Inactive Can't access google.com and youtube.com

[Pkillz]

I can't use youtube and use google.com. Google.pt works fine. I think it's a certificate problem since google.com as youtube.com use the same certificates (but I'm not sure). HELP. And I am 100% sure this happens because of a virus I had which is now removed.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

Please observe forum rules. All logs have to be pasted not attached.

Which browser do you use to access those sites?
Have you tried different browser?

 

[Pkillz]

The problem is consistent in every browser. You may think that, in case of youtube, the problem is related to html5 videos but I have done my research and that's not the problem.

 

[Pkillz]

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Utilizador (2017-01-11 21:45:39)
Running from C:\Users\Utilizador\Downloads
Windows 8.1 (X64) (2016-07-21 10:31:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3552909271-904078643-69874527-500 - Administrator - Disabled)
anton_000 (S-1-5-21-3552909271-904078643-69874527-1002 - Administrator - Enabled) => C:\Users\anton_000
Convidado (S-1-5-21-3552909271-904078643-69874527-501 - Limited - Disabled)
Utilizador (S-1-5-21-3552909271-904078643-69874527-1001 - Administrator - Enabled) => C:\Users\Utilizador

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.2.4 - Intel) Hidden
µTorrent (HKU\S-1-5-21-3552909271-904078643-69874527-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.20.55.57 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.223.215.14 - Broadcom Corporation)
Catalyst Control Center Next Localization BR (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - )
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Fraps (HKLM-x32\...\Fraps) (Version: - )
G4Story_EN version 1.0 (HKLM-x32\...\{44EBF926-8724-4C09-B324-BC5AE76D8C89}_is1) (Version: 1.0 - G4Story Studio)
Half-Life 2 version 2257546 (HKLM-x32\...\Half-Life 2_is1) (Version: 2257546 - Valve Corporation)
Happy Wars (HKLM\...\Steam App 246280) (Version: - Toylogic inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.7.7 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{124DB890-F166-4C5F-9220-C9F343F65BA2}) (Version: 12.2.8.17 - HP)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4281 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
My Web Shield (HKLM\...\mweshield) (Version: 3.0 - My Web Shield)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
P4StoryEN version P4.en.160219 (HKLM-x32\...\{A8AB5B94-44CE-4567-ADD4-AF9145CC20F7}_is1) (Version: P4.en.160219 - P4Story)
Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios)
PlanetSide 2 (HKU\S-1-5-21-3552909271-904078643-69874527-1001\...\DG0-PlanetSide 2) (Version: - Sony Online Entertainment)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.0.2 - Popcorn Time)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7503 - Realtek Semiconductor Corp.)
RTEQ v4.10 (HKLM-x32\...\RTEQ_is1) (Version: 4.10 - Andrei Grecu)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Software de Dispositivos Chipset Intel® (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
UltraMixer 5.1.3 (HKLM\...\{272e17ad-75e3-4a72-bee8-45e5e927920f}_is1) (Version: 5.1.3 - UltraMixer Digital Audio Solutions)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

26-12-2016 13:30:29 Ponto de Verificação Agendado
06-01-2017 22:48:09 Ponto de Verificação Agendado
11-01-2017 18:17:14 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 12:25 - 2017-01-07 11:21 - 00003722 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
34.195.153.94 www.google-analytics.com
34.195.153.94 google-analytics.com
34.195.153.94 mc.yandex.ru
34.195.153.94 top-fwz1.mail.ru
34.195.153.94 site.yandex.net
34.195.153.94 pagead2.googlesyndication.com
34.195.153.94 ad.mail.ru
34.195.153.94 ads.adfox.ru
34.195.153.94 ads.pubmatic.com
34.195.153.94 apis.google.com
34.195.153.94 autocontext.begun.ru
34.195.153.94 b.scorecardresearch.com
34.195.153.94 c.amazon-adsystem.com
34.195.153.94 cdn.admixer.net
34.195.153.94 cdn.cxense.com
34.195.153.94 cdn.livefyre.com
34.195.153.94 cdn.onthe.io
34.195.153.94 cdn.optimizely.com
34.195.153.94 cdn.prom.st

