21:43 - 000930816 _____ C:\Users\Maršić\AppData\Local\po.db
2018-02-26 19:18 - 2018-02-26 21:30 - 000000000 ____D C:\Disk
2018-02-26 19:18 - 2018-02-26 19:18 - 000140800 _____ C:\Users\Maršić\AppData\Local\installer.dat
2018-02-26 19:18 - 2018-02-26 19:18 - 000004520 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_XO
2018-02-26 19:18 - 2018-02-26 19:18 - 000004520 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_FC
2018-02-26 19:18 - 2018-02-26 19:18 - 000004508 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_VL
2018-02-26 19:18 - 2018-02-26 19:18 - 000004432 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_YX
2018-02-26 19:18 - 2018-02-26 19:18 - 000004408 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_KL
2018-02-26 19:18 - 2018-02-26 19:18 - 000000000 ____D C:\Windat
2018-02-26 19:18 - 2018-02-26 19:18 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\SystemHealer
2018-02-26 19:18 - 2018-02-26 19:18 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\pi2cwfjee0j
2018-02-26 19:18 - 2018-02-26 19:18 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\92a75c3dba474cf991f455271528e7ae
2018-02-26 19:18 - 2018-02-26 19:18 - 000000000 ____D C:\ProgramData\b52a424380034f7bbde952c054521b01
2018-02-26 19:18 - 2018-02-26 19:18 - 000000000 ____D C:\ProgramData\30d0848d6329410aa92bb12354a8c9eb
2018-02-26 19:17 - 2018-02-26 23:57 - 000000000 ____D C:\Program Files (x86)\texttotalk
2018-02-26 19:17 - 2018-02-26 19:34 - 000000000 ____D C:\Program Files (x86)\Multitimer
2018-02-26 19:17 - 2018-02-26 19:17 - 000003646 _____ C:\Windows\System32\Tasks\{C32E7C64-BBB5-4277-8B8B-8A142636F663}
2018-02-26 19:17 - 2018-02-26 19:17 - 000003428 _____ C:\Windows\System32\Tasks\{047EF151-B279-4C4F-934F-DCCB0C93BDBD}
2018-02-26 19:17 - 2018-02-26 19:17 - 000000003 _____ C:\Users\Maršić\AppData\Local\wbem.ini
2018-02-26 19:17 - 2018-02-26 19:17 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\OneSystemCare
2018-02-26 19:17 - 2018-02-26 19:17 - 000000000 ____D C:\Users\Maršić\AppData\Local\FastDataX
2018-02-26 19:17 - 2018-02-26 19:17 - 000000000 ____D C:\ProgramData\9968eb06-5717-0
2018-02-26 19:17 - 2018-02-26 19:17 - 000000000 ____D C:\ProgramData\9968eb06-0543-1
2018-02-26 19:17 - 2018-02-26 19:17 - 000000000 ____D C:\Program Files (x86)\flop
2018-02-26 19:14 - 2018-02-26 19:14 - 000210483 _____ C:\ProgramData\cl.uninstall.1519668753.bdinstall.bin
2018-02-26 19:13 - 2018-02-26 19:13 - 000064228 _____ C:\ProgramData\cl.1519668779.bdinstall.bin
2018-02-26 19:13 - 2018-02-26 19:13 - 000038363 _____ C:\ProgramData\dm.uninstall.1519668789.bdinstall.bin
2018-02-26 18:12 - 2018-02-26 18:20 - 000000403 _____ C:\Windows\cdplayer.ini
2018-02-26 18:05 - 2018-02-26 18:05 - 002064360 _____ (GreenTree Applications SRL) C:\Users\Maršić\Downloads\setup-freeripmp3-no.exe
2018-02-26 18:05 - 2018-02-26 18:05 - 000001534 _____ C:\ProgramData\ss.ini
2018-02-26 18:05 - 2018-02-26 18:05 - 000000998 _____ C:\Users\Maršić\Desktop\FreeRIP MP3 Converter.lnk
2018-02-26 18:05 - 2018-02-26 18:05 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2018-02-26 18:05 - 2018-02-26 18:05 - 000000000 ____D C:\ProgramData\FreeRIP MP3 Converter
2018-02-26 18:05 - 2018-02-26 18:05 - 000000000 ____D C:\Program Files (x86)\FreeRIP
2018-02-25 14:47 - 2018-02-25 14:47 - 034699354 _____ C:\Users\Maršić\Desktop\BMT instrumenten.pdf
2018-02-22 17:01 - 2018-02-22 17:01 - 000000000 ____D C:\Users\Maršić\Desktop\Kirurski cvorovi
2018-02-21 18:20 - 2018-02-27 01:48 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\ViberPC
2018-02-21 18:20 - 2018-02-21 18:20 - 000000959 _____ C:\Users\Maršić\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2018-02-21 18:20 - 2018-02-21 18:20 - 000000957 _____ C:\Users\Maršić\Desktop\Viber.lnk
2018-02-21 18:20 - 2018-02-21 18:20 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2018-02-21 18:20 - 2018-02-21 18:20 - 000000000 ____D C:\Users\Maršić\AppData\Local\Viber Media S.à r.l
2018-02-21 18:20 - 2018-02-21 18:20 - 000000000 ____D C:\Users\Maršić\AppData\Local\Package Cache
2018-02-21 18:05 - 2018-02-27 01:43 - 000000000 ____D C:\Users\Maršić\Documents\ViberDownloads
2018-02-21 18:02 - 2018-02-21 18:03 - 084251248 _____ (Viber Media Inc.) C:\Users\Maršić\Downloads\ViberSetup.exe
2018-02-20 20:19 - 2018-02-20 22:02 - 000000000 ____D C:\_acestream_cache_
2018-02-20 20:04 - 2018-02-26 17:52 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\.ACEStream
2018-02-20 20:04 - 2018-02-20 20:04 - 000001970 _____ C:\Users\Maršić\Desktop\Ace Player.lnk
2018-02-20 20:04 - 2018-02-20 20:04 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2018-02-20 20:03 - 2018-02-20 20:05 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\ACEStream
2018-02-20 20:03 - 2018-02-20 20:03 - 000000000 ____D C:\Users\Maršić\AppData\LocalLow\.ACEStream
2018-02-12 14:38 - 2018-02-12 14:38 - 000045766 _____ C:\ProgramData\dm.update.1518442646.bdinstall.bin
2018-02-06 11:20 - 2018-02-27 01:32 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\Arobas Music
2018-02-06 11:16 - 2018-02-06 11:19 - 000000000 ____D C:\ProgramData\Arobas Music
2018-02-06 11:14 - 2018-02-13 17:35 - 000001204 _____ C:\Users\Public\Desktop\Guitar Pro 7.lnk
2018-02-06 11:14 - 2018-02-13 17:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 7
2018-02-06 11:13 - 2015-07-18 14:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-02-06 11:13 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-02-06 11:12 - 2018-02-06 11:14 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-06 11:11 - 2018-02-06 11:16 - 000000000 ____D C:\Program Files (x86)\Arobas Music
2018-02-06 11:11 - 2018-02-06 11:11 - 000000000 ____D C:\Program Files (x86)\Arobas

