CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-3044051486-888018774-971069593-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3044051486-888018774-971069593-1000\...\MountPoints2: F - F:\Setup.exe HKU\S-1-5-21-3044051486-888018774-971069593-1000\...\MountPoints2: {5a3b8750-44a4-11e5-8c0c-20cf304ce7a9} - F:\Setup.exe HKU\S-1-5-21-3044051486-888018774-971069593-1000\...\MountPoints2: {e7a67e17-a65f-11e5-bf83-20cf304ce7a9} - H:\setup.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll No File Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll No File HKU\S-1-5-21-3044051486-888018774-971069593-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S1 wfd_vt_1_10_0_20; system32\drivers\wfd_vt_1_10_0_20.sys [X] 2016-04-24 22:40 - 2016-04-24 22:40 - 00001153 _____ C:\Users\Daniel\Desktop\LocalLow - Atalho.lnk 2016-04-24 22:40 - 2016-04-24 22:40 - 00001118 _____ C:\Users\Daniel\Desktop\Local - Atalho.lnk 2016-04-24 22:40 - 2016-04-24 22:40 - 00000957 _____ C:\Users\Daniel\Desktop\Roaming - Atalho.lnk 2016-04-24 22:27 - 2016-04-24 13:55 - 01907200 _____ C:\ProgramData\msiql.exe 2016-04-18 00:50 - 2016-04-18 00:50 - 00000000 ____D C:\ProgramData\baidu 016-04-16 13:45 - 2016-04-14 13:08 - 01274368 _____ C:\ProgramData\MiniFriv01.exe 2016-04-16 13:44 - 2016-04-26 15:44 - 00001801 _____ C:\Users\Daniel\Desktop\Yeabeats Browser.lnk 2016-04-16 13:44 - 2016-04-14 13:07 - 01274368 _____ C:\ProgramData\MiniFriv00.exe 2016-04-16 13:44 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe 2016-04-16 13:43 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe 2016-04-16 13:42 - 2016-04-16 13:42 - 01747456 _____ C:\ProgramData\service.exe 2016-04-16 12:44 - 2016-04-16 12:44 - 00000000 ____D C:\ProgramData\d72325eb-7aa7-1 2016-04-16 12:44 - 2016-04-16 12:44 - 00000000 ____D C:\ProgramData\d72325eb-5141-0 2016-04-16 12:42 - 2016-04-19 19:36 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner C:\ProgramData\HomePage.exe C:\ProgramData\LightGate.exe C:\ProgramData\MiniFriv00.exe C:\ProgramData\MiniFriv01.exe C:\ProgramData\msiql.exe C:\ProgramData\service.exe ShortcutWithArgument: C:\Users\Daniel\Desktop\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navigation.iwatchavi.com/ ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navigation.iwatchavi.com/ ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://navigation.iwatchavi.com/ ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navigation.iwatchavi.com/ ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://navigation.iwatchavi.com/ ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navigation.iwatchavi.com/ ShortcutWithArgument: C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navigation.iwatchavi.com/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://navigation.iwatchavi.com/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navigation.iwatchavi.com/ ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://navigation.iwatchavi.com/ ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navigation.iwatchavi.com/ AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134] CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns RemoveProxy: hosts: Emptytemp: