Reinstall

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • mawlol
    PCHF Member
    • Jul 2017
    • 5

    #1

    Reinstall

    Hello, today I’ve tried to reinstall windows (I got adware on PC that I just can’t figure it out how to remove) so im forced to do reinstall. Basicly what I did I made a bootable USB from ISO using “Windows 7 USB dw download tool” and when I tried to put in BIOS to boot from USB all of the sudden it doesn’t show up USB anymore. I’ve read on forums that it’s probably due to me having windows 7 Ultimate but booting in UEFI instead of Legacy boot, I’ve tried to swich up to legacy but all instrucitons are for windows 8 and I have windows 7 atm. Im not sure what to do now and I would appriciate some help.
  • Rustys
    PCHF Member
    • Jul 2016
    • 7862

    #2
    Hello Mawlol and welcome to the site.
    1. Make and Model of the system.
    2. Have you talked to our Security team to see if they can help you remove the ad ware form the system.
    3. Where did the Windows 7 come?
    4. Have you tried the systems built in recovery partition?

    Comment

    • mawlol
      PCHF Member
      • Jul 2017
      • 5

      #3
      If it’s possible I would like to remove malware instead of reinstalling for sure, just I tried many antimalware programs and none of them seemed to help but if you could redirrect me to them I would apriciate that. I can make Model of System but you will have to tell me how since I never did it before.

      Comment

      • Rustys
        PCHF Member
        • Jul 2016
        • 7862

        #4
        Not a problem let me move the thread and notify them that you are there.

        Understand that they are located indifferent parts of the world and could take a bit of time for one to respond while you wait look through the following Information Threads.

        Comment

        • jmarket
          PCHF Owner
          • Jan 2015
          • 7635

          #5
          Hi mawlol and welcome to PCHF

          Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

          If you are unsure if your operating system is 32 or 64 Bit please go HERE.

          Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu.



          If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
          Frst will open with two dialogue boxes, accept the disclaimer.


          Accept the default whitelist options,
          If the additions.txt options box is not checked please select it.
          Then select “Scan”



          Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



          Please Copy and Paste the contents of these logs in your next post for review by our Security Team

          Comment

          • mawlol
            PCHF Member
            • Jul 2017
            • 5

            #6
            I’ve read prework thread so I suppose you need this

            FRST
            Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017
            Ran by Danijel (administrator) on DANIJEL-PC (23-07-2017 19:10:45)
            Running from C:\Users\Danijel\Desktop
            Loaded Profiles: Danijel (Available Profiles: Danijel)
            Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
            Internet Explorer Version 8 (Default browser: FF)
            Boot Mode: Normal
            Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

            ==================== Processes (Whitelisted) =================

            (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

            (AMD) C:\Windows\System32\atiesrxx.exe
            (AMD) C:\Windows\System32\atieclxx.exe
            (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
            (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
            (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
            (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
            (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
            (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
            (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
            (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
            (CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
            (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
            (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
            (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
            (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
            (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
            (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
            (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
            (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
            (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
            (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

            ==================== Registry (Whitelisted) ====================

            (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

            HKLM...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
            HKLM...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-07-03] (AVG Technologies CZ, s.r.o.)
            HKLM...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-07-19] (AVG Technologies CZ, s.r.o.)
            HKLM...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
            HKLM-x32...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-07-03] (AVG Technologies CZ, s.r.o.)
            HKLM-x32...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
            HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
            HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
            HKU\S-1-5-21-4218728406-1097614046-610063632-1000...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
            HKU\S-1-5-21-4218728406-1097614046-610063632-1000...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
            HKU\S-1-5-21-4218728406-1097614046-610063632-1000...\Run: [uTorrent] => C:\Users\Danijel\AppData\Roaming\uTorrent\uTorrent .exe [2150336 2017-07-20] (BitTorrent Inc.)
            HKU\S-1-5-21-4218728406-1097614046-610063632-1000...\Policies\Explorer:
            BootExecute: autocheck autochk * Partizan

            ==================== Internet (Whitelisted) ====================

            (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

            Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
            Tcpip\Parameters: [DhcpNameServer] 192.168.5.1
            Tcpip..\Interfaces{75F1234D-0A07-4D4B-A460-26BBEB6B3DED}: [DhcpNameServer] 192.168.42.129
            Tcpip..\Interfaces{E6CF4FE9-D2BF-417A-897E-ABA93DF3BD10}: [DhcpNameServer] 192.168.5.1
            [HEADING=1]Internet Explorer:[/HEADING]
            HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
            BHO: Lync Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → D:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
            BHO: No Name → {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} → No File
            BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-29] (Oracle Corporation)
            BHO: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
            BHO: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → D:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
            BHO: Microsoft SkyDrive Pro Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → D:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
            BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-29] (Oracle Corporation)
            BHO-x32: Lync Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
            BHO-x32: No Name → {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} → No File
            BHO-x32: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
            BHO-x32: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
            BHO-x32: Microsoft SkyDrive Pro Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
            Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
            Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
            Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
            Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
            Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
            Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
            Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
            Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
            Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
            [HEADING=1]FireFox:[/HEADING]
            FF ProfilePath: C:\Users\Danijel\AppData\Roaming\Mozilla\Firefox\P rofiles\f7ch90oj.default [2017-07-23]
            FF user.js: detected! => C:\Users\Danijel\AppData\Roaming\Mozilla\Firefox\P rofiles\f7ch90oj.default\user.js [2017-07-12]
            FF Session Restore: Mozilla\Firefox\Profiles\f7ch90oj.default → is enabled.
            FF SearchPlugin: C:\Users\Danijel\AppData\Roaming\Mozilla\Firefox\P rofiles\f7ch90oj.default\searchplugins\avg-secure-search.xml [2017-07-19]
            FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_ 137.dll [2017-07-11] ()
            FF Plugin: @java.com/DTPlugin,version=11.131.2 → C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1 .dll [2017-04-29] (Oracle Corporation)
            FF Plugin: @java.com/JavaPlugin,version=11.131.2 → C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-29] (Oracle Corporation)
            FF Plugin: @microsoft.com/SharePoint,version=14.0 → D:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
            FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_ 137.dll [2017-07-11] ()
            FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin → C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\npsitesafety.dll [No File]
            FF Plugin-x32: @microsoft.com/Lync,version=15.0 → C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
            FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
            FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
            FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
            FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
            FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
            FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
            FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
            [HEADING=1]Chrome:[/HEADING]
            CHR HomePage: Default → hxxp://www.facebook.com/
            CHR Session Restore: Default → is enabled.
            CHR Profile: C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default [2017-07-23]
            CHR Extension: (Google Drive) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-12-04]
            CHR Extension: (YouTube) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-12-04]
            CHR Extension: (Cat) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fimkgcpmlbkeehbjhnijoginof bdgbdk [2017-07-19]
            CHR Extension: (AdBlock) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom [2017-07-19]
            CHR Extension: (Chrome Web Store Payments) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-03-20]
            CHR Extension: (9gag Night Mode) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdoebgohinaejdpncadbahijij goffke [2017-06-17]
            CHR Extension: (Gmail) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2016-12-04]
            CHR Extension: (Chrome Media Router) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-07-14]

            ==================== Services (Whitelisted) ====================

            (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

            R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
            R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
            R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [312712 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-07-03] (AVG Technologies CZ, s.r.o.)
            R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [91184 2017-05-03] (CyberGhost S.R.L)
            S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-07-17] (Overwolf LTD)
            S3 SoundBoosterService; D:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe [113336 2017-06-06] (Letasoft)
            S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [883896 2017-07-20] (Enigma Software Group USA, LLC.)
            S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
            R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)

            ===================== Drivers (Whitelisted) ======================

            (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

            R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
            R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
            R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [313616 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-07-19] (AVG Technologies CZ, s.r.o.)
            S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [139112 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2017-04-21] (AVG Technologies CZ, s.r.o.)
            R1 avgNetSec; C:\Windows\system32\drivers\avgNetSec.sys [546968 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [578048 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [191208 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [353744 2017-07-19] (AVG Technologies CZ, s.r.o.)
            R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2017-07-20] (Enigma Software Group USA, LLC.)
            S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2017-07-20] ()
            U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-07-19] (Greatis Software)
            R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-07-19] (Zemana Ltd.)
            R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-07-19] (Zemana Ltd.)

            ==================== NetSvcs (Whitelisted) ===================

            (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

            ==================== One Month Created files and folders ========

            (If an entry is included in the fixlist, the file/folder will be moved.)

            2017-07-23 19:11 - 2017-07-23 19:11 - 05200384 _____ (AVAST Software) C:\Users\Danijel\Downloads\aswmbr.exe
            2017-07-23 19:10 - 2017-07-23 19:11 - 00017195 _____ C:\Users\Danijel\Desktop\FRST.txt
            2017-07-23 19:10 - 2017-07-23 19:10 - 00000000 ____D C:\FRST
            2017-07-23 19:09 - 2017-07-23 19:09 - 02382336 _____ (Farbar) C:\Users\Danijel\Downloads\FRST64 (1).exe
            2017-07-23 19:09 - 2017-07-23 19:09 - 02382336 _____ (Farbar) C:\Users\Danijel\Desktop\FRST64.exe
            2017-07-23 15:59 - 2017-07-23 15:59 - 00000104 _____ C:\Users\Danijel\Desktop\Control Panel - Shortcut.lnk
            2017-07-23 15:29 - 2017-07-23 15:46 - 00000000 ____D C:\Users\Danijel\AppData\Local\Apps\Windows 7 USB DVD Download Tool
            2017-07-23 15:29 - 2017-07-23 15:29 - 00002530 _____ C:\Users\Danijel\Desktop\Windows 7 USB DVD Download Tool.lnk
            2017-07-23 15:29 - 2017-07-23 15:29 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Windows 7 USB DVD Download Tool
            2017-07-23 15:06 - 2017-07-23 15:20 - 00001908 _____ C:\Windows\diagwrn.xml
            2017-07-23 15:06 - 2017-07-23 15:20 - 00001908 _____ C:\Windows\diagerr.xml
            2017-07-23 14:45 - 2017-07-23 14:46 - 00000000 ____D C:\Users\Danijel\Desktop\reinstall
            2017-07-23 14:17 - 2017-07-23 14:49 - 00000000 ____D C:\Users\Danijel\Desktop\Danijel reinstalll
            2017-07-23 14:17 - 2017-07-23 14:22 - 00000000 ____D C:\Users\Danijel\Desktop\tata reinstall
            2017-07-22 09:11 - 2017-07-22 09:12 - 04121760 _____ (Husdawg, LLC) C:\Users\Danijel\Downloads\Detection.exe
            2017-07-20 13:48 - 2017-07-23 14:35 - 00000000 ____D C:\Users\Danijel\Desktop\Windows Loader v2.2.2
            2017-07-20 13:39 - 2017-07-23 14:38 - 00000000 ____D C:\Users\Danijel\Desktop\Windows 7 SP1 Ultimate (64 Bit)
            2017-07-20 13:37 - 2017-07-20 13:37 - 01733104 _____ (BitTorrent Inc.) C:\Users\Danijel\Downloads\uTorrent.exe
            2017-07-20 13:37 - 2017-07-20 13:37 - 00000855 _____ C:\Users\Danijel\Desktop\µTorrent.lnk
            2017-07-20 13:37 - 2017-07-20 13:37 - 00000835 _____ C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\µTorrent.lnk
            2017-07-20 11:24 - 2017-07-20 11:24 - 00000000 _____ C:\autoexec.bat
            2017-07-20 11:23 - 2017-07-23 14:34 - 00001131 _____ C:\Users\Danijel\Desktop\SpyHunter.lnk
            2017-07-20 11:23 - 2017-07-20 11:23 - 00003338 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
            2017-07-20 11:23 - 2017-07-20 11:23 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\SpyHunter
            2017-07-20 11:23 - 2017-07-20 11:23 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Enigma Software Group
            2017-07-20 11:23 - 2017-07-20 11:23 - 00000000 ____D C:\sh4ldr
            2017-07-20 11:19 - 2017-07-23 15:24 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
            2017-07-20 11:19 - 2017-07-20 11:19 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
            2017-07-20 11:19 - 2017-07-20 11:19 - 00003144 _____ C:\Windows\System32\Tasks{95B59E6D-A533-40CF-B14D-A77BD97AA386}
            2017-07-20 11:19 - 2017-07-20 11:19 - 00000000 ____D C:\Program Files\Enigma Software Group
            2017-07-20 11:19 - 2017-07-20 08:57 - 02755584 _____ C:\Users\Danijel\Desktop\SH-Alt-Install.exe
            2017-07-20 01:59 - 2017-07-23 16:28 - 00000250 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
            2017-07-20 01:56 - 2017-07-20 01:56 - 00000000 ____D C:@RestoreQuarantine
            2017-07-19 23:57 - 2017-07-19 23:57 - 00000000 ____D C:\ProgramData\RegRun
            2017-07-19 23:55 - 2017-07-19 23:55 - 00040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
            2017-07-19 23:54 - 2017-07-23 15:41 - 00000000 ____D C:\Users\Public\Documents\regruninfo
            2017-07-19 23:54 - 2017-07-23 15:38 - 00000000 ____D C:\Users\Danijel\Documents\RegRun2
            2017-07-19 23:54 - 2017-07-19 23:58 - 00000000 ____D C:\Program Files (x86)\UnHackMe
            2017-07-19 23:54 - 2017-07-19 23:54 - 00003332 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
            2017-07-19 23:54 - 2017-07-19 23:54 - 00001007 _____ C:\Users\Danijel\Desktop\UnHackMe.lnk
            2017-07-19 23:54 - 2017-07-19 23:54 - 00000002 RSHOT C:\Windows\winstart.bat
            2017-07-19 23:54 - 2017-07-19 23:54 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
            2017-07-19 23:54 - 2017-07-19 23:54 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
            2017-07-19 23:54 - 2017-07-19 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
            2017-07-19 23:54 - 2017-06-22 15:03 - 00014984 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
            2017-07-19 23:54 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
            2017-07-19 23:53 - 2017-07-19 23:53 - 18781709 _____ C:\Users\Danijel\Downloads\unhackme.zip
            2017-07-19 20:20 - 2017-07-19 20:20 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Danijel\Downloads\rkill.exe
            2017-07-19 18:13 - 2017-07-23 19:10 - 00213016 _____ C:\Windows\ZAM.krnl.trace
            2017-07-19 18:13 - 2017-07-23 19:10 - 00045210 _____ C:\Windows\ZAM_Guard.krnl.trace
            2017-07-19 18:13 - 2017-07-19 18:13 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
            2017-07-19 18:13 - 2017-07-19 18:13 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
            2017-07-19 18:13 - 2017-07-19 18:13 - 00001148 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
            2017-07-19 18:13 - 2017-07-19 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
            2017-07-19 18:13 - 2017-07-19 18:13 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
            2017-07-19 18:08 - 2017-07-19 18:08 - 00000000 ____D C:\Users\Danijel\AppData\Local\Zemana
            2017-07-19 18:07 - 2017-07-19 18:08 - 06589840 _____ (Zemana Ltd. ) C:\Users\Danijel\Downloads\Zemana.AntiMalware.Setu p (1).exe
            2017-07-19 18:07 - 2017-07-19 18:07 - 06589840 _____ (Zemana Ltd. ) C:\Users\Danijel\Downloads\Zemana.AntiMalware.Setu p.exe
            2017-07-19 18:01 - 2017-07-19 18:01 - 03626104 _____ (Google) C:\Users\Danijel\Downloads\chrome_cleanup_tool.exe
            2017-07-19 17:59 - 2017-07-19 17:59 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
            2017-07-19 17:54 - 2017-07-19 18:00 - 00000000 ____D C:\ProgramData\HitmanPro
            2017-07-19 17:54 - 2017-07-19 17:54 - 11584088 _____ (SurfRight B.V.) C:\Users\Danijel\Downloads\hitmanpro_x64.exe
            2017-07-19 10:59 - 2017-07-19 10:59 - 00001733 _____ C:\Users\Danijel\Desktop\chrome - Shortcut.lnk
            2017-07-19 10:26 - 2017-07-19 10:26 - 65033984 _____ (Malwarebytes ) C:\Users\Danijel\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
            2017-07-19 10:18 - 2017-07-19 10:18 - 00000000 ___SD C:\Users\Danijel\AppData\LocalLow\Temp
            2017-07-19 10:17 - 2017-07-19 10:17 - 00000004 _____ C:\ProgramData_lg.3sap
            2017-07-19 10:14 - 2017-07-19 10:14 - 00000000 ___HD C:$AV_AVG
            2017-07-19 10:11 - 2017-07-20 01:54 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\samika
            2017-07-19 10:11 - 2017-07-19 10:31 - 00000000 ____D C:\ProgramData\WindowsErrorReporting
            2017-07-19 10:11 - 2017-07-19 10:11 - 00002058 _____ C:\Users\Public\Desktop\VERWOL~1.del
            2017-07-19 10:11 - 2017-07-19 10:11 - 00001437 ___RS C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Intеrnеt Еxplorer.lnk
            2017-07-19 10:11 - 2017-07-19 10:11 - 00001433 ___RS C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Intеrnеt Exрlorеr (64-bit).lnk
            2017-07-19 10:11 - 2017-07-19 10:11 - 00001255 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefох.lnk
            2017-07-19 10:11 - 2017-07-19 10:11 - 00001225 _____ C:\Users\Public\Desktop\ZILLFI~1.del
            2017-07-19 10:11 - 2017-07-19 10:11 - 00001196 _____ C:\Users\Public\Desktop\ATTLEN~1.del
            2017-07-19 10:11 - 2017-07-19 10:11 - 00001181 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk
            2017-07-19 10:11 - 2017-07-19 10:11 - 00000000 ____D C:\Program Files\P9QABSMQ36
            2017-07-19 10:10 - 2017-07-19 10:10 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
            2017-07-19 09:59 - 2017-07-19 17:45 - 00000008 __RSH C:\ProgramData\ntuser.pol
            2017-07-19 09:48 - 2017-07-19 09:48 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
            2017-07-17 14:39 - 2017-07-17 14:39 - 00000794 _____ C:\Users\Public\Desktop\Letasoft Sound Booster.lnk
            2017-07-17 14:39 - 2017-07-17 14:39 - 00000037 ___SH C:\Users\Danijel\AppData\Local\20986331705021ca58e dc424.96250074
            2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 __SHD C:\Users\Danijel\AppData\Local\icsxml
            2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Letasoft
            2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Letasoft Sound Booster
            2017-07-17 14:38 - 2017-07-17 14:38 - 07555024 _____ (Letasoft LLC ) C:\Users\Danijel\Downloads\SoundBoosterSetup.exe
            2017-07-13 19:02 - 2017-07-13 19:02 - 00327585 _____ C:\Users\Danijel\Downloads\01-2.dwg
            2017-07-09 23:24 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
            2017-07-09 23:24 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
            2017-07-09 23:24 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
            2017-07-09 23:24 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
            2017-07-09 23:24 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
            2017-07-09 23:24 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
            2017-07-09 23:24 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
            2017-07-09 23:24 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
            2017-07-09 23:24 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
            2017-07-09 23:24 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
            2017-07-09 23:24 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
            2017-07-09 23:24 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
            2017-07-09 23:24 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
            2017-07-09 23:24 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
            2017-07-09 23:24 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
            2017-07-09 23:24 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
            2017-07-09 23:24 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
            2017-07-09 23:24 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
            2017-07-09 23:24 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
            2017-07-09 23:24 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
            2017-07-09 23:24 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
            2017-07-09 23:24 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
            2017-07-09 23:24 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
            2017-07-09 23:24 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
            2017-07-09 23:24 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
            2017-07-09 23:24 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
            2017-07-09 23:24 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
            2017-07-09 23:24 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
            2017-07-09 23:24 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
            2017-07-09 23:24 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
            2017-07-09 23:24 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
            2017-07-09 23:24 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
            2017-07-09 23:24 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
            2017-07-09 23:24 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
            2017-07-09 23:24 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
            2017-07-09 23:24 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
            2017-07-09 23:24 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
            2017-07-09 23:24 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
            2017-07-09 23:24 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
            2017-07-09 23:24 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
            2017-07-09 23:24 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
            2017-07-09 23:24 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
            2017-07-09 23:23 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
            2017-07-09 23:23 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
            2017-07-09 23:23 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
            2017-07-09 23:23 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
            2017-07-09 23:23 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
            2017-07-09 23:23 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
            2017-07-09 23:23 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
            2017-07-09 23:23 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
            2017-07-09 23:23 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
            2017-07-09 23:23 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
            2017-07-09 23:23 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
            2017-07-09 23:23 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
            2017-07-09 23:23 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
            2017-07-09 23:23 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
            2017-07-09 23:23 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
            2017-07-09 23:23 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
            2017-07-09 23:23 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
            2017-07-09 23:23 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
            2017-07-09 23:23 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
            2017-07-09 23:23 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
            2017-07-09 23:23 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
            2017-07-09 23:23 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
            2017-07-09 23:23 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
            2017-07-09 23:23 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
            2017-07-09 23:23 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
            2017-07-09 23:23 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
            2017-07-09 23:23 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
            2017-07-09 23:23 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
            2017-07-09 23:23 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
            2017-07-09 23:23 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
            2017-07-09 23:23 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
            2017-07-09 23:23 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
            2017-07-09 23:23 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
            2017-07-09 23:23 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
            2017-07-09 23:23 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
            2017-07-09 23:23 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
            2017-07-09 23:23 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
            2017-07-09 23:23 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
            2017-07-09 23:23 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
            2017-07-09 23:23 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
            2017-07-09 23:23 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
            2017-07-09 23:23 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
            2017-07-09 23:23 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
            2017-07-09 23:23 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
            2017-07-09 23:23 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
            2017-07-09 23:23 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
            2017-07-09 23:23 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
            2017-07-09 23:23 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
            2017-07-09 23:23 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
            2017-07-09 23:23 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
            2017-07-09 23:23 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
            2017-07-09 23:23 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
            2017-07-09 23:23 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
            2017-07-09 23:23 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
            2017-07-09 23:23 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
            2017-07-09 23:23 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
            2017-07-09 23:23 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
            2017-07-09 23:23 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
            2017-07-09 23:23 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
            2017-07-09 23:23 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
            2017-07-09 23:23 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
            2017-07-09 23:23 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
            2017-07-09 23:23 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
            2017-07-09 23:23 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
            2017-07-09 23:23 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
            2017-07-09 23:23 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
            2017-07-09 23:23 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
            2017-07-09 23:23 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
            2017-07-09 23:23 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
            2017-07-09 23:23 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
            2017-07-09 23:23 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
            2017-07-09 23:23 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
            2017-07-09 23:23 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
            2017-07-09 23:23 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
            2017-07-09 23:23 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
            2017-07-09 23:23 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
            2017-07-09 23:23 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
            2017-07-09 23:23 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
            2017-07-09 23:23 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
            2017-07-09 23:23 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
            2017-07-09 23:23 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
            2017-07-09 23:23 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
            2017-07-09 23:23 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
            2017-07-09 23:23 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
            2017-07-09 23:23 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
            2017-07-09 23:23 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
            2017-07-09 23:23 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
            2017-07-09 23:23 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
            2017-07-09 23:23 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
            2017-07-09 23:23 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
            2017-07-09 23:23 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
            2017-07-09 23:23 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
            2017-07-09 23:23 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
            2017-07-09 23:23 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
            2017-07-09 23:23 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
            2017-07-09 23:23 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
            2017-07-09 23:23 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
            2017-07-09 23:23 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
            2017-07-09 23:23 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
            2017-07-09 23:23 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
            2017-07-09 23:23 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
            2017-07-09 23:23 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
            2017-07-09 23:23 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
            2017-07-09 23:23 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
            2017-07-09 23:23 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
            2017-07-09 23:23 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
            2017-07-09 23:23 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
            2017-07-09 23:23 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
            2017-07-09 23:23 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
            2017-07-09 23:23 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
            2017-07-09 23:23 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
            2017-07-09 23:23 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
            2017-07-09 23:15 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
            2017-07-09 23:15 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
            2017-07-09 23:15 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
            2017-07-09 22:27 - 2017-07-09 22:27 - 01446792 _____ C:\Users\Danijel\Downloads\SteamSetup.exe
            2017-07-09 22:27 - 2017-07-09 22:27 - 00000680 _____ C:\Users\Public\Desktop\Steam.lnk
            2017-07-09 13:45 - 2017-07-23 13:44 - 00000000 ____D C:\Users\Danijel\Documents\slike tata more
            2017-07-09 10:33 - 2017-07-11 19:44 - 00000000 ____D C:\Users\Danijel\Desktop\Barnjak primjenjena
            2017-07-05 17:24 - 2017-07-20 01:24 - 00000000 ____D C:\Program Files (x86)\Overwolf
            2017-07-05 17:24 - 2017-07-19 10:11 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Overwolf
            2017-07-05 17:24 - 2017-07-05 17:26 - 00000000 ____D C:\ProgramData\Overwolf
            2017-07-05 17:24 - 2017-07-05 17:24 - 00004304 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
            2017-07-05 17:24 - 2017-07-05 17:24 - 00001081 ____H C:\Users\Public\Desktop\Overwolf.lnk
            2017-07-05 17:23 - 2017-07-06 10:54 - 00000000 ____D C:\Users\Danijel\AppData\Local\Overwolf
            2017-07-05 17:20 - 2017-07-05 17:21 - 00925752 _____ (Overwolf Ltd.) C:\Users\Danijel\Downloads\OverwolfInstaller.exe
            2017-06-30 23:27 - 2017-07-11 17:37 - 00000000 ____D C:\Users\Danijel\Desktop\begić primjenjena
            2017-06-26 16:32 - 2017-06-27 09:04 - 00000000 ____D C:\Users\Danijel\AppData\Local\CyberGhost
            2017-06-26 16:31 - 2017-06-30 11:43 - 00001772 _____ C:\Users\Danijel\Desktop\CyberGhost 6.lnk
            2017-06-26 16:31 - 2017-06-26 16:32 - 00000000 ____D C:\Program Files\CyberGhost 6
            2017-06-26 16:31 - 2017-06-26 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
            2017-06-25 19:41 - 2017-06-25 19:41 - 00316785 _____ C:\Users\Danijel\Documents(1) Zavrsni rad.pdf
            2017-06-25 12:37 - 2017-06-25 12:37 - 00000000 ____D C:\Users\Danijel\Documents\Custom Office Templates

            ==================== One Month Modified files and folders ========

            (If an entry is included in the fixlist, the file/folder will be moved.)