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-27 18:01 - 2017-07-02 17:37 - 000000000 ____D C:\Windows\Minidump
2018-02-27 18:01 - 2012-09-26 08:53 - 000000967 _____ C:\Windows\SysWOW64\bscs.ini
2018-02-27 18:01 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-27 18:00 - 2017-07-02 17:37 - 649040845 _____ C:\Windows\MEMORY.DMP
2018-02-27 01:03 - 2009-07-14 03:34 - 000000215 _____ C:\Windows\system.ini
2018-02-27 00:49 - 2009-07-14 03:34 - 072876032 _____ C:\Windows\system32\config\SOFTWARE.bak
2018-02-27 00:49 - 2009-07-14 03:34 - 020447232 _____ C:\Windows\system32\config\SYSTEM.bak
2018-02-27 00:48 - 2009-07-14 03:34 - 000262144 _____ C:\Windows\system32\config\SECURITY.bak
2018-02-27 00:48 - 2009-07-14 03:34 - 000262144 _____ C:\Windows\system32\config\DEFAULT.bak
2018-02-27 00:24 - 2009-07-14 03:34 - 000262144 _____ C:\Windows\system32\config\SAM.bak
2018-02-26 21:22 - 2016-11-18 14:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-26 21:21 - 2016-11-21 18:57 - 000000000 ____D C:\Users\Maršić\AppData\LocalLow\Mozilla
2018-02-26 21:14 - 2009-07-14 05:45 - 000521624 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-26 21:13 - 2009-07-14 05:45 - 000017040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-26 21:13 - 2009-07-14 05:45 - 000017040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-26 21:09 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-02-26 21:09 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-26 20:49 - 2017-06-15 11:49 - 000000000 ____D C:\Program Files\Bitdefender Agent
2018-02-26 19:30 - 2014-04-03 21:23 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\hpqLog
2018-02-26 19:22 - 2014-04-03 19:55 - 000000000 ____D C:\Users\Maršić
2018-02-26 19:18 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-02-26 19:17 - 2017-11-18 23:35 - 000000000 ____D C:\Program Files\Image-Line
2018-02-26 19:17 - 2016-04-12 10:04 - 000000000 ____D C:\Program Files\ArnesLink
2018-02-26 19:14 - 2017-06-15 12:06 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\Bitdefender
2018-02-26 19:14 - 2017-06-15 12:04 - 000000000 ____D C:\ProgramData\Bitdefender
2018-02-26 19:13 - 2017-06-15 21:01 - 000181694 _____ C:\bdlog.txt
2018-02-26 19:09 - 2017-10-29 15:15 - 000000000 ____D C:\Users\Maršić\Desktop\ATLASI
2018-02-25 11:51 - 2016-08-04 18:30 - 000000000 ____D C:\Users\Maršić\Desktop\STAŽ - dokumenti
2018-02-25 10:03 - 2018-01-09 18:07 - 000000336 _____ C:\Windows\Tasks\HPCeeScheduleForMaršić.job
2018-02-24 14:41 - 2018-01-09 18:07 - 000003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMaršić
2018-02-24 14:38 - 2015-11-01 20:55 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-22 16:59 - 2014-07-21 12:02 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\dvdcss
2018-02-22 16:50 - 2009-07-14 06:13 - 000726316 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-18 21:12 - 2017-11-19 22:59 - 000000000 ____D C:\Users\Maršić\Desktop\Moj Kanal
2018-02-18 17:49 - 2014-04-08 18:30 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\vlc
2018-02-16 23:20 - 2014-12-28 10:32 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-11 14:22 - 2009-07-14 06:08 - 000032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-10 13:58 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2018-02-07 11:37 - 2015-02-01 17:12 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-07 11:37 - 2014-04-05 21:44 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-07 11:37 - 2014-04-05 21:44 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 11:37 - 2014-04-05 21:44 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-07 11:37 - 2014-04-05 21:44 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-06 12:02 - 2015-10-30 17:33 - 000000000 ____D C:\Users\Maršić\AppData\Roaming\Guitar Pro 6
2018-02-06 12:02 - 2015-10-30 17:29 - 000000000 ____D C:\Program Files (x86)\Guitar Pro 6
2018-01-29 11:14 - 2009-07-14 04:20 - 000000000 __RHD C:\Users\Public\Libraries