There are 56 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03606ADE-1B5D-468F-9088-EA51ECCC7E3A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-07] (AVAST Software)
Task: {0D2A3DA8-CB7D-4F07-9075-B05074E19665} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {1C1F850E-AEF0-4B10-9211-B8DE47720608} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {271F5EFB-2B40-45FD-9436-A08B76B86F8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-17] (Hewlett-Packard Company)
Task: {37034C67-ABC6-4FE0-A5BF-3A9C199AB60A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2016-02-17] (Hewlett-Packard Company)
Task: {3808B3FF-54A7-4C79-980D-31886CE8E61F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-08] (HP Inc.)
Task: {3DFD0B6A-204F-44C8-A7FA-A07E9CDE7239} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe
Task: {3EA11798-53F8-41A4-A373-F2EEB84B7DDB} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2016-12-23] (Advanced Micro Devices, Inc.)
Task: {3F9A51C4-2CB2-4A81-8FEC-EAAB6D1BAAC4} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {4306BA41-F2CE-4DAD-9361-774518218174} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe %windir%\system32\invagent.dll,RunUpdate
Task: {5840A6F0-F4F8-492B-9694-E47379F6A6D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-02-17] (Hewlett-Packard)
Task: {5AEBFB99-1378-46C3-BE81-C0730B9328A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-01-07] (AVAST Software)
Task: {5F450AAE-E514-4291-B4F5-9932405933F8} - System32\Tasks\Wgecultprahersh Schedule => C:\Program Files (x86)\Drogotionponopy\shgght.exe
Task: {604F7FAF-0213-499A-8807-86141CC416B7} - System32\Tasks\SecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe
Task: {61E64536-BB88-408A-953B-7A5FEABFE17B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-17] (Hewlett-Packard Company)
Task: {BFF4166F-D79B-4A59-B9CC-7B8D76164428} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {C40E181C-6E62-4FDA-ABD3-D990732F6975} - System32\Tasks\HPCeeScheduleForUtilizador => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {C9AF7A7E-5D3F-4C5B-9F43-8AC5687FD786} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe
Task: {D5E5E5D9-33FE-4E73-B186-D8086F7902B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {D8332039-A9B4-4F8D-A26B-F42A24DF70A8} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {D95D0456-0848-4E79-AD7E-2C39409DAFB9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {E927BE8D-6A76-4E11-A16E-1C7376CE42F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-08] (HP Inc.)
Task: {FAECB46D-06E8-4163-8768-192510000278} - System32\Tasks\SafeZone scheduled Autoupdate 1483811508 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUtilizador.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2017-01-07 11:22 - 2017-01-07 11:22 - 00292352 ____H () C:\Program Files (x86)\Wowertherterhery System\local64spl.dll
2017-01-07 12:02 - 2014-08-06 00:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe
2016-11-17 22:05 - 2016-11-17 22:05 - 00156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2016-11-17 22:05 - 2016-11-17 22:05 - 00111360 _____ () C:\Program Files\Intel Driver Update Utility\SUR\Common.dll
2016-11-17 22:05 - 2016-11-17 22:05 - 00274176 _____ () C:\Program Files\Intel Driver Update Utility\SUR\analyzer.dll
2017-01-11 18:34 - 2016-11-17 22:16 - 00805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-01-11 18:34 - 2016-11-17 22:18 - 01981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-01-11 18:34 - 2016-11-17 22:11 - 00247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-01-11 18:34 - 2016-11-17 22:10 - 00212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-01-11 18:34 - 2016-11-17 22:11 - 00174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-01-11 18:34 - 2016-11-17 22:10 - 00203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-01-11 18:34 - 2016-11-17 22:09 - 00206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2017-01-11 18:34 - 2016-11-17 22:09 - 00336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-01-11 18:34 - 2016-11-17 22:06 - 00147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-01-11 18:34 - 2016-11-17 22:11 - 00213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-01-11 18:34 - 2016-11-17 22:07 - 00229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-01-11 18:34 - 2016-11-17 22:08 - 00224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-01-11 18:34 - 2016-11-17 22:06 - 00211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-01-11 18:34 - 2016-11-17 22:08 - 00219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2017-01-11 18:34 - 2016-11-17 22:14 - 00730880 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2017-01-11 18:34 - 2016-11-17 22:12 - 00237824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2017-01-11 18:34 - 2016-11-17 22:08 - 00217344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2017-01-07 12:16 - 2017-01-07 12:16 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-11 16:37 - 2017-01-11 16:37 - 03138632 _____ () C:\Program Files\AVAST Software\Avast\defs\17011100\algo.dll
2017-01-07 12:16 - 2017-01-07 12:16 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-01-07 12:16 - 2017-01-07 12:16 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-01-11 18:34 - 2016-11-09 15:24 - 00169200 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\DiskTraceCPP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys
AlternateDataStreams: C:\Windows\system32\drivers:x64
AlternateDataStreams: C:\Windows\system32\drivers:x86
AlternateDataStreams: C:\Users\Utilizador:Heroes & Generals
AlternateDataStreams: C:\Users\anton_000\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3552909271-904078643-69874527-1001\...\hola.org -> hxxp://hola.org


