websites being redirected to other unwanted sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2016

Ran by PC (administrator) on PC-PC (30-12-2016 10:29:02)

Running from C:\Users\PC\Desktop

Loaded Profiles: PC (Available Profiles: PC)

Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)

Internet Explorer Version 11 (Default browser not detected!)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe

(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe

(hxxp://www.amule.org/) C:\Program Files\walalala co\aMuleCustom\ed2k.exe

(simplitec GmbH) C:\Program Files\simplitec\KMPFaster\ServiceProvider.exe

(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

(Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe

(Opera Software) C:\Program Files\Opera\42.0.2393.94\opera_crashreporter.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDF.exe

(Opera Software) C:\Program Files\Opera\42.0.2393.94\opera.exe

(Farbar) C:\Users\PC\Desktop\FRST (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-30] (Microsoft Corporation)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-19] (AVAST Software)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-4116523911-2447559204-32063077-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-18] (Piriform Ltd)

HKU\S-1-5-21-4116523911-2447559204-32063077-1000\...\Run: [uTorrent] => C:\Users\PC\AppData\Roaming\uTorrent\updates\3.4.9_43085.exe [1979072 2016-12-21] (BitTorrent Inc.)

HKU\S-1-5-21-4116523911-2447559204-32063077-1000\...\MountPoints2: {84578ef7-3a41-11e5-9eef-14feb5a2b5f8} - I:\AutoRun.exe

HKU\S-1-5-21-4116523911-2447559204-32063077-1000\...\MountPoints2: {a605d2ff-7fbe-11e6-9da5-14feb5a2b5f8} - I:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-4116523911-2447559204-32063077-1000\...\MountPoints2: {ada9a1ef-38cb-11e5-b865-14feb5a2b5f8} - I:\AutoRun.exe

Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-12-19] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{4C43794A-CC31-4074-B176-BB20E3D52CC5}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131238176452045577&GUID=8C6C2CE3-1336-46F2-B1BD-99FFDECD7670

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.attirerpage.com/search/?type=ds&ts=1466060633&z=19c7e6f40e6b3c643a10a3ag0z3q0q1e1q4edqbc4m&from=wpm0616&uid=HGSTXHTS545050A7E680_RBF50AM50E4TKP0E4TKPX&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.attirerpage.com/?type=hp&ts=1466060633&z=19c7e6f40e6b3c643a10a3ag0z3q0q1e1q4edqbc4m&from=wpm0616&uid=HGSTXHTS545050A7E680_RBF50AM50E4TKP0E4TKPX

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.attirerpage.com/search/?type=ds&ts=1466060633&z=19c7e6f40e6b3c643a10a3ag0z3q0q1e1q4edqbc4m&from=wpm0616&uid=HGSTXHTS545050A7E680_RBF50AM50E4TKP0E4TKPX&q={searchTerms}

HKU\S-1-5-21-4116523911-2447559204-32063077-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1470985754&z=55c3a1d42db30db47b10c05gaz8m1e0t4b6w3m5w6b&from=wpm0616&uid=HGSTXHTS545050A7E680_RBF50AM50E4TKP0E4TKPX&q={searchTerms}

HKU\S-1-5-21-4116523911-2447559204-32063077-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131238176487067580&GUID=8C6C2CE3-1336-46F2-B1BD-99FFDECD7670

HKU\S-1-5-21-4116523911-2447559204-32063077-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

HKU\S-1-5-21-4116523911-2447559204-32063077-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.attirerpage.com/?type=hp&ts=1466060633&z=19c7e6f40e6b3c643a10a3ag0z3q0q1e1q4edqbc4m&from=wpm0616&uid=HGSTXHTS545050A7E680_RBF50AM50E4TKP0E4TKPX

HKU\S-1-5-21-4116523911-2447559204-32063077-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1470985754&z=55c3a1d42db30db47b10c05gaz8m1e0t4b6w3m5w6b&from=wpm0616&uid=HGSTXHTS545050A7E680_RBF50AM50E4TKP0E4TKPX&q={searchTerms}

SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =

SearchScopes: HKU\S-1-5-21-4116523911-2447559204-32063077-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1470985754&z=55c3a1d42db30db47b10c05gaz8m1e0t4b6w3m5w6b&from=wpm0616&uid=HGSTXHTS545050A7E680_RBF50AM50E4TKP0E4TKPX&q={searchTerms}

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-19] (AVAST Software)

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:

========

FF DefaultProfile: 52qdq1dx.default

FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\726ojmb6.default [2016-12-30]

FF Homepage: Mozilla\Firefox\Profiles\726ojmb6.default -> www.google.com

FF NetworkProxy: Mozilla\Firefox\Profiles\726ojmb6.default -> type", 4

FF ProfilePath: C:\Users\PC\AppData\Roaming\Profiles\52qdq1dx.default [2016-12-26]

FF NewTab: Profiles\52qdq1dx.default -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBH4rBHUmAk..&v=20160603&uid=1973FB68EB237737FCD55E342E866970&ptid=amz&mode=loadm