==================== Files in the root of some directories =======

2015-10-27 16:00 - 2015-10-27 16:00 - 000000000 _____ () C:\ProgramData\inf.dat
2012-11-12 19:44 - 2012-11-12 19:44 - 002941992 _____ () C:\Program Files\data1.cab
2012-11-12 19:44 - 2012-11-12 19:44 - 000029186 _____ () C:\Program Files\data1.hdr
2012-11-12 19:44 - 2012-11-12 19:44 - 000000512 _____ () C:\Program Files\data2.cab
2012-11-15 13:31 - 2012-11-15 13:31 - 000031737 _____ () C:\Program Files\HP_WRT_M12.bld
2012-11-13 10:33 - 2012-11-13 10:33 - 000114368 _____ (IDT, Inc.) C:\Program Files\IDTSetup.exe
2012-11-12 19:04 - 2012-11-12 19:04 - 000535552 _____ (Macrovision Corporation) C:\Program Files\ISSetup.dll
2012-11-12 19:44 - 2012-11-12 19:44 - 000000629 _____ () C:\Program Files\layout.bin
2012-11-12 19:03 - 2012-11-12 19:03 - 000000433 _____ () C:\Program Files\old1uninstall.iss
2012-11-12 19:03 - 2012-11-12 19:03 - 000000370 _____ () C:\Program Files\olduninstall.iss
2012-11-12 19:03 - 2012-11-12 19:03 - 000293950 _____ () C:\Program Files\PCAudio.ico
2012-11-12 19:03 - 2012-11-12 19:03 - 000921656 _____ () C:\Program Files\setup.bmp
2012-11-13 10:33 - 2012-11-13 10:33 - 000376512 _____ (Macrovision Corporation) C:\Program Files\setup.exe
2012-11-15 13:31 - 2012-11-15 13:31 - 000000850 _____ () C:\Program Files\Setup.ini
2012-11-12 19:44 - 2012-11-12 19:44 - 000345151 _____ () C:\Program Files\setup.inx
2012-11-12 19:03 - 2012-11-12 19:03 - 000000241 _____ () C:\Program Files\setup.iss
2012-11-12 19:04 - 2012-11-12 19:04 - 000332744 _____ (Macrovision Corporation) C:\Program Files\_Setup.dll
1623-04-04 12:34 - 1623-04-04 12:34 - 000073216 ____N (Microsoft Corporation) C:\Program Files (x86)\OOKmyuwjhia.exe
2016-10-20 14:15 - 2016-10-20 14:15 - 000000604 ____H () C:\Program Files (x86)\_Z2
1623-04-04 12:34 - 1623-04-04 12:34 - 000073216 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\siYa.exe
2018-02-26 19:18 - 2018-02-26 21:45 - 000016080 _____ () C:\Users\Maršić\AppData\Local\InstallationConfiguration.xml
2018-02-26 19:18 - 2018-02-26 19:18 - 000140800 _____ () C:\Users\Maršić\AppData\Local\installer.dat
2015-10-27 15:55 - 2015-10-27 15:54 - 000000187 _____ () C:\Users\Maršić\AppData\Local\Newfinhigh.exe.config
2018-02-26 19:18 - 2018-02-26 21:43 - 000930816 _____ () C:\Users\Maršić\AppData\Local\po.db
2018-02-26 19:17 - 2018-02-26 19:17 - 000000003 _____ () C:\Users\Maršić\AppData\Local\wbem.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 04:24] - [2014-04-03 19:58] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 04:24] - [2014-04-03 19:58] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION

BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully

LastRegBack: 2018-02-19 18:55

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by Maršić (27-02-2018 18:28:22)
Running from C:\Users\Maršić\Desktop
Windows 7 Enterprise Service Pack 1 (X64) (2014-04-03 18:55:06)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-60233126-3472939666-3335248029-500 - Administrator - Disabled)
Guest (S-1-5-21-60233126-3472939666-3335248029-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-60233126-3472939666-3335248029-1002 - Limited - Enabled)
Maršić (S-1-5-21-60233126-3472939666-3335248029-1000 - Administrator - Enabled) => C:\Users\Maršić

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{818912C6-BD97-B888-53F1-1C64148A754F}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
AOMEI Partition Assistant Pro Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArnesLink 1.0 x64 (HKLM\...\{386E172D-85BC-414C-8E1B-6D103F95CC7D}) (Version: 1.0 - Amebis, Slovenia, E.U.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Avid License Control (HKLM-x32\...\{89A9B9EE-839E-4820-9450-2912C82F46AF}) (Version: 6.0.0 - Avid Technology, Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.49 - Bitdefender)
CurveFever version v0.5.2p1 (HKLM-x32\...\{BB93318E-F11A-484C-8629-BCFC5D47914D}_is1) (Version: v0.5.2p1 - Curve Fever)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
eMedia Guitar Method (HKLM-x32\...\{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}) (Version:  - eMedia Guitar Method)
Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX218 Series Printer Uninstall (HKLM\...\EPSON SX218 Series) (Version:  - SEIKO EPSON Corporation)
EPSON SX218 Series Priručnik (HKLM-x32\...\EPSON SX218 Series Manual) (Version:  - )
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FreeRIP MP3 Converter 5.7.0.1 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 5.7.0.1 - GreenTree Applications SRL)
globalupdate Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Guitar Pro 7 - Soundbanks (HKLM-x32\...\com.arobas-music.guitarpro7-soundbanks_is1) (Version: 1.0.69 - Arobas Music)
Guitar Pro 7 (HKLM-x32\...\{BF4EDCFF-ED20-4AF6-A636-EBAC931336CD}_is1) (Version: 7.0.8.1042 - Arobas Music)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
High-Definition Video Playback 10 (HKLM-x32\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.0.11000.25.1 - Nero AG) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP 3D DriveGuard (HKLM\...\{6C8684DD-B238-4806-9E93-BDD12CD11998}) (Version: 5.1.12.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{7F7E2060-7212-4A53-9875-55173E4BA3F0}) (Version: 5.0.21.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
LaCie Private Public version 1.2 (HKLM\...\{5553AC21-44FC-4F8B-B3BB-3B7E913F465B}_is1) (Version: 1.2 - LaCie Private, Inc.)
Mendeley Desktop 1.16.1 (HKLM-x32\...\Mendeley Desktop) (Version: 1.16.1 - Mendeley Ltd.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - Croatian/Hrvatski (HKLM-x32\...\OMUI.hr-hr) (Version: 12.0.4518.1041 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Movie ThemePack 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.0.10300.2.0 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10500.7.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.11000.6.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10600.1.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10500.1.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0012 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.10700.4.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10500.1.100 - Nero AG)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)
PX Profile Update (HKLM-x32\...\{146EF295-9218-6595-17A4-29AA1D4EF45F}) (Version: 1.00.1. - AMD) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{95DF815D-BE2D-9118-F549-39794C5869CF}) (Version: 9.0.725.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{7325A8DF-C8C3-4425-B0CA-8CAEE5E6464B}) (Version: 7.0.1 - Avid)
Sibelius 7.1.0.54 (HKLM\...\Sibelius 7.0.0.23_is1) (Version: 7.1.0.54 - Avid)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
System Healer (HKLM-x32\...\SystemHealer_is1) (Version: 4.4.0.3 - System Healer) <==== ATTENTION
Viber (HKLM-x32\...\{04215E00-5175-484D-9541-263F366B6E60}) (Version: 8.2.0.8 - Viber Media Inc.) Hidden
Video Win Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.621  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-60233126-3472939666-3335248029-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
YoutubeAdBlock (HKLM-x32\...\E3605470-291B-44EB-8648-745EE356599A) (Version: 2.0.0.459 - Company Inc.) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} =>  -> No File
ContextMenuHandlers1: [BthSendToContextMenuExt] -> {CF373149-C3D9-4AEB-9CE8-BDD1D2FFFA5B} => C:\Windows\system32\BSAppShlExt.dll [2012-09-19] (TODO: <公司名>)
ContextMenuHandlers1-x32: [NeroShellExt] -> {F764812A-132C-4013-9960-5CBBEB408A0E} => C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll [2010-02-22] (Nero AG)
ContextMenuHandlers1-x32: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers2-x32: [NeroShellExt] -> {F764812A-132C-4013-9960-5CBBEB408A0E} => C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll [2010-02-22] (Nero AG)
ContextMenuHandlers2-x32: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers4-x32: [NeroShellExt] -> {F764812A-132C-4013-9960-5CBBEB408A0E} => C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll [2010-02-22] (Nero AG)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-03-29] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-26] (Intel Corporation)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {044DA056-1C88-4726-A8B6-0BCFD04EC27C} - System32\Tasks\GoogleUpdateSecurityTaskMachine_YX => C:\ProgramData\30d0848d6329410aa92bb12354a8c9eb\HandlerExecution.exe [2018-02-26] () <==== ATTENTION
Task: {07ED638E-6B8B-4DF4-A295-91ADC7DD8F2D} - System32\Tasks\HPCeeScheduleForMaršić => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {09E0670E-35C0-4CDF-974B-97C2D9A062E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {1F5C6450-9144-4ECE-B427-85E8B7DF28CD} - System32\Tasks\GoogleUpdateSecurityTaskMachine_XO => C:\Users\Maršić\AppData\Local\Temp\74df3cfda770475bb120e150a1c1e06e\HandlerExecution.exe <==== ATTENTION