            2017-07-23 18:28 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
            2017-07-23 18:28 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
            2017-07-23 17:38 - 2016-12-04 20:56 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\uTorrent
            2017-07-23 16:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
            2017-07-23 16:11 - 2016-12-04 20:44 - 00065536 _____ C:\Windows\system32\spu_storage.bin
            2017-07-23 15:30 - 2016-12-04 20:56 - 00000000 ____D C:\Users\Danijel\AppData\LocalLow\Mozilla
            2017-07-23 15:19 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
            2017-07-23 15:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
            2017-07-19 20:40 - 2016-12-04 17:44 - 00000000 ____D C:\Users\Danijel
            2017-07-19 18:01 - 2016-12-04 18:04 - 00000000 ____D C:\Users\Danijel\AppData\Local\Google
            2017-07-19 17:51 - 2016-12-05 02:40 - 00000000 ____D C:\Windows\Panther
            2017-07-19 17:50 - 2016-12-04 19:42 - 00000000 ____D C:\Program Files\CCleaner
            2017-07-19 10:11 - 2017-06-20 14:09 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps
            2017-07-19 10:11 - 2016-12-04 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
            2017-07-19 10:11 - 2016-12-04 19:03 - 00000000 ____D C:\ProgramData\Package Cache
            2017-07-19 09:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
            2017-07-19 09:48 - 2017-04-21 03:34 - 00546968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetSec.sys
            2017-07-19 09:48 - 2017-04-21 03:32 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
            2017-07-19 09:48 - 2017-04-21 03:32 - 00578048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
            2017-07-19 09:48 - 2017-04-21 03:32 - 00353744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
            2017-07-19 09:48 - 2017-04-21 03:32 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
            2017-07-19 09:48 - 2017-04-21 03:32 - 00313616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
            2017-07-19 09:48 - 2017-04-21 03:32 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
            2017-07-19 09:48 - 2017-04-21 03:32 - 00191208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
            2017-07-19 09:48 - 2017-04-21 03:32 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
            2017-07-19 09:48 - 2017-04-21 03:32 - 00139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys.15004505 2449901
            2017-07-19 09:48 - 2017-04-21 03:32 - 00139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys
            2017-07-19 09:48 - 2017-04-21 03:32 - 00102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
            2017-07-19 09:48 - 2017-04-21 03:32 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
            2017-07-19 09:48 - 2017-04-21 03:32 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
            2017-07-19 09:48 - 2017-04-21 03:32 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
            2017-07-19 09:48 - 2017-04-21 03:32 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
            2017-07-19 01:56 - 2016-12-04 22:00 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Skype
            2017-07-17 08:25 - 2017-05-03 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
            2017-07-17 08:25 - 2016-12-04 18:34 - 00001008 _____ C:\Users\Public\Desktop\AVG.lnk
            2017-07-15 11:45 - 2016-12-04 19:09 - 00000000 ____D C:\Users\Danijel\AppData\Local\Battle.net
            2017-07-13 19:04 - 2016-12-04 21:47 - 00000000 ____D C:\Users\Danijel\AppData\Local\cache
            2017-07-13 00:24 - 2016-12-04 20:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
            2017-07-11 20:02 - 2017-02-09 21:32 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
            2017-07-11 20:02 - 2017-02-09 21:32 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
            2017-07-11 20:02 - 2017-02-09 21:32 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
            2017-07-11 20:02 - 2017-02-09 21:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
            2017-07-11 20:02 - 2017-02-09 21:32 - 00000000 ____D C:\Windows\system32\Macromed
            2017-07-11 10:47 - 2016-12-04 21:08 - 00000000 ____D C:\Users\Danijel\AppData\Local\Microsoft Help
            2017-07-09 22:31 - 2016-12-04 23:18 - 00000000 ____D C:\Users\Danijel\AppData\Local\Steam
            2017-07-09 22:27 - 2016-12-04 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
            2017-07-09 09:19 - 2009-07-14 07:08 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
            2017-07-06 10:54 - 2016-12-04 18:32 - 00000000 ____D C:\Users\Danijel\AppData\Local\Avg
            2017-07-05 11:33 - 2017-04-21 03:32 - 00353232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys.14992472550 8804
            2017-07-01 19:21 - 2016-12-04 22:00 - 00000000 ___RD C:\Program Files (x86)\Skype
            2017-07-01 19:21 - 2016-12-04 22:00 - 00000000 ____D C:\ProgramData\Skype
            2017-07-01 10:35 - 2016-12-04 20:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
            2017-07-01 10:35 - 2016-12-04 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
            2017-06-28 00:20 - 2016-12-04 18:05 - 00002195 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
            2017-06-28 00:20 - 2016-12-04 18:05 - 00002183 ____H C:\Users\Public\Desktop\Google Chrome.lnk
            2017-06-26 16:32 - 2016-12-04 17:44 - 00000000 ____D C:\Users\Danijel\AppData\Local\VirtualStore

            ==================== Files in the root of some directories =======

            2017-07-17 14:39 - 2017-07-17 14:39 - 0000037 ___SH () C:\Users\Danijel\AppData\Local\20986331705021ca58e dc424.96250074
            2016-12-04 21:36 - 2016-12-04 21:36 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32. bc
            2017-07-19 10:17 - 2017-07-19 10:17 - 0000004 _____ () C:\ProgramData_lg.3sap
            [HEADING=1]Some files in TEMP:[/HEADING]
            2017-07-19 10:11 - 2017-07-19 10:11 - 4021600 _____ (Easeware ) C:\Users\Danijel\AppData\Local\Temp\BC6C.tmp.exe
            2017-07-19 10:11 - 2017-07-19 10:11 - 1199825 _____ () C:\Users\Danijel\AppData\Local\Temp\unins000.exe

            ==================== Bamital & volsnap ======================

            (There is no automatic fix for files that do not pass verification.)

            C:\Windows\system32\winlogon.exe => File is digitally signed
            C:\Windows\system32\wininit.exe => File is digitally signed
            C:\Windows\SysWOW64\wininit.exe => File is digitally signed
            C:\Windows\explorer.exe => File is digitally signed
            C:\Windows\SysWOW64\explorer.exe => File is digitally signed
            C:\Windows\system32\svchost.exe => File is digitally signed
            C:\Windows\SysWOW64\svchost.exe => File is digitally signed
            C:\Windows\system32\services.exe => File is digitally signed
            C:\Windows\system32\User32.dll
            [2010-11-21 05:24] - [2017-05-03 13:18] - 1008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

            C:\Windows\SysWOW64\User32.dll
            [2010-11-21 05:24] - [2017-05-03 13:18] - 0833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

            C:\Windows\system32\userinit.exe => File is digitally signed
            C:\Windows\SysWOW64\userinit.exe => File is digitally signed
            C:\Windows\system32\rpcss.dll => File is digitally signed
            C:\Windows\system32\dnsapi.dll => File is digitally signed
            C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
            C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

            LastRegBack: 2017-07-22 13:38

            ==================== End of FRST.txt ============================
            [HEADING=1]additions
            Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
            Ran by Danijel (23-07-2017 19:11:25)
            Running from C:\Users\Danijel\Desktop
            Windows 7 Ultimate Service Pack 1 (X64) (2016-12-04 15:44:19)
            Boot Mode: Normal[/HEADING]
            ==================== Accounts: =============================

            Administrator (S-1-5-21-4218728406-1097614046-610063632-500 - Administrator - Disabled)
            Danijel (S-1-5-21-4218728406-1097614046-610063632-1000 - Administrator - Enabled) => C:\Users\Danijel
            Guest (S-1-5-21-4218728406-1097614046-610063632-501 - Limited - Disabled)
            HomeGroupUser$ (S-1-5-21-4218728406-1097614046-610063632-1002 - Limited - Enabled)

            ==================== Security Center ========================

            (If an entry is included in the fixlist, it will be removed.)

            AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
            AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
            AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
            FW: AVG Antivirus (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

            ==================== Installed Programs ======================

            (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

            µTorrent (HKU\S-1-5-21-4218728406-1097614046-610063632-1000...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
            Adobe Acrobat Reader DC - Croatian (HKLM-x32...{AC76BA86-7AD7-1050-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
            Adobe Flash Player 26 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
            AMD Install Manager (HKLM...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
            AMD Quick Stream (HKLM...{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
            AutoCAD 2013 - English (HKLM...{5783F2D7-B001-0000-0102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
            AutoCAD 2013 - English (HKLM...{5783F2D7-B001-0409-2102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
            AutoCAD 2013 - English (HKLM...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
            AutoCAD 2013 Language Pack - English (HKLM...{5783F2D7-B001-0409-1102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
            Autodesk CAD Manager Tools (HKLM...{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk)
            Autodesk Content Service (HKLM-x32...{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
            Autodesk Content Service (HKLM-x32...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
            Autodesk Content Service Language Pack (HKLM-x32...{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
            Autodesk Material Library 2013 (HKLM-x32...{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
            Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32...{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
            Autodesk Network License Manager (HKLM...{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 1.0.0 - Autodesk)
            Autodesk Sync (HKLM...{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
            AVG (HKLM...{434FBA38-0562-4F98-9436-4B45C0C0EF0B}) (Version: 1.201.2 - AVG Technologies) Hidden
            AVG Internet Security (HKLM-x32...\AVG Antivirus) (Version: 17.5.3022 - AVG Technologies)
            Battle.net (HKLM-x32...\Battle.net) (Version: - Blizzard Entertainment)
            Catalyst Control Center Next Localization BR (HKLM...{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization CHS (HKLM...{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization CHT (HKLM...{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization CS (HKLM...{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization DA (HKLM...{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization DE (HKLM...{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization EL (HKLM...{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization ES (HKLM...{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization FI (HKLM...{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization FR (HKLM...{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization HU (HKLM...{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization IT (HKLM...{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization JA (HKLM...{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization KO (HKLM...{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization NL (HKLM...{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization NO (HKLM...{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization PL (HKLM...{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization RU (HKLM...{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization SV (HKLM...{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization TH (HKLM...{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            Catalyst Control Center Next Localization TR (HKLM...{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
            CCleaner (HKLM...\CCleaner) (Version: 5.24 - Piriform)
            Counter-Strike: Global Offensive (HKLM...\Steam App 730) (Version: - Valve)
            CPUID CPU-Z 1.78 (HKLM...\CPUID CPU-Z_is1) (Version: - )
            CyberGhost 6 (HKLM...\CyberGhost 6_is1) (Version: - CyberGhost S.R.L.)
            D3DX10 (HKLM-x32...{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
            Discord (HKU\S-1-5-21-4218728406-1097614046-610063632-1000...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
            FARO LS 1.1.406.58 (HKLM-x32...{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
            FMW 1 (HKLM...{8DF0D8D9-0C24-47EB-9738-376DD2705133}) (Version: 1.214.2 - AVG Technologies) Hidden
            Galerija fotografija (HKLM-x32...{343C0612-37DC-4914-95A7-0845EE0C8F04}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
            Google Chrome (HKLM-x32...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
            Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
            Hearthstone (HKLM-x32...\Hearthstone) (Version: - Blizzard Entertainment)
            Java 8 Update 131 (64-bit) (HKLM...{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
            Junk Mail filter update (HKLM-x32...{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
            League of Legends (HKLM-x32...{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
            League of Legends (HKLM-x32...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
            Letasoft Sound Booster 1.7.0.327 (HKLM-x32...{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1) (Version: 1.7.0.327 - Letasoft LLC)
            Microsoft .NET Framework 4.5 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
            Microsoft Office Professional Plus 2013 (HKLM...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
            Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32...{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
            Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
            Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
            Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM...{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
            Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
            Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
            Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
            Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
            Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32...{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
            Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32...{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
            Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
            Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32...{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
            Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32...{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
            Movie Maker (HKLM-x32...{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
            Movie Maker (HKLM-x32...{57430A7B-EB42-41ED-88F8-ACB2DEDB8416}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
            Movie Maker (HKLM-x32...{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
            Mozilla Firefox 54.0.1 (x86 hr) (HKLM-x32...\Mozilla Firefox 54.0.1 (x86 hr)) (Version: 54.0.1 - Mozilla)
            Mozilla Maintenance Service (HKLM-x32...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
            Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM...{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
            Overwolf (HKLM-x32...\Overwolf) (Version: 0.105.324.0 - Overwolf Ltd.)
            PowerISO (HKLM-x32...\PowerISO) (Version: 6.7 - Power Software Ltd)
            Raptr (HKLM-x32...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
            Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
            Skype™ 7.37 (HKLM-x32...{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
            Speccy (HKLM...\Speccy) (Version: 1.30 - Piriform)
            SpyHunter 4 (HKLM-x32...\SpyHunter) (Version: 4.27.1.4835 - Enigma Software Group, LLC)
            Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
            UnHackMe 9.0 (HKLM-x32...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
            Visual Studio 2012 x64 Redistributables (HKLM...{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
            Visual Studio 2012 x86 Redistributables (HKLM-x32...{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
            Windows 7 USB/DVD Download Tool (HKLM-x32...{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
            Windows Live Essentials (HKLM-x32...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
            WinRAR 5.40 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
            Zemana AntiMalware (HKLM-x32...{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)

            ==================== Custom CLSID (Whitelisted): ==========================

            (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

            CustomCLSID: HKU\S-1-5-21-4218728406-1097614046-610063632-1000_Classes\CLSID{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 → D:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
            CustomCLSID: HKU\S-1-5-21-4218728406-1097614046-610063632-1000_Classes\CLSID{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 → D:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
            CustomCLSID: HKU\S-1-5-21-4218728406-1097614046-610063632-1000_Classes\CLSID{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 → D:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)
            ShellIconOverlayIdentifiers: [00avg] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
            ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] → {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
            ContextMenuHandlers01: [2.0 Zemana AntiMalware] → {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-19] ()
            ContextMenuHandlers01: [AcShellExtension.AcContextMenuHandler] → {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2012-02-06] (Autodesk)
            ContextMenuHandlers01: [AVG] → {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-19] (AVG Technologies CZ, s.r.o.)
            ContextMenuHandlers01: [PowerISO] → {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
            ContextMenuHandlers01: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
            ContextMenuHandlers01: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => → No File
            ContextMenuHandlers03: [00avg] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
            ContextMenuHandlers04: [PowerISO] → {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
            ContextMenuHandlers05: [ACE] → {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
            ContextMenuHandlers06: [2.0 Zemana AntiMalware] → {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-19] ()
            ContextMenuHandlers06: [AVG] → {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-19] (AVG Technologies CZ, s.r.o.)
            ContextMenuHandlers06: [PowerISO] → {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
            ContextMenuHandlers06: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
            ContextMenuHandlers06: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => → No File

            ==================== Scheduled Tasks (Whitelisted) =============

            (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

            Task: {0A08AE95-46D6-4ACC-83D1-F983ADDA4DC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.)
            Task: {12355699-07AE-496F-BF09-6D77A71A4388} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.)
            Task: {16363D54-B2BA-42AE-9DBE-0FC4BF17F3E9} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-07-17] (Overwolf LTD)
            Task: {1B4EC10B-0E01-4CBA-9DAA-90AE3B579BCD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-07-11] (Adobe Systems Incorporated)
            Task: {2EE96BD6-4DCC-408F-9A83-9F5A3655899E} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
            Task: {48700419-5FAA-42D5-A2D2-0DDE0432DCA9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
            Task: {6FA4249C-39E2-4490-AF34-B6CD9EB6446C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
            Task: {A79CA190-8EB6-4CEA-B691-CC528EF3E39E} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2017-07-20] (Enigma Software Group USA, LLC.)
            Task: {B4E1EE71-79CB-4F48-A2F3-A557AA523BC9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
            Task: {BBAD05BD-D1AD-485D-83B5-D773A4EE333A} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2017-06-22] (Greatis Software)
            Task: {DC148471-F277-4686-ABEB-4F2F8AC859EC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
            Task: {E6FB26FA-2513-490F-9E6A-AE0C3B56AA2A} - System32\Tasks{95B59E6D-A533-40CF-B14D-A77BD97AA386} => C:\Windows\system32\pcalua.exe -a C:\Users\Danijel\Desktop\SH-Alt-Install.exe -d C:\Users\Danijel\Desktop
            Task: {EE4EE5C5-F7C8-4F95-B9B9-05370A69FC5A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
            Task: {F16F353B-7AC6-4A8D-8B76-D81C41BEFFA7} - {7A0A0A47-050D-7A7D-7911-7E7F0B78117E} → No File <==== ATTENTION
            Task: {F5820781-96BB-4670-BE6D-E0F986C30578} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-07-19] (AVG Technologies CZ, s.r.o.)

            (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

            ==================== Shortcuts & WMI ========================

            (The entries could be listed to be restored or removed.)

            Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Intеrnеt Exрlorеr (64-bit).lnk → C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat (No File) <==== Cyrillic
            Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Intеrnеt Еxplorer.lnk → C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat (No File) <==== Cyrillic
            Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Overwolf\Оvеrwоlf.lnk → C:\Users\Danijel\AppData\Roaming\Browsers\exe.rehc nualflowrevo.bat (No File) <==== Cyrillic
            Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps\Сhrоmе Remоtе Desktoр.lnk → C:\Users\Danijel\AppData\Roaming\Browsers\exe.emor hc.bat (No File) <==== Cyrillic
            Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Accessories\System Tools\Intеrnet Eхplоrеr (Nо Аdd-оns).lnk → C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat (No File) <==== Cyrillic
            Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk → C:\Users\Danijel\AppData\Roaming\Browsers\exe.emor hc.bat (No File) <==== Cyrillic
            Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefох.lnk → C:\Users\Danijel\AppData\Roaming\Browsers\exe.xofe rif.bat (No File) <==== Cyrillic

            ==================== Loaded Modules (Whitelisted) ==============

            2015-08-04 01:25 - 2015-08-04 01:25 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceT uning.dll
            2014-02-11 08:08 - 2014-02-11 08:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
            2014-02-11 08:08 - 2014-02-11 08:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
            2017-06-26 16:31 - 2017-05-03 14:43 - 00334384 _____ () C:\Program Files\CyberGhost 6\MobileConcepts45.dll
            2017-06-26 16:31 - 2017-05-03 14:43 - 00025648 _____ () C:\Program Files\CyberGhost 6\BugSplatDotNet.dll
            2017-06-26 16:31 - 2017-05-03 14:43 - 00119344 _____ () C:\Program Files\CyberGhost 6\CyberGhost.RESTCommunicator.dll
            2012-10-01 21:36 - 2012-10-01 21:36 - 06522480 _____ () D:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
            2017-07-19 18:13 - 2017-07-19 18:13 - 00155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
            2017-05-19 20:51 - 2017-05-19 20:51 - 00163152 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll
            2017-07-05 11:33 - 2017-07-05 11:33 - 00832784 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll
            2017-07-05 11:33 - 2017-07-05 11:33 - 00277416 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll
            2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
            2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcont rolsplugin.dll
            2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugi n.dll
            2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayout splugin.dll
            2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
            2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
            2015-08-04 01:25 - 2015-08-04 01:25 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
            2017-06-28 00:20 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libg lesv2.dll
            2017-06-28 00:20 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libe gl.dll
            2017-05-19 20:51 - 2017-05-19 20:51 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
            2017-07-05 11:33 - 2017-07-05 11:33 - 00193784 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
            2017-07-05 11:33 - 2017-07-05 11:33 - 00225376 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
            2017-07-23 13:27 - 2017-07-23 13:27 - 05882720 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17072300\algo.dll
            2017-07-05 11:33 - 2017-07-05 11:33 - 00690392 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
            2017-07-05 11:33 - 2017-07-05 11:33 - 00232784 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
            2017-07-23 17:55 - 2017-07-23 17:55 - 05882720 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17072302\algo.dll
            2016-12-04 18:33 - 2016-12-04 18:32 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
            2017-07-19 09:48 - 2017-07-19 09:48 - 01067056 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
            2017-07-05 11:33 - 2017-07-05 11:33 - 67109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll

            ==================== Alternate Data Streams (Whitelisted) =========

            (If an entry is included in the fixlist, only the ADS will be removed.)

            ==================== Safe Mode (Whitelisted) ===================

            (If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

            HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
            HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

            ==================== Association (Whitelisted) ===============

            (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

            HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Software\Classes.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe “%1”

            ==================== Internet Explorer trusted/restricted ===============

            (If an entry is included in the fixlist, it will be removed from the registry.)

            ==================== Hosts content: ==========================

            (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

            2009-07-14 04:34 - 2017-07-19 10:11 - 00001146 ____N C:\Windows\system32\Drivers\etc\hosts

            127.0.0.1 cpm.paneladmin.pro
            127.0.0.1 publisher.hmdiadmingate.xyz
            127.0.0.1 distribution.hmdiadmingate.xyz
            127.0.0.1 hmdicrewtracksystem.xyz
            127.0.0.1 linkmate.space
            127.0.0.1 space1.adminpressure.space
            127.0.0.1 trackpressure.website
            127.0.0.1 doctorlink.space
            127.0.0.1 plugpackdownload.net
            127.0.0.1 dscdn.pw
            127.0.0.1 beautifllink.xyz

            ==================== Other Areas ============================

            (Currently there is no automatic fix for this section.)

            HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Control Panel\Desktop\Wallpaper →
            DNS Servers: 192.168.5.1
            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
            Windows Firewall is enabled.

            ==================== MSCONFIG/TASK MANAGER disabled items ==

            MSCONFIG\startupreg: AppEx Accelerator UI => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
            MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
            MSCONFIG\startupreg: CyberGhost => “C:\Program Files\CyberGhost 6\CyberGhost.exe” /autostart /min
            MSCONFIG\startupreg: Discord => C:\Users\Danijel\AppData\Local\Discord\app-0.0.297\Discord.exe
            MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe -overwolfsilent
            MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
            MSCONFIG\startupreg: Raptr => “C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe” --startup
            MSCONFIG\startupreg: Skype => “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
            MSCONFIG\startupreg: vProt => “C:\Program Files (x86)\AVG Web TuneUp\vprot.exe”

            ==================== FirewallRules (Whitelisted) ===============

            (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

            FirewallRules: [{80BBF5AB-7E64-40FA-AC72-D6E9F026BBF6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
            FirewallRules: [{88B03CA9-2668-49CA-A951-FE0E1902FDF9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
            FirewallRules: [{747195D4-2B71-4983-B7A1-97FEC68ABD92}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
            FirewallRules: [{31A6CE4B-9FA9-47D1-BF4F-5E9817E1A9EB}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
            FirewallRules: [TCP Query User{A35F0587-01A1-495A-B268-B677CF6DDC2F}D:\hearthstone\hearthstone\hearthston e.exe] => (Allow) D:\hearthstone\hearthstone\hearthstone.exe
            FirewallRules: [UDP Query User{5749FBDD-6CC7-491E-AAED-346C792B3138}D:\hearthstone\hearthstone\hearthston e.exe] => (Allow) D:\hearthstone\hearthstone\hearthstone.exe
            FirewallRules: [{B296AC57-73D5-42CB-9F27-A2BCCD2125C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
            FirewallRules: [{B9CFEBCC-87E6-4322-B51B-2D75043538AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
            FirewallRules: [{E743828E-FE5B-4313-A37F-B0B500DB85EE}] => (Allow) C:\Users\Danijel\AppData\Roaming\uTorrent\uTorrent .exe
            FirewallRules: [{83F3427F-DC29-4973-A17F-324F15BF0C24}] => (Allow) C:\Users\Danijel\AppData\Roaming\uTorrent\uTorrent .exe
            FirewallRules: [{C70E422C-C99F-4194-B2FD-E66C78807524}] => (Allow) C:\Users\Danijel\AppData\Roaming\uTorrent\uTorrent .exe
            FirewallRules: [{F93F3024-2887-46B9-AFCC-68C9A3E86880}] => (Allow) C:\Users\Danijel\AppData\Roaming\uTorrent\uTorrent .exe
            FirewallRules: [{174CDE20-5D4B-4AB4-942E-0F1B8D45F46E}] => (Allow) C:\Users\Danijel\AppData\Roaming\uTorrent\uTorrent .exe
            FirewallRules: [{1FB9D854-5333-4F8F-AF50-EF66AFBE6A18}] => (Allow) C:\Users\Danijel\AppData\Roaming\uTorrent\uTorrent .exe
            FirewallRules: [{D12DD792-C3F1-43BB-955C-F4E34140ED6E}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
            FirewallRules: [{FE0F3F62-A2C5-4C97-BB73-E0A2FDB8EDB3}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
            FirewallRules: [{6428DC99-9A63-43BE-A370-1D8448C2AD86}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
            FirewallRules: [{904B9933-E9D2-4885-9A19-BCC397E7ACB5}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
            FirewallRules: [{DAEFDF83-6C92-471A-A3D2-03741619AED0}] => (Allow) LPort=50248
            FirewallRules: [{0220B71B-C8F5-42E9-824D-C83C1C37AF23}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
            FirewallRules: [{151278D7-A505-4640-9DC3-1727B15B418B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
            FirewallRules: [{41F14348-B9C9-4A02-922C-10E1325ED73C}] => (Allow) LPort=2869
            FirewallRules: [{58C7F2B7-2237-4D45-A0F4-7DB6E01ED811}] => (Allow) LPort=1900
            FirewallRules: [{78A7F068-67F3-484E-9FBE-F50E63318A48}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
            FirewallRules: [{EFE6EDF6-3697-4DDA-BA9A-8947DF63B695}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
            FirewallRules: [{F90E49E6-3185-4103-AFA0-E388273C07CD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
            FirewallRules: [{543B5DF3-053D-4724-A13C-BBDFA4694328}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
            FirewallRules: [TCP Query User{305A12D2-CCE1-49FD-BF0B-AB689B952E59}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
            FirewallRules: [UDP Query User{EFE2CBBE-1947-4D2E-BE6C-670342793FAE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
            FirewallRules: [{CE835C98-4463-4742-B309-0752EE8BC2ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
            FirewallRules: [{B5CF7A95-4BB2-4366-B7BE-2DB74C18D488}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
            FirewallRules: [{372E4352-65F5-497C-9066-C17C7E7814DB}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
            FirewallRules: [{A2268372-99A1-4B27-89AB-44ED36583680}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
            FirewallRules: [{8A24C7BF-822D-4F3F-B61D-D57B44DE4676}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
            FirewallRules: [{9982CADC-E377-46FE-B9BC-3C0AD00AD355}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
            FirewallRules: [{95B46E75-60B6-4CED-AAB8-C81972C46991}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

            ==================== Restore Points =========================

            19-07-2017 17:57:59 Sigurnosna točka programa HitmanPro
            19-07-2017 17:59:30 Sigurnosna točka programa HitmanPro
            23-07-2017 15:29:11 Installed Windows 7 USB/DVD Download Tool

            ==================== Faulty Device Manager Devices =============

            Name: Universal Serial Bus (USB) Controller
            Description: Universal Serial Bus (USB) Controller
            Class Guid:
            Manufacturer:
            Service:
            Problem: : The drivers for this device are not installed. (Code 28)
            Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

            Name: SM Bus Controller
            Description: SM Bus Controller
            Class Guid:
            Manufacturer:
            Service:
            Problem: : The drivers for this device are not installed. (Code 28)
            Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

            ==================== Event log errors: =========================
            [HEADING=1]Application errors:[/HEADING]
            Error: (07/23/2017 04:28:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
            Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

            Error: (07/23/2017 04:09:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
            Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

            Error: (07/23/2017 04:05:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
            Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

            Error: (07/23/2017 03:59:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
            Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

            Error: (07/23/2017 03:56:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
            Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

            Error: (07/23/2017 03:33:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
            Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

            Error: (07/23/2017 09:42:23 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
            Description: Event-ID 0

            Error: (07/23/2017 09:32:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
            Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

            Error: (07/22/2017 08:48:32 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
            Description: Event-ID 0

            Error: (07/22/2017 08:38:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
            Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
            [HEADING=1]System errors:[/HEADING]
            Error: (07/23/2017 03:59:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
            Description: The CyberGhost 6 Service service failed to start due to the following error:
            The service did not respond to the start or control request in a timely fashion.

            Error: (07/23/2017 03:59:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
            Description: A timeout was reached (30000 milliseconds) while waiting for the CyberGhost 6 Service service to connect.

            Error: (07/23/2017 03:52:54 PM) (Source: Ntfs) (EventID: 137) (User: )
            Description: The default transaction resource manager on volume H: encountered a non-retryable error and could not start. The data contains the error code.

            Error: (07/20/2017 01:54:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
            Description: The following boot-start or system-start driver(s) failed to load:
            avgbdisk
            avgbidsdriver
            avgbidsh
            avgblog
            avgbuniv
            avgRvrt
            avgSnx
            avgSP
            avgVmm
            discache
            SCDEmu
            spldr
            Wanarpv6

            Error: (07/20/2017 01:54:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
            Description: The CyberGhost 6 Service service depends on the Server service which failed to start because of the following error:
            The dependency service or group failed to start.

            Error: (07/19/2017 09:01:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
            Description: The Steam Client Service service failed to start due to the following error:
            The service did not respond to the start or control request in a timely fashion.

            Error: (07/19/2017 09:01:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
            Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

            Error: (07/19/2017 06:08:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
            Description: The ScRegSetValueExW call failed for FailureActions with the following error:
            Access is denied.

            Error: (07/19/2017 05:33:28 PM) (Source: EventLog) (EventID: 6008) (User: )
            Description: The previous system shutdown at 5:32:29 PM on ‎7/‎19/‎2017 was unexpected.

            Error: (07/19/2017 02:34:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
            Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
            The dependency service or group failed to start.

            ==================== Memory info ===========================

            Processor: AMD A10-6800K APU with Radeon™ HD Graphics
            Percentage of memory in use: 51%
            Total physical RAM: 7368.6 MB
            Available physical RAM: 3539.89 MB
            Total Virtual: 14735.4 MB
            Available Virtual: 10502.21 MB

            ==================== Drives ================================

            Drive c: () (Fixed) (Total:146.39 GB) (Free:78.82 GB) NTFS
            Drive d: () (Fixed) (Total:784.93 GB) (Free:750 GB) NTFS

            ==================== MBR & Partition Table ==================

            ================================================== ======
            Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CB97DB22)
            Partition 1: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
            Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
            Partition 3: (Not Active) - (Size=784.9 GB) - (Type=07 NTFS)

            ==================== End of Addition.txt ============================
            [HEADING=1]ASW
            aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
            Run date: 2017-07-23 19:17:02[/HEADING]
            19:17:02.925 OS Version: Windows x64 6.1.7601 Service Pack 1
            19:17:02.925 Number of processors: 4 586 0x1301
            19:17:02.926 ComputerName: DANIJEL-PC UserName: Danijel
            19:17:03.552 Initialize success
            19:17:03.679 VM: initialized successfully
            19:17:03.681 VM: Amd CPU BiosDisabled
            19:17:41.691 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
            19:17:41.695 Disk 0 Vendor: WDC_WD10EZRX-00L4HB0 01.01A01 Size: 953869MB BusType: 11
            19:17:41.789 Disk 0 MBR read successfully
            19:17:41.792 Disk 0 MBR scan
            19:17:41.796 Disk 0 Windows 7 default MBR code
            19:17:41.807 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 149899 MB offset 206848
            19:17:41.819 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 307200000
            19:17:41.824 Disk 0 default boot code
            19:17:41.830 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 803768 MB offset 307404800
            19:17:41.860 Disk 0 scanning C:\Windows\system32\drivers
            19:17:45.244 Service scanning
            19:17:59.415 Modules scanning
            19:17:59.425 Disk 0 trace - called modules:
            19:17:59.444 ntoskrnl.exe CLASSPNP.SYS disk.sys avgSP.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
            19:17:59.448 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8008075060]
            19:17:59.452 3 avgSP.sys[fffff880040fe1d2] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007db9060]
            19:17:59.456 Disk 0 statistics 98344/0/0 @ 15,55 MB/s
            19:17:59.460 Scan finished successfully
            19:18:08.146 Disk 0 MBR has been saved successfully to “C:\Users\Danijel\Desktop\MBR.dat”
            19:18:08.150 The log file has been saved successfully to “C:\Users\Danijel\Desktop\aswMBR.txt”

            Comment

            • jmarket
              PCHF Owner
              • Jan 2015
              • 7635

              #7
              I see that you have a P2P (Peer-to-Peer) file sharing program installed. I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:
              Data about Obama’s helicopter breached via P2P?
              Leak of congressional ethics document prompts calls for cybersecurity probe
              Walter Reed suffers peer-to-peer data breach
              Update: Seattle man arrested for p-to-p ID theft

              In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it’s often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don’t uninstall the P2P software, we will continue to clean your system, but realize that it’s likely only a matter of time before you are infected again.

              Please download Junkware Removal Tool and save it on your desktop.

              [ul]
              [li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][/ul]
              [ul]
              [li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][/ul]
              [ul]
              [li]The tool will open and start scanning your system.[/li][/ul]
              [ul]
              [li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][/ul]
              [ul]
              [li]On completion, a log is saved to your desktop and will automatically open.[/li][/ul]
              [ul]
              [li]Please post the JRT log.[/li][/ul]
              I will tag @Malnutrition to assist you.

              Comment

              • system
                PCHF Owner
                • Jan 2015
                • 7635

                #8
                Hello Mawlol, my name is Gus and I will be helping you to clean your PC. I am in training here and before I can present any fix to you it will have to be checked by an expert. That’s not so bad as two pairs of eyes are better than one anyway

                We are going to use several tools to clean your PC and even though it may appear fixed please stay and follow our instructions until we give you the all clear and remove all our cleaning tools used.

                Also if you are not sure about any instruction please ask? no such thing as a silly question.

                Can I please ask that you carefully consider the excellent recommendation re removal of P2P software in the post immediately above this one, and should you not choose to uninstall it then we will have to insist that you at least not use it till after you have been given the all clear?

                A question if I may, can you confirm if your copy of AVG a free one or paid for version?

                Can you also please Uninstall SpyHunter using Add/Remove programs, or better still Geek Uninstaller
                HERE

                Please also follow the instructions above and run the Junkware removal tool.

                Also whilst I review your FRST logs please run Adwcleaner.

                Adware Cleaner Scan.

                Please download AdwCleaner by Xplode onto your desktop.

                [ul]
                [li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]

                Comment

                • mawlol
                  PCHF Member
                  • Jul 2017
                  • 5

                  #9
                  I’m not sure what P2P program you were talking about so I instead removed all programs that im not using anymore just so you have clear picture of it. I’m using free version of AVG.
                  Code:
                  Junkware Removal Tool (JRT) by Malwarebytes
                  Version: 8.1.4 (07.09.2017)
                  Operating System: Windows 7 Ultimate x64 
                  Ran by Danijel (Administrator) on pon 24.07.2017. at 11:08:42,99
                  File System: 34

                  Successfully deleted: C:\Users\Danijel\AppData\Roaming\Mozilla\Firefox\P rofiles\f7ch90oj.default\searchplugins\avg-secure-search.xml (File)
                  Successfully deleted: C:\Users\Danijel\AppData\Roaming\Mozilla\Firefox\P rofiles\f7ch90oj.default\user.js (File)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\0L2B20UM (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\4CPP5EBT (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\AH44ZUGO (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\AMDT2SB7 (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\AN45EEEM (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\FMAQ0G2R (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\FVPGG6UQ (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\JMW3YMPW (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\OKBKE6KM (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\QAENYS1H (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\WMDFQBRW (Temporary Internet Files Folder)
                  Successfully deleted: C:\Users\Danijel\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\YF82WRN1 (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0L2B20UM (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CPP5EBT (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\AH44ZUGO (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMDT2SB7 (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\AN45EEEM (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FMAQ0G2R (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVPGG6UQ (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\JMW3YMPW (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\OKBKE6KM (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\QAENYS1H (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMDFQBRW (Temporary Internet Files Folder)
                  Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF82WRN1 (Temporary Internet Files Folder)

                  Registry: 0
                  Code:
                  Scan was completed on pon 24.07.2017. at 11:11:03,51
                  End of JRT log
                  [HEADING=1]AdwCleaner 7.0.0.0 - Logfile created on Mon Jul 24 09:27:14 2017[/HEADING]
                  [HEADING=1]Updated on 2017/17/07 by Malwarebytes[/HEADING]
                  [HEADING=1]Database: 07-23-2017.2[/HEADING]
                  [HEADING=1]Running on Windows 7 Ultimate (X64)[/HEADING]
                  [HEADING=1]Mode: scan[/HEADING]
                  [HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
                  ***** [ Services ] *****

                  No malicious services found.

                  ***** [ Folders ] *****

                  PUP.Optional.Legacy, C:\Users\All Users\Documents\XMUpdate
                  PUP.Optional.Legacy, C:\Users\Public\Documents\XMUpdate

                  ***** [ Files ] *****

                  No malicious files found.

                  ***** [ DLL ] *****

                  No malicious DLLs found.

                  ***** [ WMI ] *****

                  No malicious WMI found.

                  ***** [ Shortcuts ] *****

                  No malicious shortcuts found.

                  ***** [ Tasks ] *****

                  No malicious tasks found.

                  ***** [ Registry ] *****

                  PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\PC
                  PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Software\PC
                  PUP.Optional.Legacy, [Key] - HKCU\Software\PC
                  PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\AVG Tuneup
                  PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Event Monitor
                  PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Software\Event Monitor
                  PUP.Optional.Legacy, [Key] - HKCU\Software\Event Monitor
                  PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Software\VideoBox
                  PUP.Optional.Legacy, [Key] - HKCU\Software\VideoBox
                  PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
                  PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
                  PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
                  PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
                  PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID{CA3A5461-96B5-46DD-9341-5350D3C94615}
                  PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
                  PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
                  PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\a vgsh
                  PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\ControlSet001\Control\Power\User\Power Schemes\04262113-2a31-48e1-b4bb-3b42174bea0f
                  PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\ControlSet001\Control\Power\User\Power Schemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
                  PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\ControlSet002\Control\Power\User\Power Schemes\04262113-2a31-48e1-b4bb-3b42174bea0f
                  PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\ControlSet002\Control\Power\User\Power Schemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
                  PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Power\User\P owerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
                  PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Power\User\P owerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
                  PUP.Optional.OneSystemCare, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Power\User\P owerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
                  PUP.Optional.OneSystemCare, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Power\User\P owerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
                  PUP.Optional.OneSystemCare, [Key] - HKLM\SYSTEM\ControlSet002\Control\Power\User\Power Schemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
                  PUP.Optional.OneSystemCare, [Key] - HKLM\SYSTEM\ControlSet002\Control\Power\User\Power Schemes\04262113-2a31-48e1-b4bb-3b42174bea0f
                  PUP.Optional.OneSystemCare, [Key] - HKLM\SYSTEM\ControlSet001\Control\Power\User\Power Schemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
                  PUP.Optional.OneSystemCare, [Key] - HKLM\SYSTEM\ControlSet001\Control\Power\User\Power Schemes\04262113-2a31-48e1-b4bb-3b42174bea0f
                  PUP.Optional.Jawego, [Key] - HKLM\SOFTWARE\Jawego

                  ***** [ Firefox (and derivatives) ] *****

                  SearchProvider found: mysearch.avg.com - AVG Secure Search

                  ***** [ Chromium (and derivatives) ] *****

                  SearchProvider found: AOL - aol.com
                  SearchProvider found: WebSearch - websearch
                  SearchProvider found: Softonic EN - bsplayer.en.softonic.com
                  SearchProvider found: Softonic EN - gt-legends.en.softonic.com
                  SearchProvider found: azlyrics.com - azlyrics.com
                  SearchProvider found: Ask - ask.com
                  SearchProvider found: istartsurf - istartsurf

                  /!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: Get your bookmarks, passwords, and more on all your devices - Computer - Google Chrome Help


                  ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########one

                  Comment

                  • system
                    PCHF Owner
                    • Jan 2015
                    • 7635

                    #10
                    Hi Mawlol, the P2P program referred to was Utorrent, and have you removed SpyHunter?

                    The Adwcleaner log indicates it was only run in scan mode, with no cleaning. Can you please re run it and allow it to clean, as per the instructions

                    Can you also tell us why you have Windows Loader on your PC?

                    As you have removed software can you please supply fresh FRST logs and also a ZHP diag scan

                    Please go HERE and click the

                    [MEDIA=imgur]fQO1SSi[/MEDIA] link (French for Download) and save it to your desktop.

                    Once saved to your desktop left click the new icon [MEDIA=imgur]Eu7NnVQ[/MEDIA] and choose “Run as administrator”

                    Accept any security warnings that may pop up.

                    Then select
                    [ol]
                    [li]Options[/li][li]Check all[/li][li]Validate[/li][li]Close[/li][/ol]
                    [MEDIA=imgur]693KFMT[/MEDIA]

                    Next select Scanner from the main interface.

                    [MEDIA=imgur]0DVeOof[/MEDIA]

                    Depending on the amount of data on your PC it may take a little time to complete. Once it finishes then click the Report tab as shown above and a notepad file will open with your report file.

                    Please COPY and PASTE the contents of the notepad file with your next post

                    Comment

                    • mawlol
                      PCHF Member
                      • Jul 2017
                      • 5

                      #11
                      Yes, I removed those programs and few more that I wasn’t using, I’ve rerun adwclear despite beeing 99% sure that I used it on clear (who knows meybe im just clumsy o.0 ). Defender was in my folders from previous PC which I don’t have anymore but I had copy pasted all files from it, since it could represent a problem I just deleted it.
                      FRST
                      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017
                      Ran by Danijel (administrator) on DANIJEL-PC (25-07-2017 10:05:59)
                      Running from C:\Users\Danijel\Desktop
                      Loaded Profiles: Danijel (Available Profiles: Danijel)
                      Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
                      Internet Explorer Version 8 (Default browser: FF)
                      Boot Mode: Normal
                      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

                      ==================== Processes (Whitelisted) =================

                      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

                      (AMD) C:\Windows\System32\atiesrxx.exe
                      (AMD) C:\Windows\System32\atieclxx.exe
                      (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
                      (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
                      (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
                      (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
                      (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
                      (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                      (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
                      (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
                      (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
                      (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
                      (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
                      (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
                      (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                      (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
                      (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
                      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
                      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

                      ==================== Registry (Whitelisted) ====================

                      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

                      HKLM...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
                      HKLM...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-07-03] (AVG Technologies CZ, s.r.o.)
                      HKLM...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      HKLM-x32...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-07-03] (AVG Technologies CZ, s.r.o.)
                      HKLM-x32...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
                      HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
                      HKU\S-1-5-21-4218728406-1097614046-610063632-1000...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
                      HKU\S-1-5-21-4218728406-1097614046-610063632-1000...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
                      HKU\S-1-5-21-4218728406-1097614046-610063632-1000...\Policies\Explorer:

                      ==================== Internet (Whitelisted) ====================

                      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

                      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
                      Tcpip\Parameters: [DhcpNameServer] 192.168.5.1
                      Tcpip..\Interfaces{75F1234D-0A07-4D4B-A460-26BBEB6B3DED}: [DhcpNameServer] 192.168.42.129
                      Tcpip..\Interfaces{E6CF4FE9-D2BF-417A-897E-ABA93DF3BD10}: [DhcpNameServer] 192.168.5.1
                      [HEADING=1]Internet Explorer:[/HEADING]
                      HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
                      BHO: Lync Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → D:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
                      BHO: No Name → {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} → No File
                      BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-24] (Oracle Corporation)
                      BHO: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
                      BHO: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → D:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
                      BHO: Microsoft SkyDrive Pro Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → D:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
                      BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-24] (Oracle Corporation)
                      BHO-x32: Lync Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
                      BHO-x32: No Name → {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} → No File
                      BHO-x32: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
                      BHO-x32: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
                      BHO-x32: Microsoft SkyDrive Pro Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
                      Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
                      Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
                      Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
                      Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
                      Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
                      Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
                      Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
                      Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
                      Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
                      [HEADING=1]FireFox:[/HEADING]
                      FF ProfilePath: C:\Users\Danijel\AppData\Roaming\Mozilla\Firefox\P rofiles\f7ch90oj.default [2017-07-25]
                      FF Session Restore: Mozilla\Firefox\Profiles\f7ch90oj.default → is enabled.
                      FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_ 137.dll [2017-07-11] ()
                      FF Plugin: @java.com/DTPlugin,version=11.141.2 → C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1 .dll [2017-07-24] (Oracle Corporation)
                      FF Plugin: @java.com/JavaPlugin,version=11.141.2 → C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-24] (Oracle Corporation)
                      FF Plugin: @microsoft.com/SharePoint,version=14.0 → D:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
                      FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_ 137.dll [2017-07-11] ()
                      FF Plugin-x32: @microsoft.com/Lync,version=15.0 → C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
                      FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
                      FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
                      FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
                      FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
                      FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
                      FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
                      FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
                      [HEADING=1]Chrome:[/HEADING]
                      CHR HomePage: Default → hxxp://www.facebook.com/
                      CHR Session Restore: Default → is enabled.
                      CHR Profile: C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default [2017-07-25]
                      CHR Extension: (Google Drive) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-12-04]
                      CHR Extension: (YouTube) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-12-04]
                      CHR Extension: (Cat) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fimkgcpmlbkeehbjhnijoginof bdgbdk [2017-07-19]
                      CHR Extension: (AdBlock) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom [2017-07-19]
                      CHR Extension: (Chrome Web Store Payments) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-03-20]
                      CHR Extension: (9gag Night Mode) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdoebgohinaejdpncadbahijij goffke [2017-06-17]
                      CHR Extension: (Gmail) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2016-12-04]
                      CHR Extension: (Chrome Media Router) - C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-07-14]

                      ==================== Services (Whitelisted) ====================

                      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                      R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
                      R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
                      R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [312712 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-07-03] (AVG Technologies CZ, s.r.o.)
                      S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-07-17] (Overwolf LTD)
                      S3 SoundBoosterService; D:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe [113336 2017-06-06] (Letasoft)
                      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

                      ===================== Drivers (Whitelisted) ======================

                      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                      R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
                      R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
                      R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [313616 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [139112 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R3 avgNetNd6; C:\Windows\System32\DRIVERS\avgNetNd6.sys [29944 2017-04-21] (AVG Technologies CZ, s.r.o.)
                      R1 avgNetSec; C:\Windows\system32\drivers\avgNetSec.sys [546968 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [578048 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [191208 2017-07-19] (AVG Technologies CZ, s.r.o.)
                      R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [353744 2017-07-19] (AVG Technologies CZ, s.r.o.)

                      ==================== NetSvcs (Whitelisted) ===================

                      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                      ==================== One Month Created files and folders ========

                      (If an entry is included in the fixlist, the file/folder will be moved.)