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3552909271-904078643-69874527-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Utilizador\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "gplyra"
HKU\S-1-5-21-3552909271-904078643-69874527-1001\...\StartupApproved\Run: => "svchost0"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{28D173CA-3380-4270-ADA8-49C9AA263BB6}] => (Allow) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver\WFDTray.exe
FirewallRules: [{DDEEF554-FD4B-429C-A35D-188773E256F4}] => (Allow) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver\WFDTray.exe
FirewallRules: [{6E397943-B001-4926-A7D1-FEE4F6A436FC}] => (Allow) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver\WFDSendToExplorer.exe
FirewallRules: [{02F8C692-63EC-4C52-A809-A367788806FD}] => (Allow) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver\WFDSendToExplorer.exe
FirewallRules: [{94A6BC1F-AB00-4CD5-9D35-77DC749E3852}] => (Allow) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver\WFDTray.exe
FirewallRules: [{78767241-C18D-456F-AF5C-8B25FF84D4B7}] => (Allow) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver\WFDTray.exe
FirewallRules: [TCP Query User{83E4079C-0422-4B51-BE92-FCA812B8A14D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FB37CE8A-0D9D-4EB5-A0E3-4B222B815E09}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E796434B-B19B-4B65-8DE7-194C54951D49}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{29C88290-A4B3-4CD7-AC0A-45719CFE1F88}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{90AF4667-6FC5-4F9B-B109-0E210BB897D3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{61731FE2-B583-48A6-A27C-763A5591F12E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C0DB0723-2B47-4FF9-B37E-E665D9DCA953}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1D26D712-9018-42FB-B6D0-B3B55587C45F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{19D12F60-2760-4198-8185-92497C904AE3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{2C636BD0-3CDD-4C19-9F54-EEE9FEBA4BE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{C85A348B-42D0-4BB6-8C59-74DEEB351A4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{89802584-DF4C-4C02-AEFD-62BAEACEBE12}] => (Allow) C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1A64B084-B91B-4483-87F0-265D4EA0551C}] => (Allow) C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E2F7C977-E8EB-466F-8CEB-91DCD643DDCD}] => (Allow) C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{63ED03C1-0B2C-4557-899F-6165269DDCFB}] => (Allow) C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{14B4917C-1C8D-4D8D-AB84-D6CD07EDE6D5}] => (Allow) C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{13155F04-4C44-45A1-8552-6DA8673AC24B}] => (Allow) C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{42F74F71-4101-4550-85A2-44845E798A93}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{46CA367D-5963-44BB-B4EE-686E654E2F22}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{30EE46DF-8D0C-4202-8E0C-AB05646F2E7F}C:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3ED3F3ED-E43A-4D73-BC17-8980B2850C33}C:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{29970CC1-1F51-4169-A7F5-49C551FA9C55}C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [UDP Query User{C4E165DA-3440-42E8-ADA6-840B0B26B9D6}C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [{66DB3E4A-B011-4AF6-A5BF-5F5CE1B9BA94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{0C6792A0-C6F8-4641-B220-C22AA40CAA81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{259C6852-7AB6-4F17-B20A-42ED8F11C20C}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{6D51C41C-C303-4DEB-81D3-B5013ED4BFA3}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{58AFB1B2-D231-4B74-A7B7-21E06BF2E2E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{926B232B-E4C7-4660-8C3D-187E2549EF20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C1815381-E4A8-4E17-BB7F-089F53FF6E07}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3057BB4D-F138-45BC-B56C-EE4FD5B74D69}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0FD79E71-11E8-437A-A8B2-20703ED8FFE0}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{9588AB76-A9A4-4542-B164-EFA373D5C44A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{9FCE6361-8E29-4570-84FD-C0D307F3568A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{114BE881-5703-4CAC-986F-C2FDB1171708}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{4C922941-A46D-410B-B90B-407FC02B4331}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{42C175AA-9AF2-41EE-9E83-7A3A3D645B86}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{144643A2-2A0B-4264-B6F9-F57798FEAC20}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{03878B1C-2A7E-4F2C-A811-13E38CB42003}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{6E4F0B31-E09A-4989-8BE6-4BECB0EB113E}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{7AEE1FC0-B642-4A6F-A5D9-CDADC89C718C}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{F7BC8C31-8E42-4044-8148-24A680E60A35}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{74276C32-A4F0-42D0-9EBE-85C49684FC17}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{02882C76-FD75-4C3E-AFB2-7B102F20515B}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{5C1A3CFF-8D0C-48A8-9DBE-0A4D4A95262B}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{C9B91B5A-2AAA-479F-9C3C-3824CC555754}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2017 09:13:18 PM) (Source: ESRV_SVC_QUEENCREEK) (EventID: 2) (User: )
Description: Error [8]: [ERROR_APPLICATION_UNABLE_TO_READ_OS_COUNTER][0x0].
Occurred: [Wed Jan 11 21:13:18 2017].
In file: [os_counters.c].
At line: [1896].

Error: (01/11/2017 09:13:18 PM) (Source: ESRV_SVC_QUEENCREEK) (EventID: 2) (User: )
Description: Error [7]: [ERROR_APPLICATION_UNABLE_TO_READ_OS_COUNTER][0x0].
Occurred: [Wed Jan 11 21:13:18 2017].
In file: [os_counters.c].
At line: [1896].