Task: {217BD1F3-F50D-4D8F-8E05-84E5D09FF5E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2847861A-C8D8-467B-8A28-28AEBA3FFC11} - System32\Tasks\{B225A21D-5FB0-428A-8F83-9482D74FDACD} => C:\Windows\system32\pcalua.exe -a "C:\Users\Maršić\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall
Task: {2CD4F781-D55B-4854-9AD7-18FDB982254E} - System32\Tasks\{C32E7C64-BBB5-4277-8B8B-8A142636F663} => C:\Program Files (x86)\Common Files\siYa.exe [1623-04-04] (Microsoft Corporation)
Task: {4DC63A3B-06A8-4A95-8E72-8FD201BC7A10} - System32\Tasks\{49C4AF16-EC41-4B21-A5FF-AF18810A4203} => C:\Windows\system32\pcalua.exe -a E:\hp\sp58722.exe -d E:\hp
Task: {54696FDF-F994-4039-B847-949BC776418C} - System32\Tasks\{7D090B47-0E7D-7905-0F11-0B04097D117D} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwA7ADsAIAAgADsAOwA7ACAAOwAgACAAIAA7ADsAOwAgADsAOwAgADsAIAAgADsAIAA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcA (the data entry has 9804 more characters). <==== ATTENTION
Task: {567DF336-E021-48F8-A6BB-07119CECD746} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {56FB100D-C6D2-424F-9487-B48B552ED6F1} - System32\Tasks\GoogleUpdateSecurityTaskMachine_FC => C:\Users\Maršić\AppData\Local\Temp\43dbbf7fc4054f49acd760463a43dd6d\HandlerExecution.exe <==== ATTENTION
Task: {5C595864-22A5-407E-BE8A-3EB44DD9E687} - System32\Tasks\GoogleUpdateSecurityTaskMachine_VL => C:\Users\Maršić\AppData\Roaming\92a75c3dba474cf991f455271528e7ae\HandlerExecution.exe <==== ATTENTION
Task: {5EB31AE7-D6E9-4FBE-84F1-B99577BF2843} - System32\Tasks\oWotDXBujaUxMpNAqmS2 => rundll32 "C:\Program Files (x86)\zKUGIuVeiGvyC\GFCeOyR.dll",#1
Task: {7545D2E8-A0DE-4245-97FB-445AD25ADD53} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {873187B3-EE50-4908-A364-CEED227E5392} - System32\Tasks\SystemHealer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE <==== ATTENTION
Task: {9DD4D8A2-DF7F-4F62-A1C4-60BA96746EB0} - System32\Tasks\LaCieS => C:\Disk\WebService.exe [2018-02-01] (TODO: <Company name>)
Task: {A93E44B6-5F4D-49D9-9227-60115454A361} - System32\Tasks\VTsFYYvpoVEusFPoU2 => rundll32 "C:\Program Files (x86)\eDQUsUcxIryKmPtCCUR\svvgpCS.dll",#1
Task: {A9760919-CCC4-4B1D-B520-8BBA804FDC65} - System32\Tasks\Defender\CheckUpdate => C:\Users\Maršić\AppData\Local\Temp\MSBuild.exe <==== ATTENTION
Task: {A9B7AF09-73A6-4A6C-8597-441855D4DBAB} - System32\Tasks\OHurYzwpfZsLsh => rundll32 "C:\Program Files (x86)\pBsTWTvYOXtU2\SAxPlRSDaGhnP.dll",#1
Task: {AB1E8CCD-CAF8-4286-ACF8-AE597A0DCED2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-01-30] (HP Inc.)
Task: {AC3BE0C3-B07F-4320-B1F6-8C8D7E1B9E21} - System32\Tasks\GoogleUpdateSecurityTaskMachine_KL => C:\ProgramData\b52a424380034f7bbde952c054521b01\HandlerExecution.exe [2018-02-26] () <==== ATTENTION
Task: {B40423AE-4038-40DA-8526-66CCCC77D845} - System32\Tasks\wXkHuguozQzssiw2 => rundll32 "C:\Program Files (x86)\GveoMZenU\APRDGn.dll",#1
Task: {B5F6E9D0-5AE9-4ABD-85C2-D705CA2C800C} - System32\Tasks\{047EF151-B279-4C4F-934F-DCCB0C93BDBD} => C:\Program Files (x86)\OOKmyuwjhia.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
Task: {BA6764A8-B30C-4DBA-ABDD-49CE1685F6DC} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {BCEA391B-0453-4477-97E8-72355845A2DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {BDFDF79D-460F-4810-9DD5-A5758A3F05EA} - System32\Tasks\AddOnTop => C:\Windows\system32\rundll32.exe "C:\Program Files\AddOnTop\AddOnTop.dll",tJfIoBeinEsD <==== ATTENTION
Task: {C261D99D-4C79-4809-A345-CBC1C27CD307} - System32\Tasks\System Healer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe <==== ATTENTION
Task: {F6BDB4A7-9F04-4EBA-B9AF-A6520D75499B} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForMaršić.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 36762c8f-42c7-441b-b45f-32ee75f25122.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 681e7934-b354-4c00-b177-f27acf0f3da1.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-09-19 17:37 - 2012-09-19 17:37 - 000029960 _____ () C:\Windows\system32\BsTrace.dll
2012-09-19 17:37 - 2012-09-19 17:37 - 000363784 _____ () C:\Windows\system32\BsExtendFunc.dll
2018-02-26 19:18 - 2015-06-01 19:54 - 002509824 _____ () C:\Program Files\AddOnTop\AddOnTop.dll
2017-07-26 08:58 - 2017-07-26 08:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2014-08-31 16:34 - 2014-08-31 16:34 - 000329728 _____ () C:\Windows\appdata\taskmon.exe
2018-02-26 21:06 - 2018-02-27 18:01 - 000602624 _____ () C:\Windows\TEMP\gEC71.tmp.exe
2012-09-19 17:37 - 2012-09-19 17:37 - 000017160 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-03-26 16:33 - 2012-03-26 16:33 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-02-26 21:28 - 2018-02-26 21:28 - 000666112 _____ () C:\Program Files\0PKV5NOYXS\0PKV5NOYX.exe
2011-12-26 12:20 - 2011-12-26 12:20 - 000016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-03-29 22:07 - 2012-03-29 22:07 - 000369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-04-04 17:03 - 2011-12-05 15:27 - 000158536 _____ () C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll
2012-09-19 17:37 - 2012-09-19 17:37 - 000079624 _____ () C:\Windows\system32\BsProfilefunc.dll
2014-04-04 21:44 - 2014-04-04 21:44 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e1bd17ffd8353a6e353bfefc8a198f9d\IsdiInterop.ni.dll
2014-04-04 21:44 - 2012-02-01 16:25 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-04-04 17:14 - 2013-01-14 22:25 - 001200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-60233126-3472939666-3335248029-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-02-27 01:05 - 000008459 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 id.avast.com
127.0.0.1 s5355946.iavs9x.u.avast.com
127.0.0.1 s5355946.ivps9x.u.avast.com
127.0.0.1 s5355946.ivps9tiny.u.avast.com
127.0.0.1 s5355946.vpsnitro.u.avast.com
127.0.0.1 s5355946.vpsnitrotiny.u.avast.com
127.0.0.1 s5355946.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com
127.0.0.1 l2932126.iavs9x.u.avast.com
127.0.0.1 l2932126.ivps9x.u.avast.com
127.0.0.1 l2932126.ivps9tiny.u.avast.com
127.0.0.1 l2932126.vpsnitro.u.avast.com
127.0.0.1 l2932126.vpsnitrotiny.u.avast.com
127.0.0.1 l2932126.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com