FF DefaultSearchEngine: Profiles\52qdq1dx.default -> hohosearch

FF DefaultSearchEngine.US: Profiles\52qdq1dx.default -> data:text/plain,browser.search.defaultenginename.US=hohosearch

FF SelectedSearchEngine: Profiles\52qdq1dx.default -> hohosearch

FF Homepage: Profiles\52qdq1dx.default -> hxxp://www.searchinme.com/?type=hp&ts=1479358126254&z=cf058de412c9d997c4c4476gazfm3t2wec5z1gaecc&from=official&uid=HGSTXHTS545050A7E680_RBF50AM50E4TKP0E4TKPX

FF Keyword.URL: Profiles\52qdq1dx.default -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?uid=1973FB68EB237737FCD55E342E866970&ptid=amz&ts=AHEqBH4rBHUmAk..&v=20160603&mode=ffexttoolbar&q=

FF NetworkProxy: Profiles\52qdq1dx.default -> type", 4

FF Extension: (GsearchFinder) - C:\Users\PC\AppData\Roaming\Profiles\52qdq1dx.default\Extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi [2016-06-03]

FF Extension: (SimilarWeb) - C:\Users\PC\AppData\Roaming\Profiles\52qdq1dx.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2016-11-20] [not signed]

FF Extension: (FF Adr) - C:\Users\PC\AppData\Roaming\Profiles\52qdq1dx.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2016-11-17] [not signed]

FF Extension: (English (US) Language Pack) - C:\Users\PC\AppData\Roaming\Profiles\52qdq1dx.default\Extensions\[email protected] [2016-11-17] [not signed]

FF SearchPlugin: C:\Users\PC\AppData\Roaming\Profiles\52qdq1dx.default\searchplugins\searchinme.xml [2016-11-17]

FF ProfilePath: C:\Users\PC\AppData\Roaming\Firefox\Firefox\Profiles\726ojmb6.default [2016-11-17]

FF Homepage: Firefox\Firefox\Profiles\726ojmb6.default -> www.google.com

FF NetworkProxy: Firefox\Firefox\Profiles\726ojmb6.default -> type", 4

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-19]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-19]

FF HKU\S-1-5-21-4116523911-2447559204-32063077-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WordWeb\WCaptureMoz

FF Extension: (WordWeb one-click lookup) - C:\Program Files\WordWeb\WCaptureMoz [2015-10-07] [not signed]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-20] ()

FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-11] (Foxit Corporation)

FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-11] (Foxit Corporation)

FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-11] (Foxit Corporation)

FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-11] (Foxit Corporation)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]

FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:

=======

CHR HomePage: Default -> hxxp://www.luckysearch123.com?type=hp&ts=1482828280&from=f0771226&uid=hgstxhts545050a7e680_rbf50am50e4tkp0e4tkpx&z=0c7dadd4530b6cd0444e572g3z5b0o1bbo3bdo1bde

CHR StartupUrls: Default -> "hxxp://www.luckysearch123.com?type=hp&ts=1482828280&from=f0771226&uid=hgstxhts545050a7e680_rbf50am50e4tkp0e4tkpx&z=0c7dadd4530b6cd0444e572g3z5b0o1bbo3bdo1bde"

CHR DefaultSearchURL: Default -> hxxp://www.luckysearch123.com/search.php?type=ds&ts=1482828280&from=f0771226&uid=hgstxhts545050a7e680_rbf50am50e4tkp0e4tkpx&z=0c7dadd4530b6cd0444e572g3z5b0o1bbo3bdo1bde&q={searchTerms}

CHR DefaultSearchKeyword: Default -> luck

CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10

CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2016-12-29]

CHR Extension: (Google Slides) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-06]

CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-06]

CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-06]

CHR Extension: (Yahoo Partner) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjicifbhnpakmaekfnphojjehhnifkmc [2016-11-20]

CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-06]

CHR Extension: (Google Sheets) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-06]

CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-06]

CHR Extension: (ConverttoPDFNow) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmphdhagapjpglaamgddiiojclgbodhn [2016-09-01]

CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-06]

CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-06]

CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-19]

CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-19] (AVAST Software)

R2 ed2kidle; C:\Program Files\walalala co\aMuleCustom\ed2k.exe [236544 2016-09-13] (hxxp://www.amule.org/) [File not signed]

R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] (Elex do Brasil Participações Ltda)

R3 iThemes5; C:\Program Files\Common Files\Services\iThemes.dll [622080 2016-11-29] () [File not signed] <==== ATTENTION

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes)

S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [270600 2016-07-19] (McAfee, Inc.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-30] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-30] (Microsoft Corporation)

R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION

R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996336 2016-11-30] (McAfee, Inc.)

R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [17304 2016-11-30] (McAfee, Inc.)