                      2017-07-25 09:59 - 2017-07-25 10:06 - 00015317 _____ C:\Users\Danijel\Desktop\FRST.txt
                      2017-07-24 11:26 - 2017-07-25 09:47 - 00000000 ____D C:\AdwCleaner
                      2017-07-24 11:25 - 2017-07-24 11:25 - 08162248 _____ (Malwarebytes) C:\Users\Danijel\Desktop\adwcleaner_7.0.0.0.exe
                      2017-07-24 11:12 - 2017-07-24 11:21 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Geek Uninstaller
                      2017-07-24 11:12 - 2017-07-24 11:12 - 03000643 _____ C:\Users\Danijel\Downloads\geek.zip
                      2017-07-24 11:12 - 2017-07-04 14:07 - 07137216 _____ (Geek Unіnstaller) C:\Users\Danijel\Desktop\geek.exe
                      2017-07-24 11:06 - 2017-07-24 11:06 - 01790024 _____ (Malwarebytes) C:\Users\Danijel\Desktop\JRT.exe
                      2017-07-23 22:03 - 2017-07-23 22:03 - 02771734 _____ C:\Users\Danijel\Documents\Gradimo u kamenu.pdf
                      2017-07-23 19:54 - 2017-07-23 19:54 - 00000000 ____D C:\Users\Danijel\Desktop\skola
                      2017-07-23 19:11 - 2017-07-23 19:11 - 05200384 _____ (AVAST Software) C:\Users\Danijel\Desktop\aswmbr.exe
                      2017-07-23 19:10 - 2017-07-25 10:05 - 00000000 ____D C:\FRST
                      2017-07-23 19:09 - 2017-07-23 19:09 - 02382336 _____ (Farbar) C:\Users\Danijel\Desktop\FRST64.exe
                      2017-07-23 15:06 - 2017-07-23 15:20 - 00001908 _____ C:\Windows\diagwrn.xml
                      2017-07-23 15:06 - 2017-07-23 15:20 - 00001908 _____ C:\Windows\diagerr.xml
                      2017-07-23 14:45 - 2017-07-23 14:46 - 00000000 ____D C:\Users\Danijel\Desktop\reinstall
                      2017-07-23 14:17 - 2017-07-23 14:49 - 00000000 ____D C:\Users\Danijel\Desktop\Danijel reinstalll
                      2017-07-23 14:17 - 2017-07-23 14:22 - 00000000 ____D C:\Users\Danijel\Desktop\tata reinstall
                      2017-07-22 09:11 - 2017-07-22 09:12 - 04121760 _____ (Husdawg, LLC) C:\Users\Danijel\Downloads\Detection.exe
                      2017-07-20 11:24 - 2017-07-20 11:24 - 00000000 _____ C:\autoexec.bat
                      2017-07-20 11:19 - 2017-07-24 16:38 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
                      2017-07-20 11:19 - 2017-07-20 11:19 - 00003144 _____ C:\Windows\System32\Tasks{95B59E6D-A533-40CF-B14D-A77BD97AA386}
                      2017-07-20 01:59 - 2017-07-24 11:18 - 00000246 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
                      2017-07-20 01:56 - 2017-07-20 01:56 - 00000000 ____D C:@RestoreQuarantine
                      2017-07-19 23:57 - 2017-07-19 23:57 - 00000000 ____D C:\ProgramData\RegRun
                      2017-07-19 23:54 - 2017-07-24 11:20 - 00000000 ____D C:\Program Files (x86)\UnHackMe
                      2017-07-19 23:54 - 2017-07-24 10:56 - 00000000 ____D C:\Users\Danijel\Documents\RegRun2
                      2017-07-19 23:54 - 2017-07-19 23:54 - 00000002 RSHOT C:\Windows\winstart.bat
                      2017-07-19 23:54 - 2017-07-19 23:54 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
                      2017-07-19 23:54 - 2017-07-19 23:54 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
                      2017-07-19 18:13 - 2017-07-24 11:27 - 00023987 _____ C:\Windows\ZAM_Guard.krnl.trace
                      2017-07-19 18:13 - 2017-07-24 11:20 - 00070495 _____ C:\Windows\ZAM.krnl.trace
                      2017-07-19 18:08 - 2017-07-24 11:21 - 00000000 ____D C:\Users\Danijel\AppData\Local\Zemana
                      2017-07-19 17:59 - 2017-07-19 17:59 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
                      2017-07-19 17:54 - 2017-07-19 18:00 - 00000000 ____D C:\ProgramData\HitmanPro
                      2017-07-19 10:59 - 2017-07-19 10:59 - 00001733 _____ C:\Users\Danijel\Desktop\chrome - Shortcut.lnk
                      2017-07-19 10:26 - 2017-07-19 10:26 - 65033984 _____ (Malwarebytes ) C:\Users\Danijel\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
                      2017-07-19 10:18 - 2017-07-19 10:18 - 00000000 ___SD C:\Users\Danijel\AppData\LocalLow\Temp
                      2017-07-19 10:17 - 2017-07-19 10:17 - 00000004 _____ C:\ProgramData_lg.3sap
                      2017-07-19 10:14 - 2017-07-19 10:14 - 00000000 ___HD C:$AV_AVG
                      2017-07-19 10:11 - 2017-07-20 01:54 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\samika
                      2017-07-19 10:11 - 2017-07-19 10:31 - 00000000 ____D C:\ProgramData\WindowsErrorReporting
                      2017-07-19 10:11 - 2017-07-19 10:11 - 00001437 ___RS C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Intеrnеt Еxplorer.lnk
                      2017-07-19 10:11 - 2017-07-19 10:11 - 00001433 ___RS C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Intеrnеt Exрlorеr (64-bit).lnk
                      2017-07-19 10:11 - 2017-07-19 10:11 - 00001255 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefох.lnk
                      2017-07-19 10:11 - 2017-07-19 10:11 - 00001181 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk
                      2017-07-19 10:11 - 2017-07-19 10:11 - 00000000 ____D C:\Program Files\P9QABSMQ36
                      2017-07-19 09:59 - 2017-07-19 17:45 - 00000008 __RSH C:\ProgramData\ntuser.pol
                      2017-07-19 09:48 - 2017-07-19 09:48 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
                      2017-07-17 14:39 - 2017-07-17 14:39 - 00000794 _____ C:\Users\Public\Desktop\Letasoft Sound Booster.lnk
                      2017-07-17 14:39 - 2017-07-17 14:39 - 00000037 ___SH C:\Users\Danijel\AppData\Local\20986331705021ca58e dc424.96250074
                      2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 __SHD C:\Users\Danijel\AppData\Local\icsxml
                      2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Letasoft
                      2017-07-17 14:39 - 2017-07-17 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Letasoft Sound Booster
                      2017-07-17 14:38 - 2017-07-17 14:38 - 07555024 _____ (Letasoft LLC ) C:\Users\Danijel\Downloads\SoundBoosterSetup.exe
                      2017-07-09 23:24 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
                      2017-07-09 23:24 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
                      2017-07-09 23:24 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
                      2017-07-09 23:24 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
                      2017-07-09 23:24 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
                      2017-07-09 23:24 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
                      2017-07-09 23:24 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
                      2017-07-09 23:24 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
                      2017-07-09 23:24 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
                      2017-07-09 23:24 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
                      2017-07-09 23:24 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
                      2017-07-09 23:24 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
                      2017-07-09 23:24 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
                      2017-07-09 23:24 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
                      2017-07-09 23:24 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
                      2017-07-09 23:24 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
                      2017-07-09 23:24 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
                      2017-07-09 23:24 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
                      2017-07-09 23:24 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
                      2017-07-09 23:24 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
                      2017-07-09 23:24 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
                      2017-07-09 23:24 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
                      2017-07-09 23:24 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
                      2017-07-09 23:24 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
                      2017-07-09 23:24 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
                      2017-07-09 23:24 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
                      2017-07-09 23:24 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
                      2017-07-09 23:24 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
                      2017-07-09 23:24 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
                      2017-07-09 23:24 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
                      2017-07-09 23:24 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
                      2017-07-09 23:24 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
                      2017-07-09 23:24 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
                      2017-07-09 23:24 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
                      2017-07-09 23:24 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
                      2017-07-09 23:24 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
                      2017-07-09 23:24 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
                      2017-07-09 23:24 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
                      2017-07-09 23:24 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
                      2017-07-09 23:24 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
                      2017-07-09 23:24 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
                      2017-07-09 23:24 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
                      2017-07-09 23:23 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
                      2017-07-09 23:23 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
                      2017-07-09 23:23 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
                      2017-07-09 23:23 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
                      2017-07-09 23:23 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
                      2017-07-09 23:23 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
                      2017-07-09 23:23 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
                      2017-07-09 23:23 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
                      2017-07-09 23:23 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
                      2017-07-09 23:23 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
                      2017-07-09 23:23 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
                      2017-07-09 23:23 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
                      2017-07-09 23:23 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
                      2017-07-09 23:23 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
                      2017-07-09 23:23 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
                      2017-07-09 23:23 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
                      2017-07-09 23:23 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
                      2017-07-09 23:23 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
                      2017-07-09 23:23 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
                      2017-07-09 23:23 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
                      2017-07-09 23:23 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
                      2017-07-09 23:23 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
                      2017-07-09 23:23 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
                      2017-07-09 23:23 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
                      2017-07-09 23:23 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
                      2017-07-09 23:23 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
                      2017-07-09 23:23 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
                      2017-07-09 23:23 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
                      2017-07-09 23:23 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
                      2017-07-09 23:23 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
                      2017-07-09 23:23 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
                      2017-07-09 23:23 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
                      2017-07-09 23:23 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
                      2017-07-09 23:23 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
                      2017-07-09 23:23 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
                      2017-07-09 23:23 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
                      2017-07-09 23:23 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
                      2017-07-09 23:23 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
                      2017-07-09 23:23 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
                      2017-07-09 23:23 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
                      2017-07-09 23:23 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
                      2017-07-09 23:23 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
                      2017-07-09 23:23 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
                      2017-07-09 23:23 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
                      2017-07-09 23:23 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
                      2017-07-09 23:23 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
                      2017-07-09 23:23 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
                      2017-07-09 23:23 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
                      2017-07-09 23:23 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
                      2017-07-09 23:23 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
                      2017-07-09 23:23 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
                      2017-07-09 23:23 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
                      2017-07-09 23:23 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
                      2017-07-09 23:23 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
                      2017-07-09 23:23 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
                      2017-07-09 23:23 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
                      2017-07-09 23:23 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
                      2017-07-09 23:23 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
                      2017-07-09 23:23 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
                      2017-07-09 23:23 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
                      2017-07-09 23:23 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
                      2017-07-09 23:23 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
                      2017-07-09 23:23 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
                      2017-07-09 23:23 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
                      2017-07-09 23:23 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
                      2017-07-09 23:23 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
                      2017-07-09 23:23 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
                      2017-07-09 23:23 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
                      2017-07-09 23:23 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
                      2017-07-09 23:23 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
                      2017-07-09 23:23 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
                      2017-07-09 23:23 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
                      2017-07-09 23:23 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
                      2017-07-09 23:23 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
                      2017-07-09 23:23 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
                      2017-07-09 23:23 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
                      2017-07-09 23:23 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
                      2017-07-09 23:23 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
                      2017-07-09 23:23 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
                      2017-07-09 23:23 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
                      2017-07-09 23:23 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
                      2017-07-09 23:23 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
                      2017-07-09 23:23 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
                      2017-07-09 23:23 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
                      2017-07-09 23:23 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
                      2017-07-09 23:23 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
                      2017-07-09 23:23 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
                      2017-07-09 23:23 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
                      2017-07-09 23:23 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
                      2017-07-09 23:23 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
                      2017-07-09 23:23 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
                      2017-07-09 23:23 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
                      2017-07-09 23:23 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
                      2017-07-09 23:23 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
                      2017-07-09 23:23 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
                      2017-07-09 23:23 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
                      2017-07-09 23:23 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
                      2017-07-09 23:23 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
                      2017-07-09 23:23 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
                      2017-07-09 23:23 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
                      2017-07-09 23:23 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
                      2017-07-09 23:23 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
                      2017-07-09 23:23 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
                      2017-07-09 23:23 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
                      2017-07-09 23:23 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
                      2017-07-09 23:23 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
                      2017-07-09 23:23 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
                      2017-07-09 23:23 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
                      2017-07-09 23:23 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
                      2017-07-09 23:23 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
                      2017-07-09 23:23 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
                      2017-07-09 23:23 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
                      2017-07-09 23:15 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
                      2017-07-09 23:15 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
                      2017-07-09 23:15 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
                      2017-07-09 22:27 - 2017-07-09 22:27 - 00000680 _____ C:\Users\Public\Desktop\Steam.lnk
                      2017-07-09 13:45 - 2017-07-23 13:44 - 00000000 ____D C:\Users\Danijel\Documents\slike tata more
                      2017-07-09 10:33 - 2017-07-24 21:34 - 00000000 ____D C:\Users\Danijel\Desktop\Barnjak primjenjena
                      2017-07-05 17:24 - 2017-07-20 01:24 - 00000000 ____D C:\Program Files (x86)\Overwolf
                      2017-07-05 17:24 - 2017-07-19 10:11 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Overwolf
                      2017-07-05 17:24 - 2017-07-05 17:26 - 00000000 ____D C:\ProgramData\Overwolf
                      2017-07-05 17:24 - 2017-07-05 17:24 - 00004304 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
                      2017-07-05 17:24 - 2017-07-05 17:24 - 00001081 ____H C:\Users\Public\Desktop\Overwolf.lnk
                      2017-07-05 17:23 - 2017-07-06 10:54 - 00000000 ____D C:\Users\Danijel\AppData\Local\Overwolf
                      2017-06-30 23:27 - 2017-07-24 17:59 - 00000000 ____D C:\Users\Danijel\Desktop\begić primjenjena
                      2017-06-25 19:41 - 2017-06-25 19:41 - 00316785 _____ C:\Users\Danijel\Documents(1) Zavrsni rad.pdf
                      2017-06-25 12:37 - 2017-06-25 12:37 - 00000000 ____D C:\Users\Danijel\Documents\Custom Office Templates

                      ==================== One Month Modified files and folders ========

                      (If an entry is included in the fixlist, the file/folder will be moved.)

                      2017-07-25 09:47 - 2016-12-04 20:44 - 00065536 _____ C:\Windows\system32\spu_storage.bin
                      2017-07-25 09:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
                      2017-07-25 09:47 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
                      2017-07-25 09:47 - 2009-07-14 06:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
                      2017-07-24 23:04 - 2017-06-02 18:33 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\discord
                      2017-07-24 17:38 - 2016-12-04 21:47 - 00000000 ____D C:\Users\Danijel\AppData\Local\cache
                      2017-07-24 11:58 - 2016-12-04 20:56 - 00000000 ____D C:\Users\Danijel\AppData\LocalLow\Mozilla
                      2017-07-24 11:57 - 2016-12-04 23:19 - 00000000 ____D C:\ProgramData\Oracle
                      2017-07-24 11:56 - 2017-02-07 00:59 - 00000000 ____D C:\Program Files\Java
                      2017-07-24 11:56 - 2016-12-04 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
                      2017-07-24 11:55 - 2017-02-07 00:59 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
                      2017-07-24 11:24 - 2016-12-04 19:42 - 00000000 ____D C:\Program Files\CCleaner
                      2017-07-23 19:56 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
                      2017-07-23 19:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
                      2017-07-19 20:40 - 2016-12-04 17:44 - 00000000 ____D C:\Users\Danijel
                      2017-07-19 18:01 - 2016-12-04 18:04 - 00000000 ____D C:\Users\Danijel\AppData\Local\Google
                      2017-07-19 17:51 - 2016-12-05 02:40 - 00000000 ____D C:\Windows\Panther
                      2017-07-19 10:11 - 2017-06-20 14:09 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps
                      2017-07-19 10:11 - 2016-12-04 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
                      2017-07-19 10:11 - 2016-12-04 19:03 - 00000000 ____D C:\ProgramData\Package Cache
                      2017-07-19 09:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
                      2017-07-19 09:48 - 2017-04-21 03:34 - 00546968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetSec.sys
                      2017-07-19 09:48 - 2017-04-21 03:32 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
                      2017-07-19 09:48 - 2017-04-21 03:32 - 00578048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
                      2017-07-19 09:48 - 2017-04-21 03:32 - 00353744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
                      2017-07-19 09:48 - 2017-04-21 03:32 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
                      2017-07-19 09:48 - 2017-04-21 03:32 - 00313616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
                      2017-07-19 09:48 - 2017-04-21 03:32 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
                      2017-07-19 09:48 - 2017-04-21 03:32 - 00191208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
                      2017-07-19 09:48 - 2017-04-21 03:32 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
                      2017-07-19 09:48 - 2017-04-21 03:32 - 00139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys.15004505 2449901
                      2017-07-19 09:48 - 2017-04-21 03:32 - 00139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys
                      2017-07-19 09:48 - 2017-04-21 03:32 - 00102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
                      2017-07-19 09:48 - 2017-04-21 03:32 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
                      2017-07-19 09:48 - 2017-04-21 03:32 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
                      2017-07-19 09:48 - 2017-04-21 03:32 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
                      2017-07-19 09:48 - 2017-04-21 03:32 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
                      2017-07-19 01:56 - 2016-12-04 22:00 - 00000000 ____D C:\Users\Danijel\AppData\Roaming\Skype
                      2017-07-17 08:25 - 2017-05-03 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
                      2017-07-17 08:25 - 2016-12-04 18:34 - 00001008 _____ C:\Users\Public\Desktop\AVG.lnk
                      2017-07-15 11:45 - 2016-12-04 19:09 - 00000000 ____D C:\Users\Danijel\AppData\Local\Battle.net
                      2017-07-13 00:24 - 2016-12-04 20:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
                      2017-07-11 20:02 - 2017-02-09 21:32 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
                      2017-07-11 20:02 - 2017-02-09 21:32 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
                      2017-07-11 20:02 - 2017-02-09 21:32 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
                      2017-07-11 20:02 - 2017-02-09 21:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
                      2017-07-11 20:02 - 2017-02-09 21:32 - 00000000 ____D C:\Windows\system32\Macromed
                      2017-07-11 10:47 - 2016-12-04 21:08 - 00000000 ____D C:\Users\Danijel\AppData\Local\Microsoft Help
                      2017-07-09 22:31 - 2016-12-04 23:18 - 00000000 ____D C:\Users\Danijel\AppData\Local\Steam
                      2017-07-09 22:27 - 2016-12-04 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
                      2017-07-09 09:19 - 2009-07-14 07:08 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
                      2017-07-06 10:54 - 2016-12-04 18:32 - 00000000 ____D C:\Users\Danijel\AppData\Local\Avg
                      2017-07-05 11:33 - 2017-04-21 03:32 - 00353232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys.14992472550 8804
                      2017-07-01 19:21 - 2016-12-04 22:00 - 00000000 ___RD C:\Program Files (x86)\Skype
                      2017-07-01 19:21 - 2016-12-04 22:00 - 00000000 ____D C:\ProgramData\Skype
                      2017-07-01 10:35 - 2016-12-04 20:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
                      2017-07-01 10:35 - 2016-12-04 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
                      2017-06-28 00:20 - 2016-12-04 18:05 - 00002195 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
                      2017-06-28 00:20 - 2016-12-04 18:05 - 00002183 ____H C:\Users\Public\Desktop\Google Chrome.lnk
                      2017-06-26 16:32 - 2016-12-04 17:44 - 00000000 ____D C:\Users\Danijel\AppData\Local\VirtualStore

                      ==================== Files in the root of some directories =======

                      2017-07-17 14:39 - 2017-07-17 14:39 - 0000037 ___SH () C:\Users\Danijel\AppData\Local\20986331705021ca58e dc424.96250074
                      2016-12-04 21:36 - 2016-12-04 21:36 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32. bc
                      2017-07-19 10:17 - 2017-07-19 10:17 - 0000004 _____ () C:\ProgramData_lg.3sap
                      [HEADING=1]Some files in TEMP:[/HEADING]
                      2017-07-19 10:11 - 2017-07-19 10:11 - 4021600 _____ (Easeware ) C:\Users\Danijel\AppData\Local\Temp\BC6C.tmp.exe
                      2017-07-24 11:12 - 2017-07-24 11:12 - 4043712 _____ (Geek Unіnstaller) C:\Users\Danijel\AppData\Local\Temp\geek64.exe
                      2017-07-24 11:54 - 2017-07-24 11:54 - 0739904 _____ (Oracle Corporation) C:\Users\Danijel\AppData\Local\Temp\jre-8u141-windows-au.exe
                      2017-07-19 10:11 - 2017-07-19 10:11 - 1199825 _____ () C:\Users\Danijel\AppData\Local\Temp\unins000.exe

                      ==================== Bamital & volsnap ======================

                      (There is no automatic fix for files that do not pass verification.)

                      C:\Windows\system32\winlogon.exe => File is digitally signed
                      C:\Windows\system32\wininit.exe => File is digitally signed
                      C:\Windows\SysWOW64\wininit.exe => File is digitally signed
                      C:\Windows\explorer.exe => File is digitally signed
                      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
                      C:\Windows\system32\svchost.exe => File is digitally signed
                      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
                      C:\Windows\system32\services.exe => File is digitally signed
                      C:\Windows\system32\User32.dll
                      [2010-11-21 05:24] - [2017-05-03 13:18] - 1008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

                      C:\Windows\SysWOW64\User32.dll
                      [2010-11-21 05:24] - [2017-05-03 13:18] - 0833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

                      C:\Windows\system32\userinit.exe => File is digitally signed
                      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
                      C:\Windows\system32\rpcss.dll => File is digitally signed
                      C:\Windows\system32\dnsapi.dll => File is digitally signed
                      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
                      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

                      LastRegBack: 2017-07-22 13:38

                      ==================== End of FRST.txt ============================

                      Addition
                      [HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
                      Ran by Danijel (25-07-2017 10:06:20)
                      Running from C:\Users\Danijel\Desktop
                      Windows 7 Ultimate Service Pack 1 (X64) (2016-12-04 15:44:19)
                      Boot Mode: Normal[/HEADING]
                      ==================== Accounts: =============================

                      Administrator (S-1-5-21-4218728406-1097614046-610063632-500 - Administrator - Disabled)
                      Danijel (S-1-5-21-4218728406-1097614046-610063632-1000 - Administrator - Enabled) => C:\Users\Danijel
                      Guest (S-1-5-21-4218728406-1097614046-610063632-501 - Limited - Disabled)
                      HomeGroupUser$ (S-1-5-21-4218728406-1097614046-610063632-1002 - Limited - Enabled)

                      ==================== Security Center ========================

                      (If an entry is included in the fixlist, it will be removed.)

                      AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
                      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                      AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
                      FW: AVG Antivirus (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

                      ==================== Installed Programs ======================

                      (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

                      Adobe Acrobat Reader DC - Croatian (HKLM-x32...{AC76BA86-7AD7-1050-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
                      Adobe Flash Player 26 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
                      AMD Install Manager (HKLM...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
                      AMD Quick Stream (HKLM...{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
                      AutoCAD 2013 - English (HKLM...{5783F2D7-B001-0000-0102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
                      AutoCAD 2013 - English (HKLM...{5783F2D7-B001-0409-2102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
                      AutoCAD 2013 - English (HKLM...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
                      AutoCAD 2013 Language Pack - English (HKLM...{5783F2D7-B001-0409-1102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden
                      Autodesk CAD Manager Tools (HKLM...{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk)
                      Autodesk Content Service (HKLM-x32...{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
                      Autodesk Content Service (HKLM-x32...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
                      Autodesk Content Service Language Pack (HKLM-x32...{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
                      Autodesk Material Library 2013 (HKLM-x32...{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
                      Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32...{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
                      Autodesk Network License Manager (HKLM...{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 1.0.0 - Autodesk)
                      Autodesk Sync (HKLM...{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
                      AVG (HKLM...{434FBA38-0562-4F98-9436-4B45C0C0EF0B}) (Version: 1.201.2 - AVG Technologies) Hidden
                      AVG Internet Security (HKLM-x32...\AVG Antivirus) (Version: 17.5.3022 - AVG Technologies)
                      Battle.net (HKLM-x32...\Battle.net) (Version: - Blizzard Entertainment)
                      Catalyst Control Center Next Localization BR (HKLM...{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization CHS (HKLM...{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization CHT (HKLM...{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization CS (HKLM...{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization DA (HKLM...{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization DE (HKLM...{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization EL (HKLM...{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization ES (HKLM...{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization FI (HKLM...{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization FR (HKLM...{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization HU (HKLM...{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization IT (HKLM...{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization JA (HKLM...{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization KO (HKLM...{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization NL (HKLM...{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization NO (HKLM...{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization PL (HKLM...{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization RU (HKLM...{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization SV (HKLM...{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization TH (HKLM...{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      Catalyst Control Center Next Localization TR (HKLM...{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
                      CCleaner (HKLM...\CCleaner) (Version: 5.32 - Piriform)
                      Counter-Strike: Global Offensive (HKLM...\Steam App 730) (Version: - Valve)
                      CPUID CPU-Z 1.78 (HKLM...\CPUID CPU-Z_is1) (Version: - )
                      D3DX10 (HKLM-x32...{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
                      Discord (HKU\S-1-5-21-4218728406-1097614046-610063632-1000...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
                      FMW 1 (HKLM...{8DF0D8D9-0C24-47EB-9738-376DD2705133}) (Version: 1.214.2 - AVG Technologies) Hidden
                      Galerija fotografija (HKLM-x32...{343C0612-37DC-4914-95A7-0845EE0C8F04}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
                      Google Chrome (HKLM-x32...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
                      Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
                      Hearthstone (HKLM-x32...\Hearthstone) (Version: - Blizzard Entertainment)
                      Java 8 Update 141 (64-bit) (HKLM...{26A24AE4-039D-4CA4-87B4-2F64180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
                      Junk Mail filter update (HKLM-x32...{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
                      League of Legends (HKLM-x32...{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
                      League of Legends (HKLM-x32...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
                      Letasoft Sound Booster 1.7.0.327 (HKLM-x32...{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1) (Version: 1.7.0.327 - Letasoft LLC)
                      Microsoft .NET Framework 4.5 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
                      Microsoft Office Professional Plus 2013 (HKLM...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
                      Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32...{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
                      Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
                      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
                      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM...{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
                      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
                      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
                      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
                      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
                      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32...{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
                      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32...{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
                      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
                      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32...{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
                      Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32...{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
                      Movie Maker (HKLM-x32...{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
                      Movie Maker (HKLM-x32...{57430A7B-EB42-41ED-88F8-ACB2DEDB8416}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
                      Movie Maker (HKLM-x32...{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
                      Mozilla Firefox 54.0.1 (x86 hr) (HKLM-x32...\Mozilla Firefox 54.0.1 (x86 hr)) (Version: 54.0.1 - Mozilla)
                      Mozilla Maintenance Service (HKLM-x32...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
                      Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM...{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
                      Overwolf (HKLM-x32...\Overwolf) (Version: 0.105.324.0 - Overwolf Ltd.)
                      PowerISO (HKLM-x32...\PowerISO) (Version: 6.7 - Power Software Ltd)
                      Raptr (HKLM-x32...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
                      Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
                      Skype™ 7.37 (HKLM-x32...{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
                      Speccy (HKLM...\Speccy) (Version: 1.30 - Piriform)
                      Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
                      Visual Studio 2012 x64 Redistributables (HKLM...{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
                      Visual Studio 2012 x86 Redistributables (HKLM-x32...{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
                      Windows Live Essentials (HKLM-x32...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
                      WinRAR 5.40 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

                      ==================== Custom CLSID (Whitelisted): ==========================

                      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                      CustomCLSID: HKU\S-1-5-21-4218728406-1097614046-610063632-1000_Classes\CLSID{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 → D:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
                      CustomCLSID: HKU\S-1-5-21-4218728406-1097614046-610063632-1000_Classes\CLSID{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 → D:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
                      CustomCLSID: HKU\S-1-5-21-4218728406-1097614046-610063632-1000_Classes\CLSID{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 → D:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)
                      ShellIconOverlayIdentifiers: [00avg] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
                      ContextMenuHandlers01: [AVG] → {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-19] (AVG Technologies CZ, s.r.o.)
                      ContextMenuHandlers01: [PowerISO] → {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
                      ContextMenuHandlers01: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
                      ContextMenuHandlers01: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => → No File
                      ContextMenuHandlers03: [00avg] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
                      ContextMenuHandlers04: [PowerISO] → {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
                      ContextMenuHandlers05: [ACE] → {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
                      ContextMenuHandlers06: [AVG] → {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-19] (AVG Technologies CZ, s.r.o.)
                      ContextMenuHandlers06: [PowerISO] → {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-10-02] (Power Software Ltd)
                      ContextMenuHandlers06: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
                      ContextMenuHandlers06: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => → No File

                      ==================== Scheduled Tasks (Whitelisted) =============

                      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                      Task: {0A08AE95-46D6-4ACC-83D1-F983ADDA4DC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.)
                      Task: {12355699-07AE-496F-BF09-6D77A71A4388} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-04] (Google Inc.)
                      Task: {16363D54-B2BA-42AE-9DBE-0FC4BF17F3E9} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-07-17] (Overwolf LTD)
                      Task: {1B4EC10B-0E01-4CBA-9DAA-90AE3B579BCD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-07-11] (Adobe Systems Incorporated)
                      Task: {2EE96BD6-4DCC-408F-9A83-9F5A3655899E} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
                      Task: {48700419-5FAA-42D5-A2D2-0DDE0432DCA9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
                      Task: {6FA4249C-39E2-4490-AF34-B6CD9EB6446C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
                      Task: {B4E1EE71-79CB-4F48-A2F3-A557AA523BC9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
                      Task: {DC148471-F277-4686-ABEB-4F2F8AC859EC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
                      Task: {E6FB26FA-2513-490F-9E6A-AE0C3B56AA2A} - System32\Tasks{95B59E6D-A533-40CF-B14D-A77BD97AA386} => C:\Windows\system32\pcalua.exe -a C:\Users\Danijel\Desktop\SH-Alt-Install.exe -d C:\Users\Danijel\Desktop
                      Task: {EE4EE5C5-F7C8-4F95-B9B9-05370A69FC5A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
                      Task: {F16F353B-7AC6-4A8D-8B76-D81C41BEFFA7} - {7A0A0A47-050D-7A7D-7911-7E7F0B78117E} → No File <==== ATTENTION
                      Task: {F5820781-96BB-4670-BE6D-E0F986C30578} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-07-19] (AVG Technologies CZ, s.r.o.)