There are 212 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-60233126-3472939666-3335248029-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Maršić\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B63F2EAE-1EB6-4A72-B10E-28701D6B2241}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{7C223C27-168E-4585-A2F1-234A5BBF5F09}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{720CE72A-7F60-4E4E-BAE1-9295874FC657}] => (Allow) C:\Users\Maršić\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{08E9208E-1BFF-415A-A611-75B336A81FDF}] => (Allow) C:\Users\Maršić\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{125FB5AC-705C-4E90-8FEA-B77017AF2909}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{1B8B047A-C0AE-476C-A732-2E288A03338D}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{155E67F5-BA3B-4084-A053-EE96FBFB88AC}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{36BE6AFC-41D2-40F1-B977-1D0319C12F0B}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{42E7F036-810E-4654-8C28-38F1F093A1D9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{27B1033E-F630-4B59-8792-FAFF8F1E0103}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{A5D4672B-3BB6-4712-B319-005BC7BC54E5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{40EA2AF5-3E2D-4F44-A616-6E5938539C00}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{E75B4C10-5181-452B-ABB2-6D7E2CED6B60}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{012305CD-501E-4AAD-B4F9-E3D3D344FCCA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2E70EF24-5BE4-4A78-97D8-AB98FB178E02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0DF788CC-9D10-490E-9B34-C22EF17CE285}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{CCDC693F-2368-4EB7-A11C-C8A329452AA3}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{F8031150-901C-474F-8695-668FBE09F92C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{4400D596-D335-4EF2-8F84-5A2427DB33EB}C:\users\maršić\appdata\roaming\utorrent\updates\3.5.0_44090.exe] => (Allow) C:\users\maršić\appdata\roaming\utorrent\updates\3.5.0_44090.exe
FirewallRules: [UDP Query User{2E41F4BE-C9E8-4553-B331-E839686F51E7}C:\users\maršić\appdata\roaming\utorrent\updates\3.5.0_44090.exe] => (Allow) C:\users\maršić\appdata\roaming\utorrent\updates\3.5.0_44090.exe
FirewallRules: [{9A5B901C-2DFB-48D9-A57D-F2BB72AEED2A}] => (Allow) C:\Users\Maršić\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{E56DB752-42CC-448A-A2E1-32414EE324C7}] => (Allow) C:\Users\Maršić\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{720B9B9F-667A-4B30-A9A7-B71D751552FC}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{BBF170AC-612B-49BD-A7B2-814D9551B004}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{DF8CF13B-4AED-43C0-9B77-F3FD4847BB87}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{73EE8EA6-876D-4754-BF8A-5A55CDA31D11}] => (Allow) C:\Windows\rss\csrss.exe
FirewallRules: [{6024A25F-02BA-4E5D-A86F-0F67E2E3354B}] => (Allow) C:\Windows\rss\csrss.exe
FirewallRules: [{BBE6077F-CEB4-44C9-A518-743A12B3D843}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{49383F5F-5F20-494D-8CED-EAD05218326D}] => (Allow) C:\Windows\System32\rundll32.exe