S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [73968 2016-11-30] (McAfee, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -runtimeupdated -originalversion 4.4.127.0 [X]

S4 UncheckitSvc; C:\Program Files\Uncheckit\UncheckitSvc.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-12-19] (AVAST Software)

S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-12-19] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-12-19] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-12-19] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-12-19] (AVAST Software)

S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-12-19] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-12-19] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-12-19] (AVAST Software)

S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-12-19] (AVAST Software)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59968 2016-12-14] ()

R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [227776 2016-05-23] (Elex do Brasil Participações Ltda)

S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [50280 2016-05-23] (Elex do Brasil Participações Ltda)

R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2016-05-23] (Elex do Brasil Participações Ltda)

R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2016-05-23] (Elex do Brasil Participações Ltda)

R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2016-05-23] (Elex do Brasil Participações Ltda)

R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [59152 2016-05-19] (Elex do Brasil Participações Ltda)

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2013-11-29] (Qualcomm Atheros Co., Ltd.)

R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [153024 2016-12-29] (Malwarebytes)

R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [87496 2016-12-30] (Malwarebytes)

R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2016-12-30] (Malwarebytes)

R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219072 2016-12-30] (Malwarebytes)

R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [63264 2016-12-30] (Malwarebytes)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)

R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10382576 2014-02-26] (Intel Corporation)

S1 femdhmeu; \??\C:\Windows\system32\drivers\femdhmeu.sys [X]

S1 qutmipc; \??\C:\Windows\system32\drivers\qutmipc.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-30 10:29 - 2016-12-30 10:30 - 00020408 _____ C:\Users\PC\Desktop\FRST.txt

2016-12-30 10:28 - 2016-12-30 10:29 - 00000000 ____D C:\FRST

2016-12-30 10:27 - 2016-12-30 10:27 - 01762816 _____ (Farbar) C:\Users\PC\Desktop\FRST (1).exe

2016-12-30 10:26 - 2016-12-30 10:26 - 01762816 _____ (Farbar) C:\Users\PC\Desktop\FRST.exe

2016-12-30 09:37 - 2016-12-30 09:41 - 00000000 ____D C:\Users\PC\Desktop\my words

2016-12-29 19:48 - 2016-12-29 19:48 - 00153024 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys

2016-12-29 19:47 - 2016-12-30 09:35 - 00087496 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys

2016-12-29 19:47 - 2016-12-30 09:35 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys

2016-12-29 19:47 - 2016-12-30 09:35 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2016-12-29 19:47 - 2016-12-30 09:34 - 00219072 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-12-29 19:47 - 2016-12-29 19:47 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2016-12-29 19:47 - 2016-12-29 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2016-12-29 19:47 - 2016-12-14 12:55 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys

2016-12-29 19:46 - 2016-12-29 19:46 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-12-29 19:46 - 2016-12-29 19:46 - 00000000 ____D C:\Program Files\Malwarebytes

2016-12-29 19:40 - 2016-12-29 19:40 - 00368034 _____ C:\Users\PC\Desktop\Revised_Calender_English_Final.pdf

2016-12-29 19:27 - 2016-12-29 19:43 - 54199488 _____ (Malwarebytes ) C:\Users\PC\Downloads\mb3-setup-35891.35891-3.0.5.1299.exe

2016-12-29 17:29 - 2016-12-29 21:53 - 00000000 ____D C:\Program Files\WinArcher

2016-12-29 17:28 - 2016-12-29 21:53 - 00000000 ____D C:\Program Files\Gubed

2016-12-26 22:07 - 2016-12-26 22:14 - 00011537 _____ C:\Users\PC\Downloads\article9443662.ece

2016-12-25 12:50 - 2016-12-25 12:50 - 00000000 _____ C:\Users\PC\AppData\Local\{59CE1249-11F8-42B8-A2E1-8705A465F8CD}

2016-12-22 12:19 - 2016-12-22 12:19 - 00000000 _____ C:\Users\PC\AppData\Local\{6026E47B-0433-4272-9EBD-C7AE05477B23}

2016-12-19 19:30 - 2016-12-19 19:30 - 00000000 ____D C:\Program Files\Common Files\Skype

2016-12-19 19:20 - 2016-12-19 19:20 - 00001124 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk

2016-12-19 19:20 - 2016-12-19 19:20 - 00001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk

2016-12-19 19:19 - 2016-12-19 19:19 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2016-12-19 19:09 - 2016-12-19 19:09 - 00002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2016-12-19 19:09 - 2016-12-19 19:09 - 00000000 ____D C:\Users\PC\AppData\Roaming\AVAST Software

2016-12-19 19:09 - 2016-12-19 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2016-12-19 19:07 - 2016-12-19 19:08 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2016-12-19 19:07 - 2016-12-19 19:08 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2016-12-19 19:07 - 2016-12-19 19:08 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys

2016-12-19 19:07 - 2016-12-19 19:06 - 00118664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2016-12-19 19:07 - 2016-12-19 19:06 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2016-12-19 19:07 - 2016-12-19 19:06 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2016-12-19 19:07 - 2016-12-19 19:06 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2016-12-19 19:07 - 2016-12-19 19:06 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2016-12-19 19:06 - 2016-12-19 19:06 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll

2016-12-19 19:06 - 2016-12-19 19:06 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2016-12-19 19:06 - 2016-12-19 19:06 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr

2016-12-19 18:57 - 2016-12-19 19:19 - 00000000 ____D C:\Program Files\AVAST Software

2016-12-19 18:55 - 2016-12-19 19:19 - 00000000 ____D C:\ProgramData\AVAST Software

2016-12-19 18:44 - 2016-12-19 18:44 - 00002044 _____ C:\ScatterDecryptor.2.0.0.1_19.12.2016_18.44.38_log.txt

2016-12-19 18:42 - 2016-12-19 18:43 - 00002472 _____ C:\ScatterDecryptor.2.0.0.1_19.12.2016_18.42.48_log.txt

2016-12-19 18:42 - 2016-12-19 18:42 - 00000000 ____D C:\Users\PC\AppData\Roaming\gnupg

2016-12-19 18:41 - 2016-12-19 18:41 - 00000000 ____D C:\Users\PC\Downloads\New folder

2016-12-19 18:41 - 2016-12-19 18:41 - 00000000 ____D C:\Users\PC\Documents\New folder

2016-12-19 18:40 - 2016-12-19 18:42 - 00002396 _____ C:\ScatterDecryptor.2.0.0.1_19.12.2016_18.40.00_log.txt

2016-12-19 18:39 - 2016-12-19 18:39 - 01500817 _____ C:\Users\PC\Downloads\ScatterDecryptor.zip

2016-12-16 20:35 - 2016-12-16 20:37 - 00400644 _____ C:\Users\PC\Downloads\Loan Support Letter - Srikar Puligandla.pdf

2016-12-13 18:54 - 2016-12-13 18:54 - 01608517 _____ C:\Users\PC\Downloads\photo id.mp4

2016-12-12 15:47 - 2016-12-12 15:47 - 00016718 _____ C:\Users\PC\Downloads\the-walking-dead-seventh-season_english-1462550.zip

2016-12-12 15:47 - 2016-12-12 15:47 - 00000000 ____D C:\Users\PC\Downloads\the-walking-dead-seventh-season_english-1462550

2016-12-12 15:08 - 2016-12-12 15:42 - 214512813 _____ C:\Users\PC\Downloads\videoplayback.mp4

2016-12-02 12:32 - 2016-12-05 08:46 - 00000000 ____D C:\Users\PC\Downloads\wd 5

2016-12-01 18:39 - 2016-12-01 18:39 - 02989280 _____ C:\Users\PC\Documents\data_structures_algorithms_tutorial.pdf

2016-12-01 18:34 - 2016-12-01 18:34 - 01161303 _____ C:\Users\PC\Documents\computer_programming_tutorial.pdf

2016-11-30 19:55 - 2016-11-30 20:43 - 169041867 _____ C:\Users\PC\Downloads\14.mp4

2016-11-30 19:54 - 2016-11-30 20:41 - 157556464 _____ C:\Users\PC\Downloads\13.mp4

2016-11-30 19:06 - 2016-11-30 19:53 - 147429549 _____ C:\Users\PC\Downloads\12.mp4

2016-11-30 12:40 - 2016-11-30 15:00 - 191769353 _____ C:\Users\PC\Downloads\10.mp4

2016-11-30 12:40 - 2016-11-30 14:55 - 161901089 _____ C:\Users\PC\Downloads\11.mp4

2016-11-30 12:40 - 2016-11-30 13:11 - 159386348 _____ C:\Users\PC\Downloads\9.mp4

2016-11-30 11:54 - 2016-11-30 12:38 - 181723234 _____ C:\Users\PC\Downloads\8.mp4

2016-11-30 11:54 - 2016-11-30 12:35 - 164511391 _____ C:\Users\PC\Downloads\7.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-30 10:30 - 2009-07-14 10:04 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-12-30 10:30 - 2009-07-14 10:04 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-12-30 10:28 - 2015-03-17 02:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-12-30 09:33 - 2015-03-19 02:44 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent

2016-12-30 09:32 - 2016-03-10 20:38 - 00000396 _____ C:\Windows\Tasks\simplitec Power Suite (Tray).job

2016-12-30 09:32 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-12-29 21:17 - 2016-10-22 13:05 - 00000000 ____D C:\Users\PC\AppData\Roaming\vlc

2016-12-29 20:15 - 2015-03-21 08:02 - 00000000 ____D C:\Program Files\Google

2016-12-29 20:12 - 2015-07-16 06:46 - 00000000 ____D C:\Program Files\Foxit Software

2016-12-29 20:08 - 2016-05-24 20:05 - 00000000 ____D C:\Program Files\Opera

2016-12-29 17:30 - 2016-11-02 17:55 - 00000000 _____ C:\Users\Public\Documents\report.dat

2016-12-29 17:29 - 2016-11-22 06:32 - 00000000 _____ C:\Users\Public\Documents\temp.dat