Error: (01/11/2017 09:13:18 PM) (Source: ESRV_SVC_QUEENCREEK) (EventID: 2) (User: )
Description: Error [6]: [ERROR_APPLICATION_UNABLE_TO_READ_OS_COUNTER][0x0].
Occurred: [Wed Jan 11 21:13:18 2017].
In file: [os_counters.c].
At line: [1896].

Error: (01/11/2017 09:13:18 PM) (Source: ESRV_SVC_QUEENCREEK) (EventID: 2) (User: )
Description: Error [5]: [ERROR_APPLICATION_UNABLE_TO_READ_OS_COUNTER][0x0].
Occurred: [Wed Jan 11 21:13:18 2017].
In file: [os_counters.c].
At line: [1896].

Error: (01/11/2017 09:13:18 PM) (Source: ESRV_SVC_QUEENCREEK) (EventID: 2) (User: )
Description: Error [4]: [ERROR_APPLICATION_UNABLE_TO_READ_OS_COUNTER][0x0].
Occurred: [Wed Jan 11 21:13:18 2017].
In file: [os_counters.c].
At line: [1896].

Error: (01/11/2017 06:37:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RadeonSettings.exe, version: 10.1.1.1666, time stamp: 0x585d6113
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x428
Faulting application start time: 0xRadeonSettings.exe0
Faulting application path: RadeonSettings.exe1
Faulting module path: RadeonSettings.exe2
Report Id: RadeonSettings.exe3
Faulting package full name: RadeonSettings.exe4
Faulting package-relative application ID: RadeonSettings.exe5

Error: (01/11/2017 06:25:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/11/2017 05:47:31 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/11/2017 05:40:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/10/2017 08:23:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


System errors:
=============
Error: (01/11/2017 06:30:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Voduphtharck service terminated with the following error:
%%126

Error: (01/11/2017 06:30:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The My Web Shield Consolidator service failed to start due to the following error:
%%2

Error: (01/11/2017 06:30:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The My Web Shield Sentinel service failed to start due to the following error:
%%2

Error: (01/11/2017 06:27:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppX Deployment Service (AppXSVC) service failed to start due to the following error:
%%1069

Error: (01/11/2017 06:27:34 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The AppXSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%1352

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/11/2017 06:27:32 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (01/11/2017 05:55:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Voduphtharck service terminated with the following error:
%%126

Error: (01/11/2017 05:55:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The My Web Shield Consolidator service failed to start due to the following error:
%%2

Error: (01/11/2017 05:55:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The My Web Shield Sentinel service failed to start due to the following error:
%%2

Error: (01/11/2017 05:53:35 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 63%
Total physical RAM: 4011.39 MB
Available physical RAM: 1469.14 MB
Total Virtual: 5099.39 MB
Available Virtual: 2497.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.25 GB) (Free:373.14 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

 

[Pkillz]

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Utilizador (administrator) on HP (11-01-2017 21:44:21)
Running from C:\Users\Utilizador\Downloads
Loaded Profiles: Utilizador (Available Profiles: Utilizador & anton_000)
Platform: Windows 8.1 (X64) Language: Portuguese (Portugal)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Program Files\Everything\Everything.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Everything\Everything.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\asulaunch.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\DiskTrace.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8466136 2016-07-21] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161240 2016-05-21] (IvoSoft)
HKLM\...\Run: [gplyra] => C:\Users\Utilizador\AppData\Roaming\gplyra\gplyra.exe
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-07] (AVAST Software)
HKU\S-1-5-21-3552909271-904078643-69874527-1001\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe
HKU\S-1-5-21-3552909271-904078643-69874527-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3552909271-904078643-69874527-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [217088 2014-10-29] (Microsoft Corporation)
ShellExecuteHooks: - {25FDC694-CCFD-11E6-8F28-64006A5CFC23} - C:\Users\Utilizador\AppData\Roaming\Buhuch\Pktkerresy.dll No File [ ]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Utilizador\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Utilizador\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Utilizador\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-07] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-05-21] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Utilizador\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Utilizador\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Utilizador\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-05-21] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8DF2F0F0-46DD-4992-A326-328835331F89}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3552909271-904078643-69874527-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-pt/?ocid=iehp
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-05-21] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-01-07] (AVAST Software)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-05-21] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-05-21] (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-07] (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-05-21] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-05-21] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-05-21] (IvoSoft)

FireFox:
========
FF ProfilePath: C:\Users\Utilizador\AppData\Roaming\Mozilla\Firefox\Profiles\vqy9z2kc.default-1484164021501
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Extension: Adblock Plus - C:\Users\Utilizador\AppData\Roaming\Mozilla\Firefox\Profiles\vqy9z2kc.default-1484164021501\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-11]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2017-01-11]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-07]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-07]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-07] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-22] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-07] (EasyAntiCheat Ltd)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2016-07-21] (Intel Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] () [File not signed]
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-05] (Hi-Rez Studios) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-17] (Hewlett-Packard Company)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359856 2015-09-17] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [295128 2016-07-21] (Realtek Semiconductor)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 mweshield; "C:\Program Files\My Web Shield\mweshield.exe" [X]
S2 mweshieldup; "C:\Program Files\My Web Shield\mweshieldup.exe" [X]
S2 Voduphtharck; C:\Program Files (x86)\Citocultbukopy\anorikSystem.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2017-01-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2017-01-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2017-01-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2017-01-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2017-01-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2017-01-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2017-01-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-07] (AVAST Software)
R3 bcbtums; C:\Windows\system32\DRIVERS\bcbtums.sys [186152 2016-09-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7552760 2015-08-15] (Broadcom Corporation)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2016-07-21] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [38208 2016-07-21] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216360 2016-07-21] (Intel Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.)
S3 iscFlash; C:\Windows\TEMP\7zS826D.tmp\iscflashx64.sys [67784 2015-08-12] (Insyde Software)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R1 mwescontroller; C:\Windows\system32\drivers\mwescontroller.sys [57680 2016-08-31] ()
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R1 ucdrv; C:\Windows\System32\drivers:ucdrv-x64.sys [0 ] (UC Web Inc.) <==== ATTENTION (zero byte File/Folder)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-24] (HP)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-11 21:44 - 2017-01-11 21:45 - 00014982 _____ C:\Users\Utilizador\Downloads\FRST.txt
2017-01-11 21:44 - 2017-01-11 21:44 - 00000000 ____D C:\FRST
2017-01-11 21:39 - 2017-01-11 21:39 - 02193920 _____ (Farbar) C:\Users\Utilizador\Downloads\FRST64.exe
2017-01-11 18:45 - 2017-01-11 18:45 - 00001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-11 18:45 - 2017-01-11 18:45 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-11 18:45 - 2017-01-11 18:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-11 18:35 - 2017-01-11 18:35 - 00001182 _____ C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.6.lnk
2017-01-11 18:35 - 2017-01-11 18:35 - 00000000 ____D C:\Users\Utilizador\AppData\Local\Intel
2017-01-11 18:35 - 2017-01-11 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-01-11 18:35 - 2017-01-11 18:35 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-01-11 18:34 - 2017-01-11 18:34 - 09927544 _____ (Intel) C:\Users\Utilizador\Downloads\Intel Driver Update Utility Installer.exe
2017-01-11 18:34 - 2017-01-11 18:34 - 00003210 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-01-11 18:34 - 2017-01-11 18:34 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2017-01-11 18:34 - 2017-01-11 18:34 - 00000000 ____D C:\ProgramData\Intel
2017-01-11 18:34 - 2017-01-11 18:34 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-01-11 18:34 - 2016-10-18 17:14 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2017-01-11 18:32 - 2017-01-11 18:32 - 00000000 ____D C:\Users\Utilizador\AppData\Local\AMD
2017-01-11 18:25 - 2017-01-11 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-01-11 18:24 - 2017-01-11 18:24 - 00003160 _____ C:\Windows\System32\Tasks\StartCN
2017-01-11 18:24 - 2017-01-11 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-01-11 18:23 - 2017-01-11 18:23 - 00000000 ____D C:\Program Files (x86)\AMD
2017-01-11 18:21 - 2017-01-11 18:21 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-11 18:21 - 2016-09-09 17:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-01-11 18:21 - 2016-09-09 17:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2017-01-11 18:21 - 2016-09-09 17:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-01-11 18:21 - 2016-09-09 17:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2017-01-11 18:15 - 2017-01-11 18:17 - 00000000 ____D C:\AMD
2017-01-11 18:12 - 2017-01-11 18:13 - 56506240 _____ (AMD Inc.) C:\Users\Utilizador\Downloads\radeon-crimson-relive-16.12.2-minimalsetup-170106_web.exe
2017-01-11 17:47 - 2017-01-11 18:31 - 00000000 ____D C:\Program Files\k1asep9x