                      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

                      ==================== Shortcuts & WMI ========================

                      (The entries could be listed to be restored or removed.)

                      Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Intеrnеt Exрlorеr (64-bit).lnk → C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat (No File) <==== Cyrillic
                      Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Intеrnеt Еxplorer.lnk → C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat (No File) <==== Cyrillic
                      Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Overwolf\Оvеrwоlf.lnk → C:\Users\Danijel\AppData\Roaming\Browsers\exe.rehc nualflowrevo.bat (No File) <==== Cyrillic
                      Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps\Сhrоmе Remоtе Desktoр.lnk → C:\Users\Danijel\AppData\Roaming\Browsers\exe.emor hc.bat (No File) <==== Cyrillic
                      Shortcut: C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Accessories\System Tools\Intеrnet Eхplоrеr (Nо Аdd-оns).lnk → C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat (No File) <==== Cyrillic
                      Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk → C:\Users\Danijel\AppData\Roaming\Browsers\exe.emor hc.bat (No File) <==== Cyrillic
                      Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firefох.lnk → C:\Users\Danijel\AppData\Roaming\Browsers\exe.xofe rif.bat (No File) <==== Cyrillic

                      ==================== Loaded Modules (Whitelisted) ==============

                      2015-08-04 01:25 - 2015-08-04 01:25 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceT uning.dll
                      2014-02-11 08:08 - 2014-02-11 08:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
                      2014-02-11 08:08 - 2014-02-11 08:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
                      2017-05-19 20:51 - 2017-05-19 20:51 - 00163152 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll
                      2017-07-05 11:33 - 2017-07-05 11:33 - 00832784 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll
                      2017-07-05 11:33 - 2017-07-05 11:33 - 00277416 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll
                      2012-10-01 21:36 - 2012-10-01 21:36 - 06522480 _____ () D:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
                      2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
                      2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcont rolsplugin.dll
                      2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugi n.dll
                      2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayout splugin.dll
                      2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
                      2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
                      2017-04-07 09:41 - 2017-04-07 09:41 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
                      2015-08-04 01:25 - 2015-08-04 01:25 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
                      2017-06-28 00:20 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libg lesv2.dll
                      2017-06-28 00:20 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libe gl.dll
                      2017-05-19 20:51 - 2017-05-19 20:51 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
                      2017-07-05 11:33 - 2017-07-05 11:33 - 00193784 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
                      2017-07-05 11:33 - 2017-07-05 11:33 - 00225376 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
                      2017-07-24 18:03 - 2017-07-24 18:03 - 05882720 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17072408\algo.dll
                      2017-07-05 11:33 - 2017-07-05 11:33 - 00690392 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
                      2017-07-05 11:33 - 2017-07-05 11:33 - 00232784 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
                      2016-12-04 18:33 - 2016-12-04 18:32 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
                      2017-07-19 09:48 - 2017-07-19 09:48 - 01067056 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
                      2017-07-05 11:33 - 2017-07-05 11:33 - 67109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll

                      ==================== Alternate Data Streams (Whitelisted) =========

                      (If an entry is included in the fixlist, only the ADS will be removed.)

                      ==================== Safe Mode (Whitelisted) ===================

                      (If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

                      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
                      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

                      ==================== Association (Whitelisted) ===============

                      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

                      HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Software\Classes.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe “%1”

                      ==================== Internet Explorer trusted/restricted ===============

                      (If an entry is included in the fixlist, it will be removed from the registry.)

                      ==================== Hosts content: ==========================

                      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

                      2009-07-14 04:34 - 2017-07-19 10:11 - 00001146 ____N C:\Windows\system32\Drivers\etc\hosts

                      127.0.0.1 cpm.paneladmin.pro
                      127.0.0.1 publisher.hmdiadmingate.xyz
                      127.0.0.1 distribution.hmdiadmingate.xyz
                      127.0.0.1 hmdicrewtracksystem.xyz
                      127.0.0.1 linkmate.space
                      127.0.0.1 space1.adminpressure.space
                      127.0.0.1 trackpressure.website
                      127.0.0.1 doctorlink.space
                      127.0.0.1 plugpackdownload.net
                      127.0.0.1 dscdn.pw
                      127.0.0.1 beautifllink.xyz

                      ==================== Other Areas ============================

                      (Currently there is no automatic fix for this section.)

                      HKU\S-1-5-21-4218728406-1097614046-610063632-1000\Control Panel\Desktop\Wallpaper →
                      DNS Servers: 192.168.5.1
                      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
                      Windows Firewall is enabled.

                      ==================== MSCONFIG/TASK MANAGER disabled items ==

                      MSCONFIG\startupreg: AppEx Accelerator UI => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
                      MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
                      MSCONFIG\startupreg: CyberGhost =>
                      MSCONFIG\startupreg: Discord => C:\Users\Danijel\AppData\Local\Discord\app-0.0.297\Discord.exe
                      MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe -overwolfsilent
                      MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
                      MSCONFIG\startupreg: Raptr => “C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe” --startup
                      MSCONFIG\startupreg: Skype => “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
                      MSCONFIG\startupreg: vProt => “C:\Program Files (x86)\AVG Web TuneUp\vprot.exe”

                      ==================== FirewallRules (Whitelisted) ===============

                      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                      FirewallRules: [{80BBF5AB-7E64-40FA-AC72-D6E9F026BBF6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
                      FirewallRules: [{88B03CA9-2668-49CA-A951-FE0E1902FDF9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
                      FirewallRules: [{747195D4-2B71-4983-B7A1-97FEC68ABD92}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
                      FirewallRules: [{31A6CE4B-9FA9-47D1-BF4F-5E9817E1A9EB}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
                      FirewallRules: [TCP Query User{A35F0587-01A1-495A-B268-B677CF6DDC2F}D:\hearthstone\hearthstone\hearthston e.exe] => (Allow) D:\hearthstone\hearthstone\hearthstone.exe
                      FirewallRules: [UDP Query User{5749FBDD-6CC7-491E-AAED-346C792B3138}D:\hearthstone\hearthstone\hearthston e.exe] => (Allow) D:\hearthstone\hearthstone\hearthstone.exe
                      FirewallRules: [{B296AC57-73D5-42CB-9F27-A2BCCD2125C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                      FirewallRules: [{B9CFEBCC-87E6-4322-B51B-2D75043538AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                      FirewallRules: [{D12DD792-C3F1-43BB-955C-F4E34140ED6E}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
                      FirewallRules: [{FE0F3F62-A2C5-4C97-BB73-E0A2FDB8EDB3}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
                      FirewallRules: [{6428DC99-9A63-43BE-A370-1D8448C2AD86}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
                      FirewallRules: [{904B9933-E9D2-4885-9A19-BCC397E7ACB5}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
                      FirewallRules: [{DAEFDF83-6C92-471A-A3D2-03741619AED0}] => (Allow) LPort=50248
                      FirewallRules: [{0220B71B-C8F5-42E9-824D-C83C1C37AF23}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
                      FirewallRules: [{151278D7-A505-4640-9DC3-1727B15B418B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
                      FirewallRules: [{41F14348-B9C9-4A02-922C-10E1325ED73C}] => (Allow) LPort=2869
                      FirewallRules: [{58C7F2B7-2237-4D45-A0F4-7DB6E01ED811}] => (Allow) LPort=1900
                      FirewallRules: [{78A7F068-67F3-484E-9FBE-F50E63318A48}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
                      FirewallRules: [{EFE6EDF6-3697-4DDA-BA9A-8947DF63B695}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
                      FirewallRules: [{F90E49E6-3185-4103-AFA0-E388273C07CD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
                      FirewallRules: [{543B5DF3-053D-4724-A13C-BBDFA4694328}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
                      FirewallRules: [TCP Query User{305A12D2-CCE1-49FD-BF0B-AB689B952E59}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
                      FirewallRules: [UDP Query User{EFE2CBBE-1947-4D2E-BE6C-670342793FAE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
                      FirewallRules: [{CE835C98-4463-4742-B309-0752EE8BC2ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
                      FirewallRules: [{B5CF7A95-4BB2-4366-B7BE-2DB74C18D488}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
                      FirewallRules: [{372E4352-65F5-497C-9066-C17C7E7814DB}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
                      FirewallRules: [{A2268372-99A1-4B27-89AB-44ED36583680}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
                      FirewallRules: [{8A24C7BF-822D-4F3F-B61D-D57B44DE4676}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
                      FirewallRules: [{9982CADC-E377-46FE-B9BC-3C0AD00AD355}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
                      FirewallRules: [{95B46E75-60B6-4CED-AAB8-C81972C46991}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

                      ==================== Restore Points =========================

                      24-07-2017 11:07:04 JRT Pre-Junkware Removal
                      24-07-2017 11:08:43 JRT Pre-Junkware Removal
                      24-07-2017 11:15:38 Removed FARO LS 1.1.406.58

                      ==================== Faulty Device Manager Devices =============

                      Name: Universal Serial Bus (USB) Controller
                      Description: Universal Serial Bus (USB) Controller
                      Class Guid:
                      Manufacturer:
                      Service:
                      Problem: : The drivers for this device are not installed. (Code 28)
                      Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

                      Name: SM Bus Controller
                      Description: SM Bus Controller
                      Class Guid:
                      Manufacturer:
                      Service:
                      Problem: : The drivers for this device are not installed. (Code 28)
                      Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

                      Name: ZAM Helper Driver
                      Description: ZAM Helper Driver
                      Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
                      Manufacturer:
                      Service: ZAM
                      Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
                      Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
                      Devices stay in this state if they have been prepared for removal.
                      After you remove the device, this error disappears.Remove the device, and this error should be resolved.

                      Name: ZAM Guard Driver
                      Description: ZAM Guard Driver
                      Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
                      Manufacturer:
                      Service: ZAM_Guard
                      Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
                      Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
                      Devices stay in this state if they have been prepared for removal.
                      After you remove the device, this error disappears.Remove the device, and this error should be resolved.

                      ==================== Event log errors: =========================
                      [HEADING=1]Application errors:[/HEADING]
                      Error: (07/25/2017 09:48:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
                      Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

                      Error: (07/25/2017 09:47:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
                      Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

                      Error: (07/25/2017 09:35:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
                      Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

                      Error: (07/25/2017 12:59:15 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
                      Description: Event-ID 0

                      Error: (07/24/2017 11:03:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
                      Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

                      Error: (07/24/2017 11:28:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
                      Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

                      Error: (07/24/2017 11:27:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
                      Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

                      Error: (07/24/2017 11:18:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
                      Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

                      Error: (07/24/2017 11:03:22 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
                      Description: Event-ID 0

                      Error: (07/24/2017 10:54:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
                      Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
                      [HEADING=1]System errors:[/HEADING]
                      Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
                      Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

                      Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
                      Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

                      Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
                      Description: The Autodesk Content Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

                      Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
                      Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

                      Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
                      Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

                      Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
                      Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

                      Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
                      Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

                      Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
                      Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

                      Error: (07/25/2017 09:47:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
                      Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

                      Error: (07/24/2017 11:02:20 PM) (Source: EventLog) (EventID: 6008) (User: )
                      Description: The previous system shutdown at 11:00:10 PM on ‎7/‎24/‎2017 was unexpected.

                      ==================== Memory info ===========================

                      Processor: AMD A10-6800K APU with Radeon™ HD Graphics
                      Percentage of memory in use: 49%
                      Total physical RAM: 7368.6 MB
                      Available physical RAM: 3699.75 MB
                      Total Virtual: 14735.4 MB
                      Available Virtual: 10734.77 MB

                      ==================== Drives ================================

                      Drive c: () (Fixed) (Total:146.39 GB) (Free:84.22 GB) NTFS
                      Drive d: () (Fixed) (Total:784.93 GB) (Free:750 GB) NTFS

                      ==================== MBR & Partition Table ==================

                      ================================================== ======
                      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CB97DB22)
                      Partition 1: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
                      Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
                      Partition 3: (Not Active) - (Size=784.9 GB) - (Type=07 NTFS)

                      ==================== End of Addition.txt ============================

                      ZHP
                      ~ ZHPDiag v2017.7.24.126 By Nicolas Coolman (2017/07/24)
                      ~ Run by Danijel (Administrator) (2017/07/25 10:23:19)
                      ~ Web: https://www.nicolascoolman.com
                      ~ Blog: https://nicolascoolman.eu/
                      ~ Facebook: ZHP
                      ~ Certificate ZHPDiag: Legal
                      ~ State version: Version OK
                      ~ Mode: Scan
                      ~ Report: C:\Users\Danijel\Desktop\ZHPDiag.txt
                      ~ Report: C:\Users\Danijel\AppData\Roaming\ZHP\ZHPDiag.txt
                      ~ UAC: Activate
                      ~ System startup: Normal (Normal boot)
                      Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) =>.Microsoft Corporation

                      —\ Internet Browsers (3) - 0s
                      ~ GCIE: Google Chrome v59.0.3071.115
                      ~ MFIE: Mozilla Firefox 54.0.1 (x86 hr)
                      ~ MSIE: Internet Explorer v8.0.7601.17514

                      —\ Windows Product Information (5) - 0s
                      Windows Server License Manager Script : OK
                      Windows ID Activation : OK
                      Windows Licence : OK
                      Windows Automatic Updates : OK
                      Windows Activation Technologies : OK

                      —\ Surveillance software (2) - 2s
                      ~ Adobe Flash Player 26 NPAPI (Surveillance)
                      ~ Adobe Acrobat Reader DC - Croatian (Surveillance)

                      —\ Information on the system (6) - 0s
                      ~ Operating System: AMD64 Family 21 Model 19 Stepping 1, AuthenticAMD
                      ~ Operating System: 64-bit
                      ~ Boot mode: Normal (Normal boot)
                      Total RAM: 7545.448 MB (50% free) : OK =>.RAM Value
                      System Restore: Activé (Enable)
                      System drive C: has 86 GB (57%) free of 149 GB : OK =>.Disk Space

                      —\ Connection to the system mode (3) - 0s
                      ~ Computer Name: DANIJEL-PC
                      ~ User Name: Danijel
                      ~ Logged in as Administrator

                      —\ Enumeration of the disk units (2) - 0s
                      ~ Drive C: has 86 GB free of 149 GB (System)
                      ~ Drive D: has 767 GB free of 803 GB

                      —\ State of the Windows Security Center (11) - 0s
                      [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
                      [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
                      [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
                      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoActiveDesktopChanges: Modified
                      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: OK
                      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
                      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
                      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
                      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
                      [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
                      [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

                      —\ Search Generic System Files (25) - 0s
                      [MD5.AC4C51EB24AA95B77F705AB159189E24] - 21/11/2010 - (.Microsoft Corporation - Windows Explorer.) – C:\Windows\Explorer.exe [2872320] =>.Microsoft Corporation
                      [MD5.DD81D91FF3B0763C392422865C9AC12E] - 14/07/2009 - (.Microsoft Corporation - Windows host process (Rundll32).) – C:\Windows\System32\rundll32.exe [45568] =>.Microsoft Corporation
                      [MD5.94355C28C1970635A31B3FE52EB7CEBA] - 14/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\Windows\System32\Wininit.exe [129024] =>.Microsoft Corporation
                      [MD5.F6C5302E1F4813D552F41A0AC82455E5] - 21/11/2010 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\Windows\System32\wininet.dll [1188864] =>.Microsoft Corporation
                      [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - 21/11/2010 - (.Microsoft Corporation - Windows Logon Application.) – C:\Windows\System32\Winlogon.exe [390656] =>.Microsoft Corporation
                      [MD5.067FA52BFB59A56110A12312EF9AF243] - 21/11/2010 - (.Microsoft Corporation - Software Licensing Library.) – C:\Windows\System32\sppcomapi.dll [232448] =>.Microsoft Corporation
                      [MD5.A52B6CC24063CC83C78C0E6F24DEEC01] - 21/11/2010 - (.Microsoft Corporation - DNS Client API DLL.) – C:\Windows\System32\dnsapi.dll [357888] =>.Microsoft Corporation
                      [MD5.59DF156711A76BCB993253EC6C9BBF41] - 21/11/2010 - (.Microsoft Corporation - DNS Client API DLL.) – C:\Windows\Syswow64\dnsapi.dll [270336] =>.Microsoft Corporation
                      [MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - 21/11/2010 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\Windows\System32\drivers\AFD.sys [499712] =>.Microsoft Corporation
                      [MD5.02062C0B390B7729EDC9E69C680A6F3C] - 14/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\Windows\System32\drivers\atapi.sys [24128] =>.Microsoft Windows®
                      [MD5.B8BD2BB284668C84865658C77574381A] - 14/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\Windows\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
                      [MD5.F036CE71586E93D94DAB220D7BDF4416] - 21/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\Windows\System32\drivers\Cdrom.sys [147456] =>.Microsoft Corporation
                      [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - 21/11/2010 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\Windows\System32\drivers\DfsC.sys [102400] =>.Microsoft Corporation
                      [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 21/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\Windows\System32\drivers\HDAudBus.sys [122368] =>.Microsoft Corporation
                      [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 14/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) – C:\Windows\System32\drivers\i8042prt.sys [105472] =>.Microsoft Corporation
                      [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 14/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) – C:\Windows\System32\drivers\IpNat.sys [116224] =>.Microsoft Corporation
                      [MD5.FAF015B07E3A2874A790A39B7D2C579F] - 21/11/2010 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\Windows\System32\drivers\MRxSmb.sys [158208] =>.Microsoft Corporation
                      [MD5.09594D1089C523423B32A4229263F068] - 21/11/2010 - (.Microsoft Corporation - MBT Transport driver.) – C:\Windows\System32\drivers\netBT.sys [261632] =>.Microsoft Corporation
                      [MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - 21/11/2010 - (.Microsoft Corporation - NT File System Driver.) – C:\Windows\System32\drivers\ntfs.sys [1659776] =>.Microsoft Windows®
                      [MD5.0086431C29C35BE1DBC43F52CC273887] - 14/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) – C:\Windows\System32\drivers\Parport.sys [97280] =>.Microsoft Corporation
                      [MD5.471815800AE33E6F1C32FB1B97C490CA] - 21/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\Windows\System32\drivers\Rasl2tp.sys [129536] =>.Microsoft Corporation
                      [MD5.1B6163C503398B23FF8B939C67747683] - 21/11/2010 - (.Microsoft Corporation - Microsoft RDP Device redirector.) – C:\Windows\System32\drivers\rdpdr.sys [165888] =>.Microsoft Corporation
                      [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 14/07/2009 - (.Microsoft Corporation - SMB Transport driver.) – C:\Windows\System32\drivers\smb.sys [93184] =>.Microsoft Corporation
                      [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - 21/11/2010 - (.Microsoft Corporation - TDI Translation Driver.) – C:\Windows\System32\drivers\tdx.sys [119296] =>.Microsoft Corporation
                      [MD5.0D08D2F3B3FF84E433346669B5E0F639] - 21/11/2010 - (.Microsoft Corporation - Volume Shadow Copy Driver.) – C:\Windows\System32\drivers\volsnap.sys [295808] =>.Microsoft Windows®

                      —\ Non Microsoft non disabled Windows Services (9) - 1s
                      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
                      O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\system32\atiesrxx.exe =>.AMD
                      O23 - Service: AMD FUEL Service (AMD FUEL Service) . (.Advanced Micro Devices, Inc. - AMD Fuel Service.) - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe =>.Advanced Micro Devices, Inc.
                      O23 - Service: Autodesk Content Service (Autodesk Content Service) . (.Autodesk, Inc. - Content Service.) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe =>.Autodesk, Inc.®
                      O23 - Service: AVG Antivirus (AVG Antivirus) . (.AVG Technologies CZ, s.r.o. - AVG Service.) - C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe =>.AVG Technologies CZ, s.r.o.®
                      O23 - Service: AVG Firewall Service (AVG Firewall) . (.AVG Technologies CZ, s.r.o. - AVG firewall service.) - C:\Program Files (x86)\AVG\Antivirus\afwServ.exe =>.AVG Technologies CZ, s.r.o.®
                      O23 - Service: AVG Service (avgsvc) . (.AVG Technologies CZ, s.r.o. - AVG Service Process.) - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe =>.AVG Technologies CZ, s.r.o.®
                      O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
                      O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®

                      —\ Services not Microsoft (SR=Run, SS=Stop) (17) - 17s
                      SR - Auto [25/04/2017] [ 83056] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
                      SS - Demand [11/07/2017] [ 272384] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe =>.Adobe Systems Incorporated®
                      SR - Auto [26/02/2016] [ 249344] (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe =>.AMD
                      SR - Auto [04/08/2015] [ 344064] AMD FUEL Service (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe =>.Advanced Micro Devices, Inc.
                      SR - Auto [31/01/2012] [ 19232] Autodesk Content Service (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe =>.Autodesk, Inc.®
                      SR - Auto [19/07/2017] [ 264432] AVG Antivirus (AVG Antivirus) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe =>.AVG Technologies CZ, s.r.o.®
                      SR - Auto [19/07/2017] [ 312712] AVG Firewall Service (AVG Firewall) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\Antivirus\afwServ.exe =>.AVG Technologies CZ, s.r.o.®
                      SR - Demand [19/07/2017] [ 7481648] avgbIDSAgent (avgbIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe =>.AVG Technologies CZ, s.r.o.®
                      SR - Auto [03/07/2017] [ 1428656] AVG Service (avgsvc) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe =>.AVG Technologies CZ, s.r.o.®
                      SS - Demand [04/12/2016] [ 1432400] FLEXnet Licensing Service 64 (FLEXnet Licensing Service 64) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe =>.Flexera Software, Inc. ®
                      SS - Auto [04/12/2016] [ 153752] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
                      SS - Demand [04/12/2016] [ 153752] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
                      SS - Demand [30/06/2017] [ 175560] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
                      SS - Demand [17/07/2017] [ 1450824] Overwolf Updater Windows SCM (OverwolfUpdater) . (.Overwolf LTD.) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe =>.Overwolf Ltd®
                      SS - Auto [05/04/2017] [ 317400] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
                      SS - Demand [05/04/2017] [ 317400] Letasoft Sound Booster Service (SoundBoosterService) . (.Letasoft.) - D:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe =>.Letasoft LLC®
                      SS - Demand [05/04/2017] [ 317400] Steam Client Service (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe =>.Valve®