2016-12-29 17:29 - 2016-10-26 16:17 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-12-29 16:47 - 2016-10-25 14:03 - 00000000 ____D C:\Program Files\McAfee

2016-12-29 16:46 - 2016-10-25 12:18 - 00000000 ____D C:\Program Files\TrueKey

2016-12-29 16:06 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\system32\NDF

2016-12-29 16:04 - 2010-11-21 02:31 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI

2016-12-29 16:04 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\inf

2016-12-28 09:38 - 2016-10-25 14:04 - 00001271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk

2016-12-27 18:44 - 2016-10-27 07:51 - 00000000 ____D C:\Users\PC\Desktop\mnthly CA

2016-12-26 22:25 - 2016-11-07 09:16 - 00000000 ____D C:\Users\PC\Desktop\n( target17)

2016-12-24 20:22 - 2016-10-26 16:09 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job

2016-12-20 10:46 - 2016-06-06 06:48 - 00000000 ____D C:\Program Files\Mujoge

2016-12-20 10:46 - 2015-03-17 02:00 - 00001042 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2016-12-20 07:50 - 2015-03-17 02:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2016-12-20 07:50 - 2015-03-17 02:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2016-12-20 07:50 - 2015-03-17 02:17 - 00000000 ____D C:\Windows\system32\Macromed

2016-12-19 19:31 - 2015-03-19 02:47 - 00000000 ____D C:\ProgramData\Skype

2016-12-19 19:30 - 2016-02-27 23:39 - 00000000 ___RD C:\Program Files\Skype

2016-12-19 19:08 - 2015-08-05 06:48 - 00000000 ____D C:\Program Files\Common Files\AV

2016-12-19 18:54 - 2016-11-07 09:14 - 00000000 ____D C:\Users\PC\Desktop\exams

2016-12-19 18:49 - 2016-10-11 13:55 - 00000000 ____D C:\ProgramData\UvConverter

2016-12-19 16:43 - 2009-07-14 08:07 - 00000000 __RHD C:\Users\Public\Libraries

2016-12-17 22:20 - 2009-07-14 10:23 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2016-12-13 18:35 - 2016-10-29 11:03 - 00000000 ____D C:\Users\PC\Desktop\receipts

==================== Files in the root of some directories =======

2016-10-15 19:47 - 2016-10-15 19:49 - 105636995 _____ (Realtek Semiconductor Corp.) C:\Program Files\32bit_Win7_Win8_Win81_Win10_R279 (2).exe

2015-08-22 01:46 - 2015-08-22 01:52 - 6609608 _____ (Piriform Ltd) C:\Program Files\ccsetup508.exe

2015-07-24 19:05 - 2015-07-24 19:06 - 0931408 _____ (Google Inc.) C:\Program Files\ChromeSetup (1).exe

2015-03-17 03:30 - 2015-03-17 03:30 - 0243368 _____ () C:\Program Files\Firefox Setup Stub 36.0.1.exe

2016-10-21 23:32 - 2016-10-21 23:33 - 0243520 _____ () C:\Program Files\Firefox Setup Stub 49.0.2.exe

2015-07-16 06:43 - 2015-07-16 06:45 - 36816072 _____ (Foxit Software Inc. ) C:\Program Files\FoxitReader715.0425_prom_enu_Setup.exe

2015-08-22 02:16 - 2015-08-22 02:20 - 14243008 _____ (Microsoft Corporation) C:\Program Files\MSEInstall_EN.exe

2016-05-24 20:49 - 2016-05-24 20:54 - 0660700 _____ () C:\Program Files\OperaSetup (1).exe

2016-05-24 20:04 - 2016-05-24 20:05 - 0725416 _____ (Opera Software) C:\Program Files\OperaSetup.exe

2016-06-02 19:42 - 2016-06-02 19:44 - 16344776 _____ (Telegram Messenger LLP ) C:\Program Files\tsetup.0.9.49.exe

2016-01-05 14:27 - 2016-01-05 14:27 - 0003584 _____ () C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2016-06-06 06:50 - 2016-06-06 06:50 - 0000004 _____ () C:\Users\PC\AppData\Local\Local State

2015-12-19 18:21 - 2015-12-19 18:21 - 0000000 _____ () C:\Users\PC\AppData\Local\{50C9B76C-0DCC-4A41-8BD7-2A9B0D37E55D}

2016-12-25 12:50 - 2016-12-25 12:50 - 0000000 _____ () C:\Users\PC\AppData\Local\{59CE1249-11F8-42B8-A2E1-8705A465F8CD}

2016-12-22 12:19 - 2016-12-22 12:19 - 0000000 _____ () C:\Users\PC\AppData\Local\{6026E47B-0433-4272-9EBD-C7AE05477B23}

2016-10-15 20:01 - 2016-10-15 20:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-14 18:33

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-12-2016

Ran by PC (30-12-2016 10:31:00)

Running from C:\Users\PC\Desktop

Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2015-03-16 20:29:18)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4116523911-2447559204-32063077-500 - Administrator - Disabled)