2017-01-10 19:42 - 2017-01-11 21:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-08 14:33 - 2017-01-08 14:33 - 00001720 _____ C:\Users\Utilizador\Desktop\League of Legends.lnk
2017-01-07 16:52 - 2017-01-08 20:32 - 00003886 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1483811508
2017-01-07 16:51 - 2017-01-08 20:32 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-01-07 16:51 - 2017-01-07 16:51 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-01-07 16:51 - 2017-01-07 16:51 - 00001059 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-01-07 13:01 - 2017-01-07 13:01 - 00000000 ____D C:\Users\Utilizador\AppData\LocalLow\uTorrent
2017-01-07 12:17 - 2017-01-07 12:17 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-01-07 12:17 - 2017-01-07 12:17 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\AVAST Software
2017-01-07 12:17 - 2017-01-07 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-01-07 12:16 - 2017-01-07 12:16 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-01-07 12:16 - 2017-01-07 12:16 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-01-07 12:16 - 2017-01-07 12:16 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-01-07 12:16 - 2017-01-07 12:16 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-01-07 12:16 - 2017-01-07 12:16 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-01-07 12:16 - 2017-01-07 12:16 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-01-07 12:16 - 2017-01-07 12:16 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-01-07 12:16 - 2017-01-07 12:16 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-01-07 12:16 - 2017-01-07 12:16 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2017-01-07 12:16 - 2017-01-07 12:16 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-01-07 12:16 - 2017-01-07 12:16 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-01-07 12:16 - 2017-01-07 12:16 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-01-07 12:16 - 2017-01-07 12:16 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-07 12:15 - 2017-01-07 16:51 - 00000000 ____D C:\Program Files\AVAST Software
2017-01-07 12:14 - 2017-01-07 16:51 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-07 12:14 - 2017-01-07 12:14 - 06334848 _____ (AVAST Software) C:\Users\Utilizador\Downloads\avast_free_antivirus_setup_online.exe
2017-01-07 12:02 - 2017-01-11 18:26 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\Everything
2017-01-07 12:02 - 2017-01-07 12:02 - 01014086 _____ () C:\Users\Utilizador\Downloads\Everything-1.3.4.686.x64.Multilingual-Setup.exe
2017-01-07 12:02 - 2017-01-07 12:02 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2017-01-07 12:02 - 2017-01-07 12:02 - 00000000 ____D C:\Program Files\Everything
2017-01-07 11:25 - 2017-01-07 11:28 - 00001552 _____ C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
2017-01-07 11:25 - 2017-01-07 11:28 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2017-01-07 11:23 - 2017-01-07 11:30 - 00000000 ____D C:\Users\Utilizador\AppData\Local\app
2017-01-07 11:23 - 2017-01-07 11:23 - 00006088 _____ C:\Windows\System32\Tasks\Wgecultprahersh Schedule
2017-01-07 11:23 - 2017-01-07 11:23 - 00004438 _____ C:\Windows\System32\Tasks\SecureUpdater
2017-01-07 11:23 - 2017-01-07 11:23 - 00003432 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
2017-01-07 11:23 - 2017-01-07 11:23 - 00002574 _____ C:\Windows\System32\Tasks\UCBrowserUpdaterCore
2017-01-07 11:23 - 2017-01-07 11:23 - 00000000 ____D C:\Users\Utilizador\AppData\Local\UCBrowser
2017-01-07 11:22 - 2017-01-11 17:45 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\Buhuch
2017-01-07 11:22 - 2017-01-07 11:22 - 00000000 ____D C:\Program Files (x86)\Wowertherterhery System
2017-01-07 11:22 - 2016-08-31 16:00 - 00057680 _____ C:\Windows\system32\Drivers\mwescontroller.sys
2017-01-07 11:21 - 2017-01-07 11:21 - 00594944 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Utilizador\Downloads\libeay32.dll
2017-01-07 11:21 - 2017-01-07 11:21 - 00152576 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Utilizador\Downloads\ssleay32.dll
2017-01-07 11:21 - 2017-01-07 11:21 - 00000000 ____D C:\Users\Utilizador\AppData\Local\Dbemno
2017-01-07 11:21 - 2017-01-07 11:21 - 00000000 ____D C:\Users\Utilizador\AppData\Local\Clitphthilepy
2017-01-07 11:21 - 2017-01-07 11:21 - 00000000 _____ C:\TOSTACK
2017-01-05 20:20 - 2017-01-05 20:20 - 00033572 _____ C:\Users\Utilizador\Downloads\pirates.of.the.caribbean.tales.of.the.code.wedlocked.(2011).per.1cd.(6826513).zip
2017-01-05 20:19 - 2017-01-05 20:19 - 00004680 _____ C:\Users\Utilizador\Downloads\pirates.of.the.caribbean.tales.of.the.code.wedlocked.(2011).fin.1cd.(5458817).zip
2017-01-05 20:10 - 2017-01-05 21:04 - 343355651 _____ C:\Users\Utilizador\Downloads\Pirates.of.the.Caribbean.Tales.of.the.Code.Wedlocked.720.BDRip.x264-DJF.mkv
2017-01-04 18:53 - 2017-01-04 18:53 - 00000000 _____ C:\Users\Utilizador\Desktop\1.30.00.txt
2016-12-29 20:46 - 2017-01-08 21:38 - 00000000 ____D C:\Users\Utilizador\Downloads\PopcornTime
2016-12-29 20:46 - 2016-12-29 20:46 - 00001205 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
2016-12-29 20:46 - 2016-12-29 20:46 - 00000000 ____D C:\Users\Utilizador\AppData\Local\PopcornTime
2016-12-29 20:46 - 2016-12-29 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2016-12-29 20:45 - 2016-12-29 20:46 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2016-12-29 20:42 - 2016-12-29 20:44 - 56002117 _____ (Popcorn Time ) C:\Users\Utilizador\Downloads\PopcornTime-latest.exe
2016-12-17 11:12 - 2016-12-17 11:16 - 00000000 ____D C:\Users\Utilizador\Desktop\Call of Duty World at War
2016-12-14 15:47 - 2016-12-01 13:13 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-12-14 15:47 - 2016-12-01 13:13 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-12-14 15:47 - 2016-12-01 13:11 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-12-14 15:47 - 2016-12-01 13:11 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-12-14 15:47 - 2016-10-20 12:14 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-12-14 15:47 - 2016-10-20 12:10 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-12-14 15:15 - 2016-11-19 20:24 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-14 15:15 - 2016-11-19 20:24 - 00152856 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-14 15:15 - 2016-11-19 18:29 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-14 15:15 - 2016-11-19 17:44 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-14 15:15 - 2016-11-19 16:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-14 15:15 - 2016-11-19 16:22 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-14 15:15 - 2016-11-16 20:49 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2016-12-14 15:15 - 2016-11-12 20:06 - 00738104 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-12-14 15:15 - 2016-11-12 18:38 - 00613632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-12-14 15:15 - 2016-11-12 18:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-14 15:15 - 2016-11-12 18:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-14 15:15 - 2016-11-12 18:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-14 15:15 - 2016-11-12 17:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-14 15:15 - 2016-11-12 17:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-14 15:15 - 2016-11-12 17:23 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-12-14 15:15 - 2016-11-12 17:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-14 15:15 - 2016-11-12 17:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-14 15:15 - 2016-11-12 17:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-14 15:15 - 2016-11-12 16:45 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-12-14 15:15 - 2016-11-12 16:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-14 15:15 - 2016-11-12 16:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-14 15:15 - 2016-11-12 16:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-14 15:15 - 2016-11-12 16:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-14 15:15 - 2016-11-12 16:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-14 15:15 - 2016-11-12 16:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-14 15:15 - 2016-11-12 16:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-14 15:15 - 2016-11-12 16:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-14 15:15 - 2016-11-12 16:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-14 15:15 - 2016-11-12 16:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-14 15:15 - 2016-11-11 01:33 - 01541240 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-14 15:15 - 2016-11-09 16:25 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-14 15:15 - 2016-11-05 19:46 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-12-14 15:15 - 2016-11-05 17:35 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-14 15:15 - 2016-11-05 16:57 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-14 15:15 - 2016-11-05 16:11 - 03606528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-14 15:15 - 2016-11-05 14:56 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-14 15:15 - 2016-11-05 14:46 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-14 15:15 - 2016-10-28 01:56 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-14 15:15 - 2016-10-27 13:28 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-14 15:15 - 2016-10-12 20:49 - 00379224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-12-14 15:15 - 2016-10-12 20:11 - 00922968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2016-12-14 15:15 - 2016-10-11 15:45 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-12-14 15:15 - 2016-10-10 22:31 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-12-14 15:15 - 2016-10-10 17:18 - 00069976 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-14 15:15 - 2016-10-10 17:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cmimcext.sys
2016-12-14 15:15 - 2016-10-09 13:17 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2016-12-14 15:15 - 2016-10-09 13:08 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2016-12-14 15:15 - 2016-10-09 13:08 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2016-12-14 15:15 - 2016-10-08 21:24 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-12-14 15:15 - 2016-10-08 20:31 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-12-14 15:15 - 2016-10-08 20:10 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-12-14 15:15 - 2016-10-05 13:01 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-12-14 15:15 - 2016-10-05 13:00 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2016-12-14 15:15 - 2016-10-05 13:00 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2016-12-14 15:15 - 2016-10-05 12:52 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2016-12-14 15:15 - 2016-10-05 12:52 - 00513456 _____ C:\Windows\system32\locale.nls
2016-12-14 15:15 - 2016-10-05 03:15 - 01969944 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-14 15:15 - 2016-10-05 03:15 - 01613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-14 15:15 - 2016-10-05 03:15 - 00324896 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-14 15:15 - 2016-10-05 03:15 - 00245320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-14 15:15 - 2016-09-27 19:16 - 00445873 _____ C:\Windows\system32\ApnDatabase.xml