==================== Restore Points =========================

13-02-2018 17:34:48 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
13-02-2018 17:35:07 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
18-02-2018 19:18:10 Windows Backup
25-02-2018 19:00:19 Windows Backup
26-02-2018 19:29:27 Removed Validity Fingerprint Sensor Driver
26-02-2018 20:48:48 Windows Modules Installer

==================== Faulty Device Manager Devices =============

Name: Ralink Bluetooth 4.0 Adapter
Description: Ralink Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Ralink Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2018 06:21:53 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (02/27/2018 06:01:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: g779E.tmp.exe, version: 0.0.0.0, time stamp: 0x5a934d11
Faulting module name: g779E.tmp.exe, version: 0.0.0.0, time stamp: 0x5a934d11
Exception code: 0xc0000409
Fault offset: 0x0000000000014d43
Faulting process id: 0xae4
Faulting application start time: 0x01d3afec95f20333
Faulting application path: C:\Windows\TEMP\g779E.tmp.exe
Faulting module path: C:\Windows\TEMP\g779E.tmp.exe
Report Id: e9ec57d1-1bdf-11e8-a4a5-b4b52f90fe86

Error: (02/27/2018 06:01:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/27/2018 06:01:11 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (02/27/2018 01:39:13 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Windows\SysWOW64\tracert.exe".Error in manifest or policy file "C:\Windows\SysWOW64\tracert.exe" on line 0.
Invalid Xml syntax.

Error: (02/27/2018 01:39:11 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Windows\SysWOW64\tracert.exe".Error in manifest or policy file "C:\Windows\SysWOW64\tracert.exe" on line 0.
Invalid Xml syntax.

Error: (02/27/2018 01:30:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: g779E.tmp.exe, version: 0.0.0.0, time stamp: 0x5a934d11
Faulting module name: g779E.tmp.exe, version: 0.0.0.0, time stamp: 0x5a934d11
Exception code: 0xc0000409
Fault offset: 0x0000000000014d43
Faulting process id: 0x12d0
Faulting application start time: 0x01d3af6210bf6d97
Faulting application path: C:\Windows\TEMP\g779E.tmp.exe
Faulting module path: C:\Windows\TEMP\g779E.tmp.exe
Report Id: 65c05506-1b55-11e8-bba8-b4b52f90fe86

Error: (02/27/2018 01:29:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (02/27/2018 06:21:53 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
"5"
Happened while starting this command:
C:\Windows\System32\slui.exe -Embedding

Error: (02/27/2018 06:01:09 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800652d890, 0xfffffa800652db70, 0xfffff80002382f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022718-26161-01.