Guest (S-1-5-21-4116523911-2447559204-32063077-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-4116523911-2447559204-32063077-1006 - Limited - Enabled)

PC (S-1-5-21-4116523911-2447559204-32063077-1000 - Administrator - Enabled) => C:\Users\PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4116523911-2447559204-32063077-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)

Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)

Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)

Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)

aMuleCustom (HKLM\...\{58C69614-BB4F-4E55-BF6B-AFCB0B7377DB}) (Version: 1.0.1 - walalala co) <==== ATTENTION

Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)

CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)

Concise Oxford English Dictionary (Eleventh Edition) (HKLM\...\Concise Oxford English Dictionary (Eleventh Edition)) (Version: - )

Foxit PhantomPDF Standard (HKLM\...\{002C7EBB-F986-4C33-AD1A-9A1570F2FBBE}) (Version: 7.2.0.722 - Foxit Software Inc.)

hohosearch - Uninstall (HKLM\...\{98A642C8-4B89-4532-9E1D-22DF0B9F27CA}) (Version: - ) <==== ATTENTION

Intel Security True Key (HKLM\...\TrueKey) (Version: 4.11.110.1 - Intel Security)

Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)

KMPFaster (HKLM\...\simplitec POWER SUITE_is1) (Version: 2.3.2.902 - simplitec GmbH)

Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Nero 7 Essentials (HKLM\...\{66B6D13A-9CC1-417D-B6F2-58AA539D1033}) (Version: 7.03.1303 - Nero AG)

Nike+ Connect (HKLM\...\Nike+ Connect) (Version: 6.6.32 - Nike)

Opera Stable 42.0.2393.94 (HKLM\...\Opera 42.0.2393.94) (Version: 42.0.2393.94 - Opera Software)

REALTEK Bluetooth Driver (HKLM\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.110813 - REALTEK Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)

SafeZone Stable 1.51.2220.53 (Version: 1.51.2220.53 - Avast Software) Hidden

Skype™ 7.30 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)

Software Informer 1.5.1315.0 (HKLM\...\Software Informer_is1) (Version: - Informer Technologies, Inc.)

TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.12541 - TeamViewer)

Telegram Desktop version 0.10.1 (HKU\S-1-5-21-4116523911-2447559204-32063077-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.1 - Telegram Messenger LLP)

USB2.0 UVC WebCam (HKLM\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.13.0.5 - USB2.0 UVC WebCam)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)

WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

WordWeb (HKLM\...\WordWeb) (Version: 7 - WordWeb Software)

YAC(Yet Another Cleaner!) (HKLM\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4116523911-2447559204-32063077-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-4116523911-2447559204-32063077-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-4116523911-2447559204-32063077-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-4116523911-2447559204-32063077-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-4116523911-2447559204-32063077-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-4116523911-2447559204-32063077-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-4116523911-2447559204-32063077-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-4116523911-2447559204-32063077-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-4116523911-2447559204-32063077-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-4116523911-2447559204-32063077-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-4116523911-2447559204-32063077-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-4116523911-2447559204-32063077-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-4116523911-2447559204-32063077-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11C52DC3-70FF-4B9E-AFCE-4B955682FAF4} - System32\Tasks\simplitec Power Suite (Tray) => C:\Program Files\simplitec\KMPFaster\ServiceProvider.exe [2015-10-24] (simplitec GmbH) <==== ATTENTION

Task: {20443B1F-7994-4012-9BA5-4C55192728E9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-12-19] (AVAST Software)

Task: {2EE2B213-C776-4EE7-8D0A-6C9740A6F99F} - System32\Tasks\Opera scheduled Autoupdate 1464100922 => C:\Program Files\Opera\launcher.exe [2016-12-19] (Opera Software)

Task: {3BAC3009-B934-4ECE-8ADB-3B90A1B49891} - System32\Tasks\{5CACF76D-6B09-4B0B-90C1-AF2DA489FE5C} => pcalua.exe -a "I:\Program Files\The KMPlayer\KMPSetup.exe" -d "I:\Program Files\The KMPlayer"

Task: {5072F412-FEAC-4E78-A863-B54F9BD973A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-22] (Adobe Systems Incorporated)

Task: {51A5C288-BF9E-4B7A-B040-DE15B9828F41} - System32\Tasks\Sudient Provider => C:\Program Files\Sudient\sdnprvTask.exe <==== ATTENTION

Task: {5A523B0D-58BB-4BB0-8978-AAD5AB4216D6} - \UncheckitTaskMN -> No File <==== ATTENTION

Task: {63ACC24D-4498-4B62-AC00-6C472100C41E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-13] (Adobe Systems Incorporated)

Task: {66678238-557D-425E-8EFA-1B78495E7FF1} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [2015-12-03] (Informer Technologies, Inc.)