2016-12-14 15:15 - 2016-09-20 21:30 - 02462040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-12 21:13 - 2016-07-21 12:29 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FBBADE27-6363-4E7C-B4D7-DC9419B71518}
2017-01-11 21:43 - 2016-07-31 19:33 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\Skype
2017-01-11 21:33 - 2016-07-23 10:16 - 00000000 ____D C:\Users\Utilizador\AppData\Local\ClassicShell
2017-01-11 21:32 - 2016-07-21 09:30 - 01392800 _____ C:\Windows\WindowsUpdate.log
2017-01-11 21:23 - 2016-11-20 11:56 - 00000000 ____D C:\Users\Utilizador\AppData\LocalLow\Mozilla
2017-01-11 21:02 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\sru
2017-01-11 18:49 - 2016-07-21 10:37 - 00003592 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3552909271-904078643-69874527-1001
2017-01-11 18:45 - 2016-11-29 21:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-11 18:37 - 2016-07-21 09:35 - 01816356 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-11 18:37 - 2013-08-22 22:52 - 00790192 _____ C:\Windows\system32\prfh0816.dat
2017-01-11 18:37 - 2013-08-22 22:52 - 00164248 _____ C:\Windows\system32\prfc0816.dat
2017-01-11 18:34 - 2016-07-21 15:09 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-11 18:34 - 2016-07-21 10:55 - 00000000 ____D C:\Program Files\Intel
2017-01-11 18:31 - 2016-12-04 11:59 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-01-11 18:31 - 2016-08-26 12:52 - 00000000 ____D C:\Users\Utilizador\AppData\Local\LogMeIn Hamachi
2017-01-11 18:31 - 2016-07-21 10:56 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-11 18:30 - 2013-08-22 13:46 - 00024998 _____ C:\Windows\setupact.log
2017-01-11 18:30 - 2013-08-22 13:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-11 18:25 - 2016-07-21 10:40 - 00000000 ____D C:\Program Files\AMD
2017-01-11 17:53 - 2013-08-22 12:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-01-11 17:45 - 2016-07-21 09:26 - 00114830 _____ C:\Windows\PFRO.log
2017-01-11 16:54 - 2016-08-24 22:32 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-11 16:54 - 2016-08-24 22:32 - 00000000 ____D C:\Users\Utilizador\AppData\Local\Adobe
2017-01-11 16:54 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-11 16:54 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-08 11:41 - 2016-07-22 08:55 - 00003182 _____ C:\Windows\System32\Tasks\HPCeeScheduleForUtilizador
2017-01-08 11:41 - 2016-07-22 08:55 - 00000358 _____ C:\Windows\Tasks\HPCeeScheduleForUtilizador.job
2017-01-08 00:26 - 2016-08-30 16:30 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\uTorrent
2017-01-07 11:30 - 2016-11-19 18:01 - 00001054 _____ C:\Users\anton_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-07 11:30 - 2016-07-21 09:31 - 00001054 _____ C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-06 20:27 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\AppReadiness
2016-12-31 21:32 - 2016-08-01 16:57 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-31 01:33 - 2016-07-21 09:31 - 00000000 ____D C:\Users\Utilizador
2016-12-30 12:42 - 2016-10-31 22:31 - 00000066 _____ C:\Users\Utilizador\Desktop\Password TP-Link_B554BE.txt
2016-12-28 23:03 - 2016-08-09 11:04 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\Audacity
2016-12-27 14:44 - 2016-08-01 17:07 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-20 00:03 - 2016-07-31 19:33 - 00000000 ____D C:\ProgramData\Skype
2016-12-20 00:02 - 2016-07-31 19:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-17 11:36 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\rescache
2016-12-16 16:34 - 2013-08-22 14:20 - 00000000 ____D C:\Windows\CbsTemp
2016-12-15 15:51 - 2016-08-18 16:29 - 00000000 ____D C:\Users\Utilizador\AppData\Local\MEGAsync
2016-12-15 13:35 - 2013-08-22 13:44 - 00346720 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-14 21:49 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\oobe
2016-12-14 15:51 - 2016-07-21 11:21 - 00000000 ____D C:\Windows\system32\MRT
2016-12-14 15:49 - 2016-07-21 11:21 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-14 15:02 - 2016-08-01 17:01 - 00000000 ____D C:\Users\Utilizador\AppData\Local\Steam
2016-12-13 22:17 - 2016-09-14 14:59 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-12-13 22:17 - 2016-09-14 14:59 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi

==================== Files in the root of some directories =======

2017-01-07 11:21 - 2017-01-07 11:21 - 0023622 _____ () C:\Users\Utilizador\AppData\Roaming\aliexpress.ico
2017-01-07 11:21 - 2017-01-07 11:21 - 0099678 _____ () C:\Users\Utilizador\AppData\Roaming\booking.ico

Some files in TEMP:
====================
C:\Users\Utilizador\AppData\Local\Temp\6477.tmp.exe
C:\Users\Utilizador\AppData\Local\Temp\Browser_V6.0.1121.13_r_4728_(Build1612191708).exe
C:\Users\Utilizador\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Utilizador\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Utilizador\AppData\Local\Temp\Hola-Setup-x64-1.18.524.exe
C:\Users\Utilizador\AppData\Local\Temp\jpathwatch-nativelib-v-0-94-jpathwatch-native.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-01-10 23:21

==================== End of FRST.txt ============================

 

[Broni]

It looks like we have a case of hijacked "hosts" file but let's check other stuff as well.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.