                      —\ Task Planned Automatically (17) - 9s
                      [MD5.AFC094098B6D856151002051E31867D8] [APT] [Adobe Acrobat Update Task] (.Adobe Systems Incorporated.) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1162360] (.Activate.) =>.Adobe Systems, Incorporated®
                      [MD5.0DC99843E91A0313F0C6591656D650A5] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) – C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [272384] (.Activate.) =>.Adobe Systems Incorporated®
                      [MD5.687A7236E1CCC350F72A37A00E37E35F] [APT] [Antivirus Emergency Update] (.AVG Technologies CZ, s.r.o..) – C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2368848] (.Activate.) =>.AVG Technologies CZ, s.r.o.®
                      [MD5.68DDCB629A7F2C5A3D2392F8177A3CD0] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) – C:\Program Files\CCleaner\CCleaner.exe [7658200] (.Activate.) =>.Piriform Ltd®
                      [MD5.A8FD9222E4D72596BB37DA8BE95C0BA4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752] (.Activate.) =>.Google Inc®
                      [MD5.A8FD9222E4D72596BB37DA8BE95C0BA4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752] (.Activate.) =>.Google Inc®
                      [MD5.3B74DB846DD237B2CEDEC38DAAB2AB91] [APT] [Overwolf Updater Task] (.Overwolf LTD.) – C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824] (.Activate.) =>.Overwolf Ltd®
                      [MD5.00000000000000000000000000000000] [APT] [{95B59E6D-A533-40CF-B14D-A77BD97AA386}] (…) – C:\Users\Danijel\Desktop\SH-Alt-Install.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
                      O39 - APT: Adobe Acrobat Update Task - (.Adobe Systems Incorporated.) – C:\Windows\System32\Tasks\Adobe Acrobat Update Task [4476] =>.Adobe Systems, Incorporated®
                      O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) – C:\Windows\System32\Tasks\Adobe Flash Player Updater [4312] =>.Adobe Systems Incorporated®
                      O39 - APT: Antivirus Emergency Update - (.AVG Technologies CZ, s.r.o..) – C:\Windows\System32\Tasks\Antivirus Emergency Update [3920] =>.AVG Technologies CZ, s.r.o.®
                      O39 - APT: AVG EUpdate Task - (…) – C:\Windows\System32\Tasks\AVG EUpdate Task [3600] (.Orphan.) =>.Superfluous.Orphan
                      O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) – C:\Windows\System32\Tasks\CCleanerSkipUAC [2798] =>.Piriform Ltd®
                      O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) – C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore [3202] =>.Google Inc®
                      O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) – C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A [3330] =>.Google Inc®
                      O39 - APT: Overwolf Updater Task - (.Overwolf LTD.) – C:\Windows\System32\Tasks\Overwolf Updater Task [4304] =>.Overwolf Ltd®
                      O39 - APT: {95B59E6D-A533-40CF-B14D-A77BD97AA386} - (…) – C:\Windows\System32\Tasks{95B59E6D-A533-40CF-B14D-A77BD97AA386} [3144] (.Orphan.) =>.Superfluous.Orphan

                      —\ Auto loading programs from Registry and folders (14) - 0s
                      O4 - HKLM..\Run: [StartCN] . (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) – C:\Program Files\AMD\CNext\CNext\cnext.exe =>.Advanced Micro Devices, Inc.®
                      O4 - HKLM..\Run: [AvgUi] . (.AVG Technologies CZ, s.r.o. - AVG Ui (Re)Starter.) – C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe =>.AVG Technologies CZ, s.r.o.®
                      O4 - HKLM..\Run: [AVGUI.exe] . (.AVG Technologies CZ, s.r.o. - AvLaunch component.) – C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe =>.AVG Technologies CZ, s.r.o.®
                      O4 - HKCU..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) – C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
                      O4 - HKCU..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
                      O4 - HKLM..\Wow6432Node\Run: [AvgUi] . (.AVG Technologies CZ, s.r.o. - AVG Ui (Re)Starter.) – C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe =>.AVG Technologies CZ, s.r.o.®
                      O4 - HKLM..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) – C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc.®
                      O4 - HKLM..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) – C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle America, Inc.®
                      O4 - HKUS\S-1-5-19..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) – C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
                      O4 - HKUS\S-1-5-20..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) – C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
                      O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
                      O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
                      O4 - HKUS\S-1-5-21-4218728406-1097614046-610063632-1000..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Sticky Notes.) – C:\Windows\System32\StikyNot.exe =>.Microsoft Corporation
                      O4 - HKUS\S-1-5-21-4218728406-1097614046-610063632-1000..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®

                      —\ Process running (31) - 1s
                      [MD5.00000000000000000000000000000000] - (.AMD - AMD External Events Service Module.) – C:\Windows\system32\atiesrxx.exe [0] [PID.280] =>.AMD
                      [MD5.00000000000000000000000000000000] - (.AMD - AMD External Events Client Module.) – C:\Windows\system32\atieclxx.exe [0] [PID.1268] =>.AMD
                      [MD5.A10ED61B447D77BC5B36FD13BF425985] - (.AVG Technologies CZ, s.r.o. - AVG Service.) – C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432] [PID.1400] =>.AVG Technologies CZ, s.r.o.®
                      [MD5.74B5E5DBE765B6FFBC387DAC5FD4D0B6] - (.AVG Technologies CZ, s.r.o. - AVG firewall service.) – C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [312712] [PID.1808] =>.AVG Technologies CZ, s.r.o.®
                      [MD5.8D6BA8E7676038A27FD4ECF12CC744B0] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83056] [PID.2040] =>.Adobe Systems, Incorporated®
                      [MD5.B12D8F8A42080B955D027EE56F5BD1C3] - (.Advanced Micro Devices, Inc. - AMD Fuel Service.) – C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064] [PID.1288] =>.Advanced Micro Devices, Inc.
                      [MD5.F431DC5D94F4B2FDBC927655D8A9B10E] - (.Autodesk, Inc. - Content Service.) – C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232] [PID.1440] =>.Autodesk, Inc.®
                      [MD5.695CB51819A087F736EE3E3E58544417] - (.AVG Technologies CZ, s.r.o. - AVG Service Process.) – C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656] [PID.1784] =>.AVG Technologies CZ, s.r.o.®
                      [MD5.357CABBF155AFD1D3926E62539D2A3A7] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480] [PID.2152] =>.Microsoft Corporation®
                      [MD5.D790CAFEFF0291D0AF8C76F5A1EE2E4E] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE [223488] [PID.2368] =>.Microsoft Corporation®
                      [MD5.647C49CC0660476A5B482258AE922EB4] - (.AVG Technologies CZ, s.r.o. - AVG Software Analyzer.) – C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648] [PID.3436] =>.AVG Technologies CZ, s.r.o.®
                      [MD5.739D7E0025F5CE97309695D3081E3823] - (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) – C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664] [PID.4028] =>.Advanced Micro Devices, Inc.®
                      [MD5.6AC17068F3624102655071436496B501] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) – C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1800712] [PID.4072] =>.AVG Technologies CZ, s.r.o.®
                      [MD5.785CA75FBF99C8D12773B54F51FB2F85] - (.AVG Technologies CZ, s.r.o. - AVG Antivirus.) – C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe [9271528] [PID.3116] =>.AVG Technologies CZ, s.r.o.®
                      [MD5.DC6BA48F7007ED842799F51BF2502EFE] - (.Oracle Corporation - Java Update Scheduler.) – C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288] [PID.3680] =>.Oracle America, Inc.®
                      [MD5.13D47B1FCE71DE8B8B95F6AFC3166852] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) – C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe [307400] [PID.3612] =>.Advanced Micro Devices, Inc.®
                      [MD5.24AFAD9B4B24FD1D4BF7127A2DC78D92] - (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner64.exe [9818328] [PID.3804] =>.Piriform Ltd®
                      [MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.4120] =>.Google Inc®
                      [MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.4140] =>.Google Inc®
                      [MD5.942E02374F3AE65175EF6FAC30C9246E] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) – C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe [307912] [PID.4172] =>.Advanced Micro Devices, Inc.®
                      [MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.4196] =>.Google Inc®
                      [MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.212] =>.Google Inc®
                      [MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.4512] =>.Google Inc®
                      [MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.3648] =>.Google Inc®
                      [MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.5016] =>.Google Inc®
                      [MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.3028] =>.Google Inc®
                      [MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.4616] =>.Google Inc®
                      [MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.3080] =>.Google Inc®
                      [MD5.23DF6CB5212E1930463A9659F2E65B6B] - (.Farbar - Farbar Recovery Scan Tool.) – C:\Users\Danijel\Desktop\FRST64.exe [2382336] [PID.4464] =>.Farbar
                      [MD5.D2919BAFD62948532F23B8E9A317D188] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\Danijel\Desktop\ZHPDiag3.exe [2790784] [PID.5992] =>.Nicolas Coolman
                      [MD5.D387A06CD4BF5FCC1B50C3882F41A44E] - (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912] [PID.1192] =>.Google Inc®

                      —\ Google Chrome, Start,Search,Extensions (8) - 0s
                      G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] http://drive.google.com/ =>.Google Inc. {Drive}
                      G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] http://www.youtube.com =>.Youtube {Youtube}
                      G2 - GCE: Preference [User Data\Default] [fimkgcpmlbkeehbjhnijoginofbdgbdk] http://atavi.com/ =>.Atavi
                      G2 - GCE: Preference [User Data\Default] [gighmmpiobklfepjocnamgkkbiglidom] Michael Gundlach =>.Wladimir Palant {AdBlock}
                      G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] =>.Google Inc. {Wallet}
                      G2 - GCE: Preference [User Data\Default] [pdoebgohinaejdpncadbahijijgoffke] 9gag Night Mode
                      G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] http://mail.google.com/ =>.Google Inc. {Gmail}
                      G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

                      —\ Mozilla Firefox,Plugins,Start,Search,Extensions (8) - 1s
                      P2 - EXT FILE: (.Microsoft Corporation - The plugin allows you to have a better expe.) – C:\Program Files (x86)\Mozilla Firefox\Plugins\npMeetingJoinPluginOC.dll =>.Microsoft Corporation®
                      P2 - EXT FILE: (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape.) – C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll =>.Adobe Systems, Incorporated®
                      P2 - EXT FILE: (.Mozilla Corporation.) – C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi =>.Mozilla Corporation
                      P2 - EXT FILE: (.Mozilla Corporation.) – C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi =>.Mozilla Corporation
                      P2 - EXT FILE: (.Mozilla Corporation.) – C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi =>.Mozilla Corporation
                      P2 - EXT FILE: (.Mozilla Corporation.) – C:\Program Files (x86)\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi =>.Mozilla Corporation
                      P2 - EXT FILE: (.Mozilla Corporation.) – C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi =>.Mozilla Corporation
                      P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) – C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_ 137.dll =>.Adobe Systems Incorporated

                      —\ Internet Explorer Extensions, Start, Search (17) - 0s
                      R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com =>.Google Inc.
                      R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
                      R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
                      R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
                      R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
                      R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                      R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
                      R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
                      R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                      R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
                      R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
                      R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
                      R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                      R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
                      R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
                      R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
                      R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

                      —\ Internet Explorer, Proxy Management (5) - 0s
                      R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
                      R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
                      R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
                      R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigProxy = wininet.dll
                      R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies =>.Microsoft

                      —\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
                      F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
                      F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
                      F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerfo rmance.exe (.Microsoft Corporation.) =>.Microsoft Corporation

                      —\ Hosts file redirection (1) - 0s
                      ~ Le fichier hôte est sain (The hosts file is clean) (31)

                      —\ Browser Helper Object (BHO) (7) - 0s
                      O2 - BHO: Lync Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) – C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll =>.Microsoft Corporation®
                      O2 - BHO: AMD SteadyVideo BHO [64Bits] - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} (.Orphan.)
                      O2 - BHO: Java™ Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (.Orphan.)
                      O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) – C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll =>.Microsoft Corporation®
                      O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) – C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL =>.Microsoft Corporation®
                      O2 - BHO: Microsoft SkyDrive Pro Browser Helper [64Bits] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) – C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
                      O2 - BHO: Java™ Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} (.Orphan.)

                      —\ Global shortcuts Startup (108) - 6s
                      O4 - GS\Desktop [Administrator]: chrome - Shortcut.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                      O4 - GS\Desktop [Administrator]: Discord.lnk . (.GitHub - Update.) C:\Users\Danijel\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
                      O4 - GS\Desktop [Administrator]: My Documents.lnk . (…) C:\Users\Danijel\Documents
                      O4 - GS\Desktop [Administrator]: Windows 7 USB DVD Download Tool.lnk . (.Microsoft Corporation - Microsoft Store ISO Backup Tool.) C:\Users\Danijel\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe =>.Microsoft Corporation®
                      O4 - GS\Desktop [Administrator]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation®
                      O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Danijel\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                      O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                      O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                      O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
                      O4 - GS\sendTo [Administrator]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
                      O4 - GS\TaskBar [Administrator]: chrome - Shortcut.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                      O4 - GS\TaskBar [Administrator]: League of Legends.lnk . (.Copyright (C) 2016 - League of Legends.) D:\Riot Games\LeagueClient.exe =>.Riot Games, Inc.®
                      O4 - GS\TaskBar [Administrator]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
                      O4 - GS\Programs [Administrator]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                      O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                      O4 - GS\Programs [Administrator]: Intеrnеt Exрlorеr (64-bit).lnk . (…) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat
                      O4 - GS\Programs [Administrator]: Intеrnеt Еxplorer.lnk . (…) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat
                      O4 - GS\Desktop [Danijel]: chrome - Shortcut.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                      O4 - GS\Desktop [Danijel]: Discord.lnk . (.GitHub - Update.) C:\Users\Danijel\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
                      O4 - GS\Desktop [Danijel]: My Documents.lnk . (…) C:\Users\Danijel\Documents
                      O4 - GS\Desktop [Danijel]: Windows 7 USB DVD Download Tool.lnk . (.Microsoft Corporation - Microsoft Store ISO Backup Tool.) C:\Users\Danijel\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe =>.Microsoft Corporation®
                      O4 - GS\Desktop [Danijel]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation®
                      O4 - GS\Desktop [Danijel]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Danijel\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                      O4 - GS\Quicklaunch [Danijel]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                      O4 - GS\Quicklaunch [Danijel]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                      O4 - GS\sendTo [Danijel]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
                      O4 - GS\sendTo [Danijel]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
                      O4 - GS\TaskBar [Danijel]: chrome - Shortcut.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                      O4 - GS\TaskBar [Danijel]: League of Legends.lnk . (.Copyright (C) 2016 - League of Legends.) D:\Riot Games\LeagueClient.exe =>.Riot Games, Inc.®
                      O4 - GS\TaskBar [Danijel]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
                      O4 - GS\Programs [Danijel]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                      O4 - GS\Programs [Danijel]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                      O4 - GS\Programs [Danijel]: Intеrnеt Exрlorеr (64-bit).lnk . (…) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat
                      O4 - GS\Programs [Danijel]: Intеrnеt Еxplorer.lnk . (…) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat
                      O4 - GS\Desktop [Guest]: chrome - Shortcut.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                      O4 - GS\Desktop [Guest]: Discord.lnk . (.GitHub - Update.) C:\Users\Danijel\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
                      O4 - GS\Desktop [Guest]: My Documents.lnk . (…) C:\Users\Danijel\Documents
                      O4 - GS\Desktop [Guest]: Windows 7 USB DVD Download Tool.lnk . (.Microsoft Corporation - Microsoft Store ISO Backup Tool.) C:\Users\Danijel\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe =>.Microsoft Corporation®
                      O4 - GS\Desktop [Guest]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation®
                      O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Danijel\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
                      O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                      O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                      O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
                      O4 - GS\sendTo [Guest]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
                      O4 - GS\TaskBar [Guest]: chrome - Shortcut.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                      O4 - GS\TaskBar [Guest]: League of Legends.lnk . (.Copyright (C) 2016 - League of Legends.) D:\Riot Games\LeagueClient.exe =>.Riot Games, Inc.®
                      O4 - GS\TaskBar [Guest]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
                      O4 - GS\Programs [Guest]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                      O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                      O4 - GS\Programs [Guest]: Intеrnеt Exрlorеr (64-bit).lnk . (…) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat
                      O4 - GS\Programs [Guest]: Intеrnеt Еxplorer.lnk . (…) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat
                      O4 - GS\CommonDesktop [Public]: AutoCAD 2013 - English.lnk . (.Autodesk, Inc. - AutoCAD Application.) D:\Program Files\Autodesk\AutoCAD 2013\acad.exe /product ACAD /language “en-US” =>.Autodesk, Inc®
                      O4 - GS\CommonDesktop [Public]: AVG.lnk . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe /avg.open_ui =>.AVG Technologies CZ, s.r.o.®
                      O4 - GS\CommonDesktop [Public]: Battle.net.lnk . (.Blizzard Entertainment - Blizzard App Launcher.) D:\Blizzard\Battle.net\Battle.net Launcher.exe =>.Blizzard Entertainment, Inc.®
                      O4 - GS\CommonDesktop [Public]: CPUID CPU-Z.lnk . (.CPUID - CPU-Z Application.) C:\Program Files\CPUID\CPU-Z\cpuz.exe =>.CPUID®
                      O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                      O4 - GS\CommonDesktop [Public]: League of Legends.lnk . (.Copyright (C) 2016 - League of Legends.) D:\Riot Games\LeagueClient.exe =>.Riot Games, Inc.®
                      O4 - GS\CommonDesktop [Public]: Letasoft Sound Booster.lnk . (.Letasoft - Sound Booster Application.) D:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe =>.Letasoft LLC®
                      O4 - GS\CommonDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                      O4 - GS\CommonDesktop [Public]: Overwolf.lnk . (.Copyright Overwolf © 2017 - Overwolf Launcher.) C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe =>.Overwolf Ltd®
                      O4 - GS\CommonDesktop [Public]: Skype.lnk . (…) C:\Windows\Installer{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe =>.Skype Technologies
                      O4 - GS\CommonDesktop [Public]: Speccy.lnk . (.Piriform Ltd - Speccy.) C:\Program Files\Speccy\Speccy64.exe =>.Piriform Ltd®
                      O4 - GS\CommonDesktop [Public]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) D:\Program Files (x86)\Steam\Steam.exe =>.Valve®
                      O4 - GS\Programs [Public]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                      O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                      O4 - GS\Programs [Public]: Intеrnеt Exрlorеr (64-bit).lnk . (…) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat
                      O4 - GS\Programs [Public]: Intеrnеt Еxplorer.lnk . (…) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat
                      O4 - GS\Accessories [Public]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) C:\Windows\system32\cmd.exe =>.Microsoft Corporation
                      O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\system32\notepad.exe =>.Microsoft Corporation
                      O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
                      O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
                      O4 - GS\SystemTools [Public]: Intеrnet Eхplоrеr (Nо Аdd-оns).lnk . (…) C:\Users\Danijel\AppData\Roaming\Browsers\exe.erol pxei.bat
                      O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\Windows\system32\eudcedit.exe =>.Microsoft Corporation
                      O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\system32\calc.exe =>.Microsoft Corporation
                      O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) C:\Windows\system32\displayswitch.exe =>.Microsoft Corporation
                      O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - Math Input Panel Accessory.) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
                      O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\Windows\system32\mblctr.exe /open =>.Microsoft Corporation
                      O4 - GS\Accessories [Public]: NetworkProjection.lnk . (.Microsoft Corporation - Connect to a Network Projector.) C:\Windows\system32\NetProj.exe =>.Microsoft Corporation
                      O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\Windows\system32\mspaint.exe =>.Microsoft Corporation
                      O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\Windows\system32\mstsc.exe =>.Microsoft Corporation
                      O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
                      O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\Windows\system32\SoundRecorder.exe =>.Microsoft Corporation
                      O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) C:\Windows\system32\StikyNot.exe =>.Microsoft Corporation
                      O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\Windows\System32\mobsync.exe =>.Microsoft Corporation
                      O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\Windows\system32\rundll32.exe =>..Microsoft Corporation
                      O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
                      O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\Windows\system32\charmap.exe =>.Microsoft Corporation
                      O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\Windows\system32\dfrgui.exe =>.Microsoft Corporation
                      O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\Windows\system32\cleanmgr.exe =>.Microsoft Corporation
                      O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) C:\Windows\system32\perfmon.exe /res =>.Microsoft Corporation
                      O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\Windows\system32\msinfo32.exe =>.Microsoft Corporation
                      O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\Windows\system32\rstrui.exe =>.Microsoft Corporation
                      O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (…) C:\Windows\system32\taskschd.msc /s =>..Microsoft Corporation
                      O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) C:\Windows\system32\migwiz\postmig.exe =>.Microsoft Corporation
                      O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) C:\Windows\system32\migwiz\migwiz.exe =>.Microsoft Corporation
                      O4 - GS\ProgramsCommon [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.) C:\Windows\Installer{AC76BA86-7AD7-1050-7B44-AC0F074E4100}\SC_Reader.ico =>.Flexera Software LLC
                      O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                      O4 - GS\ProgramsCommon [Public]: Gоogle Chrоme.lnk . (…) C:\Users\Danijel\AppData\Roaming\Browsers\exe.emor hc.bat
                      O4 - GS\ProgramsCommon [Public]: Media Center.lnk . (.Microsoft Corporation - Windows Media Center.) C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
                      O4 - GS\ProgramsCommon [Public]: Movie Maker.lnk . (.Microsoft Corporation - Movie Maker.) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe =>.Microsoft Corporation®
                      O4 - GS\ProgramsCommon [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                      O4 - GS\ProgramsCommon [Public]: Photo Gallery.lnk . (.Microsoft Corporation - Photo Gallery.) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe =>.Microsoft Corporation®
                      O4 - GS\ProgramsCommon [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) C:\Program Files (x86)\Windows Sidebar\sidebar.exe /showgadgets =>.Microsoft Corporation
                      O4 - GS\ProgramsCommon [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\DVD Maker\DVDMaker.exe =>.Microsoft Corporation
                      O4 - GS\ProgramsCommon [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
                      O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
                      O4 - GS\ProgramsCommon [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\Windows\system32\xpsrchvw.exe =>.Microsoft Corporation
                      O4 - GS\ProgramsCommon [Public]: Мozillа Firefох.lnk . (…) C:\Users\Danijel\AppData\Roaming\Browsers\exe.xofe rif.bat

                      —\ Lop.com/Domain Hijackers (3) - 0s
                      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1 =>.Local IP Adress
                      O17 - HKLM\System\CCS\Services\Tcpip..{75F1234D-0A07-4D4B-A460-26BBEB6B3DED}: DhcpNameServer = 192.168.42.129 =>.Local IP Adress
                      O17 - HKLM\System\CCS\Services\Tcpip..{E6CF4FE9-D2BF-417A-897E-ABA93DF3BD10}: DhcpNameServer = 192.168.5.1 =>.Local IP Adress

                      —\ Extra protocols (28) - 1s
                      O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                      O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                      O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
                      O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                      O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                      O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                      O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                      O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
                      O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                      O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                      O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                      O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
                      O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                      O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
                      O18 - Handler: osf [64Bits] - {D924BDC6-C83A-4BD5-90D0-095128A113D1} . (.Microsoft Corporation - Microsoft Office 2013 component.) – C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL =>.Microsoft Corporation®
                      O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                      O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
                      O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
                      O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) – C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation®
                      O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) – C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation®
                      O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
                      O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
                      O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
                      O18 - Filter: deflate [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                      O18 - Filter: gzip [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
                      O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) – C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL =>.Microsoft Corporation®
                      O18 - Filter: video/mp4 [64Bits] - {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices - MIME Video Detector for IE.) – C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll =>.Advanced Micro Devices, Inc.®
                      O18 - Filter: video/x-flv [64Bits] - {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices - MIME Video Detector for IE.) – C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll =>.Advanced Micro Devices, Inc.®