Task: {6D0EEF20-8AE2-427A-9913-A71BFB126C6D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-12-19] (AVAST Software)

Task: {7AE9BCFE-583C-49FF-9468-3DF4910A4D2A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd)

Task: {9C61CB7F-0CDE-4D5C-B55C-CBB926C87AA6} - System32\Tasks\SafeZone scheduled Autoupdate 1482155435 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)

Task: {A5F52F01-31E4-4B1A-9B8C-6EB21F551D69} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files\TXQQBrowser\Update\1973FB68EB237737FCD55E342E866970\Update\BrowserUpdate.exe <==== ATTENTION

Task: {BB5F1B3E-88A4-4D51-BD77-464B898B6C66} - \UncheckitUpdateTaskC -> No File <==== ATTENTION

Task: {C72324AC-E5EC-466D-ACCA-12969B23DD2D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-20] (Adobe Systems Incorporated)

Task: {C7B7D785-0220-449D-81D0-49260DAEED6F} - \UncheckitUpdateTaskDB -> No File <==== ATTENTION

Task: {D7539B22-A0E6-41E9-A13C-E101B94B86D5} - \ChelfNotify Task -> No File <==== ATTENTION

Task: {DCDDD87B-CAA5-46ED-95B3-92594D3E9DC0} - System32\Tasks\simplitec Power Suite => C:\Program Files\simplitec\KMPFaster\PowerSuite.exe [2015-10-24] (simplitec GmbH) <==== ATTENTION

Task: {ECB5DDC3-F778-4ECF-8ACC-96751D7136BE} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-02] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\simplitec Power Suite (Tray).job => C:\Program Files\simplitec\KMPFaster\ServiceProvider.exe <==== ATTENTION

Task: C:\Windows\Tasks\simplitec Power Suite.job => C:\Program Files\simplitec\KMPFaster\PowerSuite.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-11-22 06:49 - 2016-05-23 08:07 - 00065696 _____ () C:\Program Files\Elex-tech\YAC\zlib1.dll

2016-11-22 06:49 - 2016-09-18 09:17 - 01943936 ____N () C:\Program Files\Elex-tech\YAC\iSvc2.dll

2016-11-29 17:15 - 2016-11-29 17:15 - 00622080 _____ () C:\Program Files\Common Files\Services\iThemes.dll

2016-12-19 19:06 - 2016-12-19 19:06 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-12-19 19:06 - 2016-12-19 19:06 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2016-12-30 09:35 - 2016-12-30 09:35 - 03131344 _____ () C:\Program Files\AVAST Software\Avast\defs\16122901\algo.dll

2015-03-17 02:17 - 2005-10-08 03:35 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll

2016-11-22 06:49 - 2016-05-23 08:07 - 00179200 _____ () C:\Program Files\Elex-tech\YAC\libpng.dll

2016-12-29 19:46 - 2016-12-14 12:55 - 01729312 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

2016-12-29 19:47 - 2016-12-14 12:55 - 01713104 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

2016-12-29 19:47 - 2016-12-14 12:55 - 02084304 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll

2016-12-19 19:06 - 2016-12-19 19:06 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2016-12-26 14:51 - 2016-12-26 14:49 - 68763736 _____ () C:\Program Files\Opera\42.0.2393.94\opera.dll

2016-12-26 14:51 - 2016-12-26 14:46 - 01893976 _____ () C:\Program Files\Opera\42.0.2393.94\libglesv2.dll

2016-12-26 14:51 - 2016-12-26 14:45 - 00086616 _____ () C:\Program Files\Opera\42.0.2393.94\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-09-22 12:04 - 2016-10-24 10:28 - 00001233 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

0.0.0.0 media.opencandy.com

0.0.0.0 cdn.opencandy.com

0.0.0.0 tracking.opencandy.com

0.0.0.0 api.opencandy.com

0.0.0.0 api.recommendedsw.com

0.0.0.0 installer.betterinstaller.com

0.0.0.0 installer.filebulldog.com

0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

0.0.0.0 inno.bisrv.com

0.0.0.0 nsis.bisrv.com

0.0.0.0 cdn.file2desktop.com

0.0.0.0 cdn.goateastcach.us

0.0.0.0 cdn.guttastatdk.us

0.0.0.0 cdn.inskinmedia.com

0.0.0.0 cdn.insta.oibundles2.com

0.0.0.0 cdn.insta.playbryte.com

0.0.0.0 cdn.llogetfastcach.us

0.0.0.0 cdn.montiera.com

0.0.0.0 cdn.msdwnld.com

0.0.0.0 cdn.mypcbackup.com

0.0.0.0 cdn.ppdownload.com

0.0.0.0 cdn.riceateastcach.us

0.0.0.0 cdn.shyapotato.us

0.0.0.0 cdn.solimba.com

0.0.0.0 cdn.tuto4pc.com

0.0.0.0 cdn.appround.biz

0.0.0.0 cdn.bigspeedpro.com

0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4116523911-2447559204-32063077-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: cktSvc => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: IhPul => 2

MSCONFIG\Services: InterHop => 2

MSCONFIG\Services: McComponentHostService => 3

MSCONFIG\Services: NMIndexingService => 3

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: TeamViewer7 => 2

MSCONFIG\Services: UncheckitSvc => 2

MSCONFIG\Services: winsaber => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^STIMON.lnk => C:\Windows\pss\STIMON.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