Error: (02/27/2018 06:01:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:10:03 on ‎27.‎2.‎2018. was unexpected.

Error: (02/27/2018 01:39:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/27/2018 01:05:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (02/27/2018 01:03:01 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800d691060, 0xfffffa800d691340, 0xfffff800023d6f40). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022718-22994-01.

Error: (02/27/2018 01:02:56 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 0:48:51 on ‎27.‎2.‎2018. was unexpected.

Error: (02/27/2018 12:48:01 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2020M @ 2.40GHz
Percentage of memory in use: 29%
Total physical RAM: 6023.49 MB
Available physical RAM: 4231.55 MB
Total Virtual: 12045.17 MB
Available Virtual: 9964.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:120.89 GB) (Free:43.85 GB) NTFS
Drive e: () (Fixed) (Total:575.64 GB) (Free:79.94 GB) NTFS

\\?\Volume{8a62d594-bb58-11e3-9478-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: A82B0268)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=120.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=575.6 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 PM

Posted 27 February 2018 - 02:38 PM

What program did you download a keygen for?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Jammedz

Jammedz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 27 February 2018 - 02:40 PM

Guitar pro 7

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 PM

Posted 27 February 2018 - 03:00 PM

Thank you.

Please run this for me.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ckfiles log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Jammedz

Jammedz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 27 February 2018 - 03:45 PM

I've downloaded it from healthy computer and transferred it by USB. I couldnt download it on infected computer. I Explorer 9 blocked the download: "This unsafe download was blocked by SmartScreenFilter". And here are the results:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\my documents\prčkarije\prčke\coolmp3splitterv1.21crackeminence.zip
c:\my documents\prčkarije\prčke\coolmp3splitterv1.21crackmabi.zip
c:\my documents\prčkarije\prčke\coolmp3splitterv1.21crackeminence\file_id.diz
c:\my documents\prčkarije\prčke\coolmp3splitterv1.21crackeminence\keygen.nfo
c:\my documents\prčkarije\prčke\coolmp3splitterv1.21crackeminence\release.nfo
c:\program files\bitdefender antivirus free\kitinstaller\crypt.dll
c:\removewat 2.2.6\readme.txt
c:\removewat 2.2.6\removewat.exe
c:\users\maršić\appdata\roaming\utorrent\guitar pro 6 with crack.torrent
c:\users\maršić\appdata\roaming\utorrent\spyhunter fully cracked and working.torrent
c:\users\maršić\documents\image-line\data\drumaxx\drum patches\sound fx\crack.dmpatch
c:\users\maršić\documents\image-line\data\hardcore\default\i cracked my tube!.hdprg
c:\users\maršić\documents\image-line\data\sawer\ambient\mc cracked.sawer
c:\users\maršić\music\guitar_pro_7_crack.rar
c:\windows\system32\slmgr.vbs.removewat
c:\windows\syswow64\slmgr.vbs.removewat
scanner sequence 3.HH.11.OUAPHZ
 ----- EOF -----
 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 PM

Posted 27 February 2018 - 03:51 PM

Thank you.

I need to be away for a couple of hours but please do this.

===================================================

MGADiag Tool

-------------------
  • Download MGADiag Tool and save it to your desktop
  • Double click the icon then if necessary click OK on the Executable File warning
  • Click Run, then Continue
  • Once completed a Microsoft Genuine Advantage Diagnostic Tool screen will open
  • Click the Windows tab and click Copy
  • Paste the information in your reply

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Jammedz

Jammedz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 28 February 2018 - 04:04 PM

Is it smart to run this tool if Windows is not genuine? :/



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 PM

Posted 28 February 2018 - 04:45 PM

Well I was trying to give you the benefit of the doubt because I suspected it was not genuine. Unfortunately without a valid Windows OS I will be unable to assist you. However, I will tell you your computer is highly infected and there is evidence of a Backdoor Trojan.

 

If you are able to install a valid Operating System and want some assistance I would be more than happy to help you. If not I will have to close this topic.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 PM

Posted 03 March 2018 - 12:48 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Jammedz

Jammedz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 04 March 2018 - 02:05 AM

I've tried to get a genuine windows copy and saw that windows 10 is free. So i'll try to format C disc and install win10. Hope that will work and that my D partition is malware free

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 PM

Posted 04 March 2018 - 10:27 AM

Windows 10 is only "free" if you have a valid product key for Windows 7 and up.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 PM

Posted 05 March 2018 - 10:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users