                      —\ Software installed (66) - 6s
                      O42 - Logiciel: Adobe Acrobat Reader DC - Croatian - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AC76BA86-7AD7-1050-7B44-AC0F074E4100} =>.Adobe Systems Incorporated
                      O42 - Logiciel: Adobe Flash Player 26 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
                      O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AC76BA86-0804-1033-1959-001824225037} =>.Adobe Systems Incorporated
                      O42 - Logiciel: AMD Quick Stream - (.AppEx Networks.) [HKLM][64Bits] – {E9EED4AE-682B-4501-9574-D09A21717599}_is1 =>.AppEx Networks
                      O42 - Logiciel: AMD Steady Video Plug-In - (.AMD.) [HKLM][64Bits] – {94BFDEF9-D91D-4B5D-8A60-08514C7191AF} =>.AMD
                      O42 - Logiciel: AutoCAD 2013 - English - (.Autodesk.) [HKLM][64Bits] – {5783F2D7-B001-0000-0102-0060B0CE6BBA} =>.Autodesk, Inc®
                      O42 - Logiciel: AutoCAD 2013 - English - (.Autodesk.) [HKLM][64Bits] – {5783F2D7-B001-0409-2102-0060B0CE6BBA} =>.Autodesk
                      O42 - Logiciel: AutoCAD 2013 - English - (.Autodesk.) [HKLM][64Bits] – AutoCAD 2013 - English =>.Autodesk, Inc®
                      O42 - Logiciel: AutoCAD 2013 Language Pack - English - (.Autodesk.) [HKLM][64Bits] – {5783F2D7-B001-0409-1102-0060B0CE6BBA} =>.Autodesk
                      O42 - Logiciel: Autodesk CAD Manager Tools - (.Autodesk.) [HKLM][64Bits] – {5783F2D7-0111-0409-0110-0060B0CE6BBA} =>.Autodesk
                      O42 - Logiciel: Autodesk Content Service - (.Autodesk.) [HKLM][64Bits] – {62F029AB-85F2-0000-866A-9FC0DD99DDBC} =>.Autodesk
                      O42 - Logiciel: Autodesk Content Service - (.Autodesk.) [HKLM][64Bits] – Autodesk Content Service =>.Autodesk, Inc®
                      O42 - Logiciel: Autodesk Content Service Language Pack - (.Autodesk.) [HKLM][64Bits] – {62F029AB-85F2-0001-866A-9FC0DD99DDBC} =>.Autodesk
                      O42 - Logiciel: Autodesk Material Library 2013 - (.Autodesk.) [HKLM][64Bits] – {117EBEEB-5DB0-43C8-9FD6-DD583DB152DD} =>.Autodesk
                      O42 - Logiciel: Autodesk Material Library Base Resolution Image Library 2013 - (.Autodesk.) [HKLM][64Bits] – {606E12B9-641F-4644-A22A-FF38AE980AFD} =>.Autodesk
                      O42 - Logiciel: Autodesk Network License Manager - (.Autodesk.) [HKLM][64Bits] – {4BE91685-1632-47FC-B563-A8A542C6664C} =>.Autodesk
                      O42 - Logiciel: Autodesk Sync - (.Autodesk, Inc..) [HKLM][64Bits] – {EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F} =>.Autodesk, Inc.
                      O42 - Logiciel: AVG - (.AVG Technologies.) [HKLM][64Bits] – {434FBA38-0562-4F98-9436-4B45C0C0EF0B} =>.AVG Technologies
                      O42 - Logiciel: AVG Internet Security - (.AVG Technologies.) [HKLM][64Bits] – AVG Antivirus =>.AVG Technologies CZ, s.r.o.®
                      O42 - Logiciel: Battle.net - (.Blizzard Entertainment.) [HKLM][64Bits] – Battle.net =>.Blizzard Entertainment, Inc.®
                      O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] – CCleaner =>.Piriform Ltd®
                      O42 - Logiciel: Counter-Strike: Global Offensive - (.Valve.) [HKLM][64Bits] – Steam App 730 =>.Valve®
                      O42 - Logiciel: CPUID CPU-Z 1.78 - (.CPUID Inc.) [HKLM][64Bits] – CPUID CPU-Z_is1 =>.CPUID Inc
                      O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] – {E09C4DB7-630C-4F06-A631-8EA7239923AF} =>.Microsoft
                      O42 - Logiciel: Discord - (.Hammer & Chisel, Inc..) [HKCU][64Bits] – Discord =>.Hammer & Chisel Inc.®
                      O42 - Logiciel: FMW 1 - (.AVG Technologies.) [HKLM][64Bits] – {8DF0D8D9-0C24-47EB-9738-376DD2705133} =>.AVG Technologies
                      O42 - Logiciel: Galerija fotografija - (.Microsoft Corporation.) [HKLM][64Bits] – {343C0612-37DC-4914-95A7-0845EE0C8F04} =>.Microsoft Corporation
                      O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] – Google Chrome =>.Google Inc®
                      O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] – {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
                      O42 - Logiciel: Hearthstone - (.Blizzard Entertainment.) [HKLM][64Bits] – Hearthstone =>.Blizzard Entertainment, Inc.®
                      O42 - Logiciel: Java 8 Update 141 (64-bit) - (.Oracle Corporation.) [HKLM][64Bits] – {26A24AE4-039D-4CA4-87B4-2F64180141F0} =>.Oracle Corporation
                      O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM][64Bits] – {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
                      O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] – {0BE9E708-5DC0-4963-9CFD-0AA519090E79} =>.Microsoft Corporation
                      O42 - Logiciel: League of Legends - (.Riot Games.) [HKLM][64Bits] – {8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51} =>.Riot Games
                      O42 - Logiciel: League of Legends - (.Riot Games.) [HKLM][64Bits] – League of Legends 4.2.1 =>.Riot Games
                      O42 - Logiciel: Letasoft Sound Booster 1.7.0.327 - (.Letasoft LLC.) [HKLM][64Bits] – {6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1 =>.Letasoft LLC®
                      O42 - Logiciel: Microsoft Access MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] – {90150000-0015-0409-1000-0000000FF1CE} =>.Microsoft Corporation
                      O42 - Logiciel: Microsoft Access Setup Metadata MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] – {90150000-0117-0409-1000-0000000FF1CE} =>.Microsoft Corporation
                      O42 - Logiciel: Microsoft Application Error Reporting - (.Microsoft Corporation.) [HKLM][64Bits] – {95120000-00B9-0409-1000-0000000FF1CE} =>.Microsoft Corporation
                      O42 - Logiciel: Microsoft DCF MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] – {90150000-0090-0409-1000-0000000FF1CE} =>.Microsoft Corporation
                      O42 - Logiciel: Microsoft Excel MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] – {90150000-0016-0409-1000-0000000FF1CE} =>.Microsoft Corporation
                      O42 - Logiciel: Microsoft Groove MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] – {90150000-00BA-0409-1000-0000000FF1CE} =>.Microsoft Corporation
                      O42 - Logiciel: Microsoft InfoPath MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] – {90150000-0044-0409-1000-0000000FF1CE} =>.Microsoft Corporation
                      O42 - Logiciel: Microsoft Lync MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] – {90150000-012B-0409-1000-0000000FF1CE} =>.Microsoft Corporation
                      O42 - Logiciel: Microsoft OneNote MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] – {90150000-00A1-0409-1000-0000000FF1CE} =>.Microsoft Corporation
                      O42 - Logiciel: Microsoft Outlook MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] – {90150000-001A-0409-1000-0000000FF1CE} =>.Microsoft Corporation
                      O42 - Logiciel: Microsoft PowerPoint MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] – {90150000-0018-0409-1000-0000000FF1CE} =>.Microsoft Corporation
                      O42 - Logiciel: Microsoft Publisher MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] – {90150000-0019-0409-1000-0000000FF1CE} =>.Microsoft Corporation
                      O42 - Logiciel: Microsoft Word MUI (English) 2013 - (.Microsoft Corporation.) [HKLM][64Bits] – {90150000-001B-0409-1000-0000000FF1CE} =>.Microsoft Corporation
                      O42 - Logiciel: Mozilla Firefox 54.0.1 (x86 hr) - (.Mozilla.) [HKLM][64Bits] – Mozilla Firefox 54.0.1 (x86 hr) =>.Mozilla Corporation®
                      O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] – MozillaMaintenanceService =>.Mozilla
                      O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] – {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} =>.Microsoft
                      O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] – {D0B44725-3666-492D-BEF6-587A14BD9BD9} =>.Microsoft
                      O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] – {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} =>.Microsoft
                      O42 - Logiciel: MSVCRT110_amd64 - (.Microsoft.) [HKLM][64Bits] – {E9FA781F-3E80-4399-825A-AD3E11C28C77} =>.Microsoft
                      O42 - Logiciel: Overwolf - (.Overwolf Ltd..) [HKLM][64Bits] – Overwolf =>.Overwolf Ltd®
                      O42 - Logiciel: PowerISO - (.Power Software Ltd.) [HKLM][64Bits] – PowerISO =>.Power Software Ltd
                      O42 - Logiciel: Raptr - (.Raptr, Inc.) [HKLM][64Bits] – Raptr =>.Raptr, Inc
                      O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] – {8833FFB6-5B0C-4764-81AA-06DFEED9A476} =>.Realtek Semiconductor Corp®
                      O42 - Logiciel: Skype™ 7.37 - (.Skype Technologies S.A..) [HKLM][64Bits] – {3B7E914A-93D5-4A29-92BB-AF8C3F66C431} =>.Skype Technologies S.A.
                      O42 - Logiciel: Speccy - (.Piriform.) [HKLM][64Bits] – Speccy =>.Piriform Ltd®
                      O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] – Steam =>.Valve®
                      O42 - Logiciel: Visual Studio 2012 x64 Redistributables - (.AVG Technologies.) [HKLM][64Bits] – {8C775E70-A791-4DA8-BCC3-6AB7136F4484} =>.AVG Technologies
                      O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM][64Bits] – {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
                      O42 - Logiciel: Windows 7 USB/DVD Download Tool - (.Microsoft Corporation.) [HKLM][64Bits] – {CCF298AF-9CE1-4B26-B251-486E98A34789} =>.Microsoft Corporation
                      O42 - Logiciel: WinRAR 5.40 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] – WinRAR archiver =>.win.rar GmbH®

                      —\ HKCU & HKLM Software Keys (78) - 6s
                      HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
                      HKLM\SOFTWARE\Wow6432Node\AMD =>.AMD
                      HKLM\SOFTWARE\Wow6432Node\ATI =>.ATI
                      HKLM\SOFTWARE\Wow6432Node\ATI Technologies =>.ATI Technologies
                      HKLM\SOFTWARE\Wow6432Node\Autodesk =>.Autodesk
                      HKLM\SOFTWARE\Wow6432Node\AVG =>.AVG Software
                      HKLM\SOFTWARE\Wow6432Node\AVG Web TuneUp =>.AVG Web TuneUp
                      HKLM\SOFTWARE\Wow6432Node\Blizzard Entertainment =>.Blizzard Entertainment
                      HKLM\SOFTWARE\Wow6432Node\Caphyon =>.Caphyon
                      HKLM\SOFTWARE\Wow6432Node\CDESoft
                      HKLM\SOFTWARE\Wow6432Node\Google =>.Google
                      HKLM\SOFTWARE\Wow6432Node\Greatis =>.Greatis Software
                      HKLM\SOFTWARE\Wow6432Node\IM Providers =>.IM Providers
                      HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
                      HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
                      HKLM\SOFTWARE\Wow6432Node\JreMetrics =>.JreMetrics
                      HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
                      HKLM\SOFTWARE\Wow6432Node\Licenses =>.Microsoft Corporation
                      HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
                      HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
                      HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.mozilla.org
                      HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
                      HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
                      HKLM\SOFTWARE\Wow6432Node\Overwolf =>.Overwolf
                      HKLM\SOFTWARE\Wow6432Node\Piriform =>.Piriform
                      HKLM\SOFTWARE\Wow6432Node\PowerISO =>.PowerISO Computing
                      HKLM\SOFTWARE\Wow6432Node\PowerPivot =>.PowerPivot
                      HKLM\SOFTWARE\Wow6432Node\Raptr =>.Raptr
                      HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek Semiconductor Corp.
                      HKLM\SOFTWARE\Wow6432Node\Riot Games =>.Riot Games
                      HKLM\SOFTWARE\Wow6432Node\Skype =>.Skype
                      HKLM\SOFTWARE\Wow6432Node\Valve =>.Valve
                      HKLM\SOFTWARE\Wow6432Node\wtu =>.WTU
                      HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
                      HKCU\SOFTWARE\Adobe =>.Adobe
                      HKCU\SOFTWARE\AMD =>.AMD
                      HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
                      HKCU\SOFTWARE\AppEx Networks =>.AppEx Networks
                      HKCU\SOFTWARE\ASProtect =>.ASPack Software
                      HKCU\SOFTWARE\ATI =>.ATI
                      HKCU\SOFTWARE\Autodesk =>.Autodesk
                      HKCU\SOFTWARE\AVAST Software =>.AVAST Software
                      HKCU\SOFTWARE\Avg =>.AVG Software
                      HKCU\SOFTWARE\AVG Web TuneUp =>.AVG Web TuneUp
                      HKCU\SOFTWARE\Blizzard Entertainment =>.Blizzard Entertainment
                      HKCU\SOFTWARE\BugSplat =>.Bugsplat Game
                      HKCU\SOFTWARE\Chromium =>.Chromium
                      HKCU\SOFTWARE\DriverEasy
                      HKCU\SOFTWARE\Geek Uninstaller =>.Geek Uninstaller
                      HKCU\SOFTWARE\Google =>.Google
                      HKCU\SOFTWARE\Greatis =>.Greatis Software
                      HKCU\SOFTWARE\IM Providers =>.IM Providers
                      HKCU\SOFTWARE\JavaSoft =>.JavaSoft
                      HKCU\SOFTWARE\Letasoft
                      HKCU\SOFTWARE\Logitech =>.Logitech
                      HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
                      HKCU\SOFTWARE\Mozilla =>.Mozilla
                      HKCU\SOFTWARE\Netscape =>.Netscape
                      HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
                      HKCU\SOFTWARE\Overwolf =>.Overwolf
                      HKCU\SOFTWARE\Piriform =>.Piriform
                      HKCU\SOFTWARE\PowerISO =>.PowerISO Computing
                      HKCU\SOFTWARE\Printers
                      HKCU\SOFTWARE\ProtectedStorage =>.Microsoft Corporation
                      HKCU\SOFTWARE\QtProject =>.QtProject
                      HKCU\SOFTWARE\Raptr =>.Raptr
                      HKCU\SOFTWARE\Regrun
                      HKCU\SOFTWARE\Skype =>.Skype
                      HKCU\SOFTWARE\skypeapp-ab4ccbeaa4e4
                      HKCU\SOFTWARE\Sysinternals =>.Sysinternals
                      HKCU\SOFTWARE\Trolltech =>.Trolltech
                      HKCU\SOFTWARE\Unity =>.Unity
                      HKCU\SOFTWARE\Valve =>.Valve
                      HKCU\SOFTWARE\WinRAR =>.WinRAR
                      HKCU\SOFTWARE\WinRAR SFX =>.RarLab
                      HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
                      HKCU\SOFTWARE\Zemana =>.Zemana
                      HKCU\SOFTWARE\ZHP =>.Nicolas Coolman

                      —\ Contents of the Common Files folders (218) - 6s
                      O43 - CFD: 25/12/2016 - D – C:\Program Files\AMD =>.Advanced Micro Devices, Inc.®
                      O43 - CFD: 25/12/2016 - D – C:\Program Files\AMD Quick Stream =>.Advanced Micro Devices Inc
                      O43 - CFD: 04/12/2016 - D – C:\Program Files\Autodesk =>.Autodesk
                      O43 - CFD: 24/07/2017 - D – C:\Program Files\CCleaner =>.Piriform Ltd
                      O43 - CFD: 20/07/2017 - D – C:\Program Files\Common Files =>.Microsoft Corporation
                      O43 - CFD: 07/02/2017 - D – C:\Program Files\CPUID =>.CPUID Inc
                      O43 - CFD: 21/11/2010 - D – C:\Program Files\DVD Maker =>.Aone Software
                      O43 - CFD: 21/11/2010 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
                      O43 - CFD: 24/07/2017 - D – C:\Program Files\Java =>.Oracle
                      O43 - CFD: 04/12/2016 - D – C:\Program Files\Microsoft Analysis Services =>.Microsoft Corporation
                      O43 - CFD: 21/11/2010 - D – C:\Program Files\Microsoft Games =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Program Files\Microsoft SQL Server =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Program Files\Microsoft.NET =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
                      O43 - CFD: 19/07/2017 - D – C:\Program Files\P9QABSMQ36
                      O43 - CFD: 04/12/2016 - D – C:\Program Files\PowerISO =>.PowerISO Computing
                      O43 - CFD: 14/07/2009 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Program Files\Speccy =>.Piriform
                      O43 - CFD: 14/07/2009 - [0] HD – C:\Program Files\Uninstall Information =>.Microsoft Corporation
                      O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Defender =>.Microsoft Corporation
                      O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Journal =>.Microsoft Corporation
                      O43 - CFD: 15/04/2017 - D – C:\Program Files\Windows Live =>.Microsoft Corporation
                      O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
                      O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
                      O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
                      O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
                      O43 - CFD: 21/11/2010 - D – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
                      O43 - CFD: 25/12/2016 - D – C:\Program Files (x86)\AMD =>.AMD
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Autodesk =>.Autodesk
                      O43 - CFD: 25/04/2017 - D – C:\Program Files (x86)\AVG =>.AVG Software
                      O43 - CFD: 24/07/2017 - D – C:\Program Files (x86)\Common Files =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Google =>.Google Inc®
                      O43 - CFD: 04/12/2016 - HD – C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield
                      O43 - CFD: 21/11/2010 - D – C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Microsoft Analysis Services =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Microsoft SQL Server =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Microsoft SQL Server Compact Edition =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
                      O43 - CFD: 01/07/2017 - D – C:\Program Files (x86)\Mozilla Firefox =>.Mozilla
                      O43 - CFD: 01/07/2017 - D – C:\Program Files (x86)\Mozilla Maintenance Service =>.Mozilla
                      O43 - CFD: 14/07/2009 - D – C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
                      O43 - CFD: 20/07/2017 - D – C:\Program Files (x86)\Overwolf =>.Overwolf
                      O43 - CFD: 25/12/2016 - D – C:\Program Files (x86)\Raptr Inc =>.Raptr Inc.
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Realtek =>.Realtek
                      O43 - CFD: 14/07/2009 - D – C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
                      O43 - CFD: 01/07/2017 - RD – C:\Program Files (x86)\Skype =>.Skype
                      O43 - CFD: 24/07/2017 - D – C:\Program Files (x86)\UnHackMe =>.Greatis
                      O43 - CFD: 14/07/2009 - [0] HD – C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
                      O43 - CFD: 21/11/2010 - D – C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Windows Live =>.Microsoft Corporation
                      O43 - CFD: 21/11/2010 - D – C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
                      O43 - CFD: 21/11/2010 - D – C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - D – C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
                      O43 - CFD: 21/11/2010 - D – C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
                      O43 - CFD: 21/11/2010 - D – C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
                      O43 - CFD: 21/11/2010 - D – C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
                      O43 - CFD: 05/12/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
                      O43 - CFD: 05/12/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
                      O43 - CFD: 25/12/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center =>.Advanced Micro Devices Inc
                      O43 - CFD: 25/12/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved =>.AMD Gaming Evolved
                      O43 - CFD: 25/12/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream =>.Advanced Micro Devices Inc
                      O43 - CFD: 05/12/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings =>.Samsung Electronics
                      O43 - CFD: 04/12/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk =>.Autodesk
                      O43 - CFD: 17/07/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG =>.AVG Software
                      O43 - CFD: 12/04/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen =>.AVG
                      O43 - CFD: 19/07/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net =>.Games Software
                      O43 - CFD: 05/12/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
                      O43 - CFD: 07/02/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID =>.CPUID Inc
                      O43 - CFD: 05/12/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
                      O43 - CFD: 24/07/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java =>.Oracle
                      O43 - CFD: 17/07/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Letasoft Sound Booster
                      O43 - CFD: 05/12/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
                      O43 - CFD: 05/12/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 =>.Microsoft Corporation
                      O43 - CFD: 05/12/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO =>.PowerISO Computing
                      O43 - CFD: 20/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype =>.Skype
                      O43 - CFD: 05/12/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy =>.Piriform
                      O43 - CFD: 14/07/2009 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
                      O43 - CFD: 09/07/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam =>.Steam Games
                      O43 - CFD: 21/11/2010 - [0] RHD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
                      O43 - CFD: 05/12/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
                      O43 - CFD: 04/12/2016 - D – C:\ProgramData.mono =>.Legitimate
                      O43 - CFD: 04/12/2016 - D – C:\ProgramData\Adobe =>.Adobe
                      O43 - CFD: 25/12/2016 - D – C:\ProgramData\AMD =>.AMD
                      O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Application Data =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\ProgramData\ATI =>.ATI
                      O43 - CFD: 04/12/2016 - D – C:\ProgramData\Autodesk =>.Autodesk
                      O43 - CFD: 21/04/2017 - D – C:\ProgramData\Avg =>.AVG Software
                      O43 - CFD: 04/12/2016 - D – C:\ProgramData\Battle.net =>.Games Software
                      O43 - CFD: 04/12/2016 - D – C:\ProgramData\Blizzard Entertainment =>.Blizzard Entertainment
                      O43 - CFD: 04/12/2016 - HD – C:\ProgramData\Common Files =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Desktop =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Documents =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Favorites =>.Microsoft Corporation
                      O43 - CFD: 05/12/2016 - D – C:\ProgramData\FLEXnet =>.Flexera Software
                      O43 - CFD: 19/07/2017 - D – C:\ProgramData\HitmanPro =>.EIDOS hitman Game
                      O43 - CFD: 25/04/2017 - D – C:\ProgramData\MFAData =>.AVG Software
                      O43 - CFD: 04/12/2016 - SD – C:\ProgramData\Microsoft =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\ProgramData\Microsoft Help =>.Microsoft Corporation
                      O43 - CFD: 24/07/2017 - D – C:\ProgramData\Oracle =>.Oracle
                      O43 - CFD: 05/07/2017 - D – C:\ProgramData\Overwolf =>.Overwolf
                      O43 - CFD: 19/07/2017 - D – C:\ProgramData\Package Cache =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
                      O43 - CFD: 19/07/2017 - [0] D – C:\ProgramData\RegRun =>.Greatis Software
                      O43 - CFD: 04/12/2016 - D – C:\ProgramData\Riot Games =>.Riot Games
                      O43 - CFD: 01/07/2017 - D – C:\ProgramData\Skype =>.Skype
                      O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - [0] D – C:\ProgramData\TEMP =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
                      O43 - CFD: 19/07/2017 - D – C:\ProgramData\WindowsErrorReporting
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Common Files\Adobe =>.Adobe
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Common Files\ATI Technologies =>.ATI Technologies
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Common Files\Autodesk Shared =>.Autodesk
                      O43 - CFD: 24/07/2017 - D – C:\Program Files (x86)\Common Files\Java =>.Oracle
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Common Files\microsoft shared =>.Microsoft Corporation
                      O43 - CFD: 20/07/2017 - D – C:\Program Files (x86)\Common Files\Overwolf =>.Overwolf
                      O43 - CFD: 14/07/2009 - D – C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
                      O43 - CFD: 02/06/2017 - D – C:\Program Files (x86)\Common Files\Skype =>.Skype
                      O43 - CFD: 14/07/2009 - D – C:\Program Files (x86)\Common Files\SpeechEngines =>.Microsoft Corporation
                      O43 - CFD: 24/07/2017 - D – C:\Program Files (x86)\Common Files\Steam =>.Steam Games
                      O43 - CFD: 21/11/2010 - D – C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Program Files (x86)\Common Files\Windows Live =>.Microsoft Corporation
                      O43 - CFD: 07/02/2017 - D – C:\Users\Danijel\AppData\Roaming.minecraft =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Roaming.mono =>.Legitimate
                      O43 - CFD: 09/02/2017 - D – C:\Users\Danijel\AppData\Roaming\Adobe =>.Adobe
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Roaming\ATI =>.ATI
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Roaming\Autodesk =>.Autodesk
                      O43 - CFD: 21/04/2017 - D – C:\Users\Danijel\AppData\Roaming\AVG =>.AVG Software
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Roaming\Battle.net =>.Games Software
                      O43 - CFD: 24/07/2017 - D – C:\Users\Danijel\AppData\Roaming\discord =>.GitHub
                      O43 - CFD: 24/07/2017 - D – C:\Users\Danijel\AppData\Roaming\Geek Uninstaller =>.Geek Uninstaller
                      O43 - CFD: 29/05/2017 - D – C:\Users\Danijel\AppData\Roaming\Google =>.Google
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Roaming\Identities =>.Microsoft Corporation
                      O43 - CFD: 07/02/2017 - D – C:\Users\Danijel\AppData\Roaming\java =>.Oracle
                      O43 - CFD: 17/07/2017 - [0] D – C:\Users\Danijel\AppData\Roaming\Letasoft
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Roaming\library_dir =>.library_dir
                      O43 - CFD: 09/02/2017 - D – C:\Users\Danijel\AppData\Roaming\Macromedia =>.Macromedia
                      O43 - CFD: 21/11/2010 - [0] D – C:\Users\Danijel\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
                      O43 - CFD: 02/05/2017 - SD – C:\Users\Danijel\AppData\Roaming\Microsoft =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Roaming\Mozilla =>.Mozilla Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Roaming\PowerISO =>.PowerISO Computing
                      O43 - CFD: 25/12/2016 - D – C:\Users\Danijel\AppData\Roaming\Raptr =>.Raptr
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Roaming\Riot Games =>.Riot Games
                      O43 - CFD: 20/07/2017 - D – C:\Users\Danijel\AppData\Roaming\samika
                      O43 - CFD: 19/07/2017 - D – C:\Users\Danijel\AppData\Roaming\Skype =>.Skype
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Roaming\Sun =>.Oracle
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Roaming\TuneUp Software =>.TuneUp Software
                      O43 - CFD: 19/12/2016 - D – C:\Users\Danijel\AppData\Roaming\Windows Live Writer =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Roaming\WinRAR =>.WinRAR
                      O43 - CFD: 25/07/2017 - D – C:\Users\Danijel\AppData\Roaming\ZHP =>.Nicolas Coolman
                      O43 - CFD: 09/02/2017 - D – C:\Users\Danijel\AppData\Local\Adobe =>.Adobe
                      O43 - CFD: 25/12/2016 - D – C:\Users\Danijel\AppData\Local\AMD =>.AMD
                      O43 - CFD: 25/12/2016 - D – C:\Users\Danijel\AppData\Local\AppEx Networks =>.AppEx Networks
                      O43 - CFD: 04/12/2016 - [0] SHD – C:\Users\Danijel\AppData\Local\Application Data =>.Microsoft Corporation
                      O43 - CFD: 23/07/2017 - D – C:\Users\Danijel\AppData\Local\Apps =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Local\ATI =>.ATI
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Local\Autodesk =>.Autodesk
                      O43 - CFD: 06/07/2017 - D – C:\Users\Danijel\AppData\Local\Avg =>.AVG Software
                      O43 - CFD: 15/02/2017 - D – C:\Users\Danijel\AppData\Local\AvgSetupLog =>.AVG Software
                      O43 - CFD: 15/07/2017 - D – C:\Users\Danijel\AppData\Local\Battle.net =>.Games Software
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Local\Blizzard =>.Blizzard
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Local\Blizzard Entertainment =>.Blizzard Entertainment
                      O43 - CFD: 24/07/2017 - D – C:\Users\Danijel\AppData\Local\cache =>.Legitimate
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Local\CEF =>.CEF
                      O43 - CFD: 04/12/2016 - [0] D – C:\Users\Danijel\AppData\Local\Deployment =>.Microsoft Corporation
                      O43 - CFD: 12/01/2017 - [0] D – C:\Users\Danijel\AppData\Local\Diagnostics =>.Microsoft Corporation
                      O43 - CFD: 02/06/2017 - D – C:\Users\Danijel\AppData\Local\Discord =>.GitHub
                      O43 - CFD: 03/03/2017 - [0] D – C:\Users\Danijel\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
                      O43 - CFD: 19/07/2017 - D – C:\Users\Danijel\AppData\Local\Google =>.Google
                      O43 - CFD: 04/12/2016 - [0] SHD – C:\Users\Danijel\AppData\Local\History =>.Microsoft Corporation
                      O43 - CFD: 17/07/2017 - [0] SHD – C:\Users\Danijel\AppData\Local\icsxml
                      O43 - CFD: 09/02/2017 - D – C:\Users\Danijel\AppData\Local\Macromedia =>.Macromedia
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Local\MFAData =>.AVG Software
                      O43 - CFD: 23/06/2017 - D – C:\Users\Danijel\AppData\Local\Microsoft =>.Microsoft Corporation
                      O43 - CFD: 11/07/2017 - D – C:\Users\Danijel\AppData\Local\Microsoft Help =>.Microsoft Corporation
                      O43 - CFD: 05/12/2016 - D – C:\Users\Danijel\AppData\Local\Mozilla =>.Mozilla Corporation
                      O43 - CFD: 06/07/2017 - D – C:\Users\Danijel\AppData\Local\Overwolf =>.Overwolf
                      O43 - CFD: 04/12/2016 - D – C:\Users\Danijel\AppData\Local\Programs =>.Microsoft Corporation
                      O43 - CFD: 02/06/2017 - D – C:\Users\Danijel\AppData\Local\SquirrelTemp =>.Squirrels
                      O43 - CFD: 09/07/2017 - D – C:\Users\Danijel\AppData\Local\Steam =>.Steam Games
                      O43 - CFD: 25/07/2017 - D – C:\Users\Danijel\AppData\Local\Temp =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - [0] SHD – C:\Users\Danijel\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                      O43 - CFD: 26/06/2017 - D – C:\Users\Danijel\AppData\Local\VirtualStore =>.Microsoft Corporation
                      O43 - CFD: 11/05/2017 - D – C:\Users\Danijel\AppData\Local\Windows Live =>.Microsoft Corporation
                      O43 - CFD: 15/02/2017 - D – C:\Users\Danijel\AppData\Local\Windows Live Writer =>.Microsoft Corporation
                      O43 - CFD: 24/07/2017 - D – C:\Users\Danijel\AppData\Local\Zemana =>.Zemana
                      O43 - CFD: 25/07/2017 - D – C:\Users\Danijel\AppData\Local\ZHP =>.Nicolas Coolman
                      O43 - CFD: 04/12/2016 - [0] D – C:\Users\Danijel\AppData\Local\Programs\Common =>.Microsoft Corporation
                      O43 - CFD: 05/12/2016 - RD – C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Accessories =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - RD – C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Administrative Tools =>.Administrative Tools
                      O43 - CFD: 19/07/2017 - D – C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Chrome Apps
                      O43 - CFD: 02/06/2017 - D – C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Hammer & Chisel, Inc =>.Hammer & Chisel, Inc
                      O43 - CFD: 05/12/2016 - RD – C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Maintenance =>.Microsoft Corporation
                      O43 - CFD: 19/07/2017 - D – C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Overwolf =>.Overwolf
                      O43 - CFD: 04/12/2016 - RD – C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup =>.Microsoft Corporation
                      O43 - CFD: 04/12/2016 - [0] D – C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\WinDirStat =>.Seifert Systems
                      O43 - CFD: 23/07/2017 - D – C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Windows 7 USB DVD Download Tool =>.Microsoft Corporation
                      O43 - CFD: 05/12/2016 - D – C:\Users\Danijel\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\WinRAR =>.WinRAR
                      O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - D – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - [0] D – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - D – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - [0] D – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
                      O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
                      O43 - CFD: 25/04/2017 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Avg =>.AVG Software
                      O43 - CFD: 24/07/2017 - – C:\Windows\System32\Config\systemprofile\AppData\L ocal\AvgSetupLog =>.AVG Software
                      O43 - CFD: 17/03/2017 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\MFAData =>.AVG Software
                      O43 - CFD: 14/07/2009 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft Corporation
                      O43 - CFD: 09/07/2017 - [0] – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Overwolf =>.Overwolf
                      O43 - CFD: 19/07/2017 - – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Zemana =>.Zemana
                      O43 - CFD: 04/12/2016 - – C:\Windows\System32\Config\systemprofile\AppData\R oaming\AVG =>.AVG Software
                      O43 - CFD: 14/07/2009 - SD – C:\Windows\System32\Config\systemprofile\AppData\R oaming\Microsoft =>.Microsoft Corporation

                      —\ Latest files created in Prefetcher (1) - 5s
                      O45 - LFCP:[MD5.1F3AE851BAA5CF285417DB0F09D51873] 25/07/2017 A – C:\Windows\Prefetch\WINDOWS LOADER.EXE-A9A2F8CD.pf =>HackTool.WinActivator

                      —\ ShellIconOverlayIdentifiers (SIOI) (5) - 0s
                      O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) [ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) – C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
                      O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) [ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) – C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
                      O106 - SIOI: Microsoft SkyDrive Pro Icon Overlay 3 (InSync) [ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}. (.Microsoft Corporation - Microsoft SkyDrive Pro Extensions.) – C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL =>.Microsoft Corporation®
                      O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) – C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
                      O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) – C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation

                      —\ ShareTools MSconfig StartupReg (8) - 1s
                      O53 - SMSR:HKLM...\startupreg\AppEx Accelerator UI [Key] . (.AppEx Networks Corporation - AMD Quick Stream.) – C:\Program Files\AMD Quick Stream\AMDQuickStream.exe =>.AppEx Networks Corporation
                      O53 - SMSR:HKLM...\startupreg\Autodesk Sync [Key] . (.Autodesk, Inc. - Autodesk Sync.) – C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe =>.Autodesk, Inc.
                      O53 - SMSR:HKLM...\startupreg\Discord [Key] . (.Hammer & Chisel, Inc. - Discord.) – C:\Users\Danijel\AppData\Local\Discord\app-0.0.297\Discord.exe =>.Hammer & Chisel, Inc.
                      O53 - SMSR:HKLM...\startupreg\Overwolf [Key] . (.Copyright Overwolf © 2017 - Overwolf Launcher.) – C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
                      O53 - SMSR:HKLM...\startupreg\PWRISOVM.EXE [Key] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) – C:\Program Files\PowerISO\PWRISOVM.EXE =>.Power Software Ltd
                      O53 - SMSR:HKLM...\startupreg\Raptr [Key] . (.Raptr, Inc - Raptr Desktop App.) – C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe =>.Raptr, Inc
                      O53 - SMSR:HKLM...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) – C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
                      O53 - SMSR:HKLM...\startupreg\vProt [Key] . (…) – C:\Program Files (x86)\AVG Web TuneUp\vprot.exe (.not file.)

                      —\ System Drivers List (64) - 2s
                      O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) – C:\Windows\System32\drivers\adp94xx.sys [491088] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) – C:\Windows\System32\drivers\adpahci.sys [339536] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) – C:\Windows\System32\drivers\adpu320.sys [182864] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) – C:\Windows\System32\drivers\aliide.sys [15440] =>.Microsoft Windows®
                      O58 - SDL:2016/02/26 22:57:16 A . (.Advanced Micro Devices - AMD ACP Binaries.) – C:\Windows\System32\drivers\amdacpksd.sys [296648] =>.Advanced Micro Devices, Inc.®
                      O58 - SDL:2010/11/21 05:23:47 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) – C:\Windows\System32\drivers\amdsata.sys [107904] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\Windows\System32\drivers\amdsbs.sys [194128] =>.Microsoft Windows®
                      O58 - SDL:2010/11/21 05:23:47 A . (.Advanced Micro Devices - Storage Filter Driver.) – C:\Windows\System32\drivers\amdxata.sys [27008] =>.Microsoft Windows®
                      O58 - SDL:2015/04/03 02:14:26 A . (.AppEx Networks Corporation - AppEx Accelerator LWF/WFP Driver L.E..) – C:\Windows\System32\drivers\appexDrv.sys [229056] =>.AppEx Networks Corporation®
                      O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) – C:\Windows\System32\drivers\arc.sys [87632] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\Windows\System32\drivers\arcsas.sys [97856] =>.Microsoft Windows®
                      O58 - SDL:2016/02/26 22:18:00 A . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) – C:\Windows\System32\drivers\AtihdW76.sys [96256] =>.Advanced Micro Devices
                      O58 - SDL:2016/02/26 22:53:36 A . (.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) – C:\Windows\System32\drivers\atikmdag.sys [23981568] =>.Advanced Micro Devices, Inc.
                      O58 - SDL:2016/02/26 21:58:12 A . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) – C:\Windows\System32\drivers\atikmpag.sys [674816] =>.Advanced Micro Devices, Inc.
                      O58 - SDL:2017/07/19 09:48:01 A . (.AVG Technologies CZ, s.r.o. - File Vault Driver.) – C:\Windows\System32\drivers\avgbdiska.sys [166624] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2017/07/19 09:48:01 A . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Driver..) – C:\Windows\System32\drivers\avgbidsdrivera.sys [313616] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2017/07/19 09:48:01 A . (.AVG Technologies CZ, s.r.o. - Application Activity Monitor Helper Driver.) – C:\Windows\System32\drivers\avgbidsha.sys [192584] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2017/07/19 09:48:01 A . (.AVG Technologies CZ, s.r.o. - Logging Driver.) – C:\Windows\System32\drivers\avgbloga.sys [336896] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2017/07/19 09:48:01 A . (.AVG Technologies CZ, s.r.o. - Universal Driver.) – C:\Windows\System32\drivers\avgbuniva.sys [51336] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2017/07/19 09:48:26 A . (.AVG Technologies CZ, s.r.o. - AVG HWID.) – C:\Windows\System32\drivers\avgHwid.sys [39424] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2017/07/19 09:48:44 A . (.AVG Technologies CZ, s.r.o. - AVG File System Minifilter for Windows 2003.) – C:\Windows\System32\drivers\avgmonflt.sys [139112] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2017/04/21 03:34:22 A . (.AVG Technologies CZ, s.r.o. - Firewall NDIS6 Helper.) – C:\Windows\System32\drivers\avgNetNd6.sys [29944] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2017/07/19 09:48:10 A . (.AVG Technologies CZ, s.r.o. - AVG Firewall Driver.) – C:\Windows\System32\drivers\avgNetSec.sys [546968] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2017/07/19 09:48:26 A . (.AVG Technologies CZ, s.r.o. - AVG WFP Redirect Driver.) – C:\Windows\System32\drivers\avgRdr2.sys [102792] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2017/07/19 09:48:27 A . (.AVG Technologies CZ, s.r.o. - AVG Revert.) – C:\Windows\System32\drivers\avgRvrt.sys [76832] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2017/07/19 09:48:14 A . (.AVG Technologies CZ, s.r.o. - AVG Virtualization Driver.) – C:\Windows\System32\drivers\avgSnx.sys [1008288] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2017/07/19 09:48:27 A . (.AVG Technologies CZ, s.r.o. - AVG self protection module.) – C:\Windows\System32\drivers\avgSP.sys [578048] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2017/07/19 09:48:27 A . (.AVG Technologies CZ, s.r.o. - Stream Filter.) – C:\Windows\System32\drivers\avgStm.sys [191208] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2017/07/19 09:48:27 A . (.AVG Technologies CZ, s.r.o. - AVG VM Monitor.) – C:\Windows\System32\drivers\avgVmm.sys [353744] =>.AVG Technologies CZ, s.r.o.®
                      O58 - SDL:2009/06/10 22:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) – C:\Windows\System32\drivers\b57nd60a.sys [270848] =>.Broadcom Corporation
                      O58 - SDL:2009/06/10 22:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) – C:\Windows\System32\drivers\BrFiltLo.sys [18432] =>.Brother Industries, Ltd.
                      O58 - SDL:2009/06/10 22:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) – C:\Windows\System32\drivers\BrFiltUp.sys [8704] =>.Brother Industries, Ltd.
                      O58 - SDL:2009/07/14 03:19:07 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) – C:\Windows\System32\drivers\BrSerId.sys [286720] =>.Brother Industries Ltd.
                      O58 - SDL:2009/06/10 22:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) – C:\Windows\System32\drivers\BrSerWdm.sys [47104] =>.Brother Industries Ltd.
                      O58 - SDL:2009/06/10 22:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) – C:\Windows\System32\drivers\BrUsbMdm.sys [14976] =>.Brother Industries Ltd.
                      O58 - SDL:2009/06/10 22:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) – C:\Windows\System32\drivers\BrUsbSer.sys [14720] =>.Brother Industries Ltd.
                      O58 - SDL:2009/06/10 22:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) – C:\Windows\System32\drivers\bxvbda.sys [468480] =>.Broadcom Corporation
                      O58 - SDL:2009/07/14 03:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) – C:\Windows\System32\drivers\cmdide.sys [17488] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) – C:\Windows\System32\drivers\elxstor.sys [530496] =>.Microsoft Windows®
                      O58 - SDL:2009/06/10 22:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) – C:\Windows\System32\drivers\evbda.sys [3286016] =>.Broadcom Corporation
                      O58 - SDL:2009/06/10 22:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) – C:\Windows\System32\drivers\hcw85cir.sys [31232] =>.Hauppauge Computer Works, Inc.
                      O58 - SDL:2010/11/21 05:23:47 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\Windows\System32\drivers\HpSAMD.sys [78720] =>.Microsoft Windows®
                      O58 - SDL:2010/11/21 05:23:47 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) – C:\Windows\System32\drivers\iaStorV.sys [410496] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) – C:\Windows\System32\drivers\iirsp.sys [44112] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) – C:\Windows\System32\drivers\lsi_fc.sys [114752] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\Windows\System32\drivers\lsi_sas.sys [106560] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\Windows\System32\drivers\lsi_sas2.sys [65600] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) – C:\Windows\System32\drivers\lsi_scsi.sys [115776] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) – C:\Windows\System32\drivers\megasas.sys [35392] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\Windows\System32\drivers\MegaSR.sys [284736] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) – C:\Windows\System32\drivers\nfrd960.sys [51264] =>.Microsoft Windows®
                      O58 - SDL:2010/11/21 05:23:47 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\Windows\System32\drivers\nvraid.sys [148352] =>.Microsoft Windows®
                      O58 - SDL:2010/11/21 05:23:47 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\Windows\System32\drivers\nvstor.sys [166272] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) – C:\Windows\System32\drivers\ql2300.sys [1524816] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) – C:\Windows\System32\drivers\ql40xx.sys [128592] =>.Microsoft Windows®
                      O58 - SDL:2012/10/25 18:20:28 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Dri.) – C:\Windows\System32\drivers\Rt64win7.sys [769168] =>.Realtek Semiconductor Corp®
                      O58 - SDL:2016/10/02 02:50:20 A . (.Power Software Ltd - PowerISO Virtual Drive.) – C:\Windows\System32\drivers\scdemu.sys [137280] =>.Power Software Limited®
                      O58 - SDL:2009/06/10 22:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) – C:\Windows\System32\drivers\secdrv.sys [23040] =>.Macrovision Corporation, Macrovision Europe Limited,
                      O58 - SDL:2009/07/14 03:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\Windows\System32\drivers\sisraid2.sys [43584] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\Windows\System32\drivers\sisraid4.sys [80464] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) – C:\Windows\System32\drivers\stexstor.sys [24656] =>.Microsoft Windows®
                      O58 - SDL:2016/04/21 11:10:04 A . (.The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6..) – C:\Windows\System32\drivers\tap0901.sys [27136] =>.The OpenVPN Project
                      O58 - SDL:2009/07/14 03:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) – C:\Windows\System32\drivers\viaide.sys [17488] =>.Microsoft Windows®
                      O58 - SDL:2009/07/14 03:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\Windows\System32\drivers\vsmraid.sys [161872] =>.Microsoft Windows®

                      —\ Last modified or created user files (4) - 6s
                      O61 - LFC: 2017/07/25 09:49:04 A . (..) – C:\Users\Danijel\AppData\Local\ATI\ACE\Manifest.Bi n [30042] =>.ATI Technologies
                      O61 - LFC: 2017/07/23 21:59:05 A . (..) – C:\Users\Danijel\AppData\Roaming\Autodesk\AutoCAD 2013 - English\R19.0\enu\AdExchangeBrowser.bin [475]
                      O61 - LFC: 2017/07/23 15:29:22 RA . (..) – C:\Users\Danijel\AppData\Roaming\Microsoft\Install er{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe [119808]
                      O61 - LFC: 2017/07/20 13:58:02 RA . (..) – C:\Users\Danijel\Desktop\Windows 7 SP1 Ultimate (64 Bit)\Windows 7 SP1 Ultimate (64 Bit).iso [3319764992]

                      —\ File Associations Shell Spawning (12) - 0s
                      O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
                      O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
                      O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
                      O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
                      O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
                      O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
                      O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                      O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
                      O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
                      O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S
                      O67 - Shell Spawning: <.html> [HKCU..\open\Command] (.Mozilla Corporation - Firefox.) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                      O67 - Shell Spawning: <.scr> [HKCU..\open\Command] (.Microsoft Corporation - Notepad.) – C:\Windows\System32\notepad.exe =>.Microsoft Corporation

                      —\ Start Menu Internet (12) - 0s
                      O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\Shell\open\Command] (.Mozilla Corporation - Firefox.) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
                      O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
                      O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
                      O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
                      O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
                      O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
                      O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
                      O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
                      O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
                      O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
                      O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
                      O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation

                      —\ Search Browser Infection (2) - 11s
                      O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
                      O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com

                      —\ Search Svchost Services (33) - 0s
                      O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) – C:\Windows\System32\aelupsvc.dll [72192] =>.Microsoft Corporation
                      O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation
                      O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation
                      O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\Windows\system32\srvsvc.dll [236032] =>.Microsoft Corporation
                      O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\Windows\System32\gpsvc.dll [777728] =>.Microsoft Corporation
                      O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\Windows\System32\ikeext.dll [853504] =>.Microsoft Corporation
                      O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) – C:\Windows\System32\Audiosrv.dll [679424] =>.Microsoft Corporation
                      O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\Windows\System32\rasauto.dll [99328] =>.Microsoft Corporation
                      O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\Windows\System32\rasmans.dll [344064] =>.Microsoft Corporation
                      O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [97792] =>.Microsoft Corporation
                      O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\Windows\System32\Sens.dll [64512] =>.Microsoft Corporation
                      O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\Windows\System32\ipnathlp.dll [359424] =>.Microsoft Corporation
                      O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [316928] =>.Microsoft Corporation
                      O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) – C:\Windows\System32\termsrv.dll [680960] =>.Microsoft Corporation
                      O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\Windows\system32\wuaueng.dll [2477536] =>.Microsoft Windows Component Publisher®
                      O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\Windows\System32\qmgr.dll [849920] =>.Microsoft Corporation
                      O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [370688] =>.Microsoft Corporation
                      O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\Windows\System32\iphlpsvc.dll [569344] =>.Microsoft Corporation
                      O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\Windows\system32\seclogon.dll [30720] =>.Microsoft Corporation
                      O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\Windows\System32\appinfo.dll [70656] =>.Microsoft Corporation
                      O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\Windows\system32\iscsiexe.dll [156672] =>.Microsoft Corporation
                      O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) – C:\Windows\system32\mmcss.dll [67584] =>.Microsoft Corporation
                      O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\Windows\system32\wbem\WMIsvc.dll [242688] =>.Microsoft Corporation
                      O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\Windows\System32\SessEnv.dll [121856] =>.Microsoft Corporation
                      O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\Windows\System32\browser.dll [136192] =>.Microsoft Corporation
                      O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\Windows\System32\eapsvc.dll [111104] =>.Microsoft Corporation
                      O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\Windows\system32\schedsvc.dll [1110016] =>.Microsoft Corporation
                      O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) – C:\Windows\system32\kmsvc.dll [90624] =>.Microsoft Corporation
                      O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\Windows\System32\wercplsupport.dll [84480] =>.Microsoft Corporation
                      O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\Windows\system32\profsvc.dll [209920] =>.Microsoft Corporation
                      O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\Windows\system32\themeservice.dll [44544] =>.Microsoft Corporation
                      O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\Windows\System32\bdesvc.dll [100864] =>.Microsoft Corporation
                      O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) – C:\Windows\System32\appmgmts.dll [193536] =>.Microsoft Corporation

                      —\ Firewall Active Exception List (4) - 2s
                      O87 - FAEL: “{80BBF5AB-7E64-40FA-AC72-D6E9F026BBF6}” [In-None-P6-TRUE] .(…) – C:\Program Files (x86)\AVG\Av\avgmfapx.exe (.not file.)
                      O87 - FAEL: “{88B03CA9-2668-49CA-A951-FE0E1902FDF9}” [In-None-P17-TRUE] .(…) – C:\Program Files (x86)\AVG\Av\avgmfapx.exe (.not file.)
                      O87 - FAEL: “{747195D4-2B71-4983-B7A1-97FEC68ABD92}” [In-None-P6-TRUE] .(…) – C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe (.not file.)
                      O87 - FAEL: “{31A6CE4B-9FA9-47D1-BF4F-5E9817E1A9EB}” [In-None-P17-TRUE] .(…) – C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe (.not file.)

                      —\ Additional Scan (O88) (9) - 2s
                      [HKLM\WOW6432Node\SOFTWARE\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}] =>.Superfluous.Orphan
                      [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}] =>.Superfluous.Orphan
                      [HKLM\WOW6432Node\SOFTWARE\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] =>.Superfluous.Orphan
                      [HKLM\WOW6432Node\SOFTWARE\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}] =>.Superfluous.Orphan
                      C:\Windows\Prefetch\WINDOWS LOADER.EXE-A9A2F8CD.pf =>HackTool.WinActivator
                      C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage =>.Superfluous.AkamaiHD
                      C:\Users\Danijel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal =>.Superfluous.AkamaiHD
                      [HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1 C52EAC6] =>PUM.Misplaced.Certificate [Avast Software]
                      [HKLM\Software\Microsoft\SystemCertificates\Disallo wed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD7 8375931] =>PUM.Misplaced.Certificate [Avast Software]

                      —\ Summary of the elements found (3) - 0s
                      WinActivator, Activateur de licence Windows. - ZAM =>HackTool.WinActivator
                      Logiciels Potentiellement Superflus (LPS). - ZAM =>.Superfluous.AkamaiHD
                      CertLock, un Cheval de Troie qui désactive tous les antivirus. - ZAM =>PUM.Misplaced.Certificate

                      ~ Unselected Options:
                      ~ End of the scan, 35436 items in 01mn40s (944)(0)

                      Comment

                      • system
                        PCHF Owner
                        • Jan 2015
                        • 7635

                        #12
                        Hello Mawlol,
                        Unfortunately your logs show evidence of hack tools designed to circumvent the legitimate activation of of software on your PC. The rules here at PCHF specifically prohibit any assistance in these circumstances and accordingly this thread will be closed.

                        Comment

                        Working...