MSCONFIG\startupreg: Nike+ Connect => "C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe"

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: Software Informer => "C:\Program Files\Software Informer\softinfo.exe" -autorun

MSCONFIG\startupreg: uTorrent => "C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

MSCONFIG\startupreg: WordWeb => "C:\Program Files\WordWeb\wweb32.exe" -startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{810FFB39-E7B6-41D2-9459-005D8737D497}] => C:\Program Files\TeamViewer\Version7\TeamViewer.exe

FirewallRules: [{6E5424E9-DE85-40E0-B8D9-82D34F3E2148}] => C:\Program Files\TeamViewer\Version7\TeamViewer.exe

FirewallRules: [{66096A77-95AD-4ED6-A5F1-1F5FCEAB0690}] => C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

FirewallRules: [{03F1997A-21DB-4BC6-B6E7-64D6C0B82A40}] => C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

FirewallRules: [TCP Query User{A2AD1A01-6F44-4E0F-B977-F8CE782A8E09}C:\program files\mozilla firefox\firefox.exe] => C:\program files\mozilla firefox\firefox.exe

FirewallRules: [UDP Query User{3C8B25B6-7E59-41DD-8408-CBF2158AC08F}C:\program files\mozilla firefox\firefox.exe] => C:\program files\mozilla firefox\firefox.exe

FirewallRules: [{C20242B3-D5B3-4083-823D-5DC3DBE45D5B}] => C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{008C3774-2A69-41DD-8053-205FAB28D4E2}] => C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{804FE0C6-0F60-41DF-88B4-6711D63408E1}] => C:\Program Files\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{B1CEEA2C-1896-41D6-91AB-EBAA38169A17}C:\program files\filedrop\filedrop.exe] => C:\program files\filedrop\filedrop.exe

FirewallRules: [UDP Query User{624BFE85-7726-467B-9D71-D6B4C9F87C26}C:\program files\filedrop\filedrop.exe] => C:\program files\filedrop\filedrop.exe

FirewallRules: [{593A26EC-379C-43D7-9F4F-28D897989F51}] => C:\Program Files\simplitec\KMPFaster\PowerSuite.exe

FirewallRules: [{7BD5313E-BF49-46C6-B7DD-A0C57CB23AE2}] => C:\Program Files\simplitec\KMPFaster\PowerSuite.exe

FirewallRules: [{40888C7B-323B-447A-ACB7-5AB71731B861}] => C:\Program Files\simplitec\KMPFaster\ServiceProvider.exe

FirewallRules: [{68F6A406-A503-44B8-99CD-08A39A0F2BEE}] => C:\Program Files\simplitec\KMPFaster\ServiceProvider.exe

FirewallRules: [{2110F4EA-6F5C-43D2-89EC-912D47CB2B95}] => C:\Program Files\simplitec\KMPFaster\ServiceProvider.exe

FirewallRules: [{8E0074D5-DDBA-4967-B218-C5E2519DC917}] => C:\Program Files\simplitec\KMPFaster\ServiceProvider.exe

FirewallRules: [{F9D858C2-FF04-45BB-8A57-250A157C18AD}] => C:\Program Files\simplitec\KMPFaster\ServiceProvider.exe

FirewallRules: [{510B27AB-43D9-4AA8-9F22-0E69B11BECD8}] => C:\Program Files\simplitec\KMPFaster\ServiceProvider.exe

FirewallRules: [TCP Query User{C4F83040-3106-4413-A63E-823DA2112EBF}C:\program files\simplitec\kmpfaster\serviceprovider.exe] => C:\program files\simplitec\kmpfaster\serviceprovider.exe

FirewallRules: [UDP Query User{16369BCB-33DC-4786-BAC0-E6EF2C3B4BEE}C:\program files\simplitec\kmpfaster\serviceprovider.exe] => C:\program files\simplitec\kmpfaster\serviceprovider.exe

FirewallRules: [{B036B074-1C59-4A9E-9B98-9B2143FD4DAC}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [{A8BA31C5-EABF-4E1F-97DB-B7D75E5A4303}] => C:\Program Files\Firefox\bin\FirefoxUpdate.exe

FirewallRules: [{A12EF4F6-0815-4EBE-8790-9BEA8AD25A16}] => C:\Program Files\Firefox\Firefox.exe

FirewallRules: [{1B9EB98E-0B4C-43DD-A32E-6453D164DE36}] => C:\Program Files\Gunbean\Application\chrome.exe

==================== Restore Points =========================

29-12-2016 20:00:19 已删除 aMuleCustom

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: qutmipc

Description: qutmipc

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: qutmipc

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:

==================

Error: (12/30/2016 09:33:24 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/29/2016 09:52:47 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (12/29/2016 08:45:33 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (12/29/2016 08:21:02 PM) (Source: Windows Search Service) (EventID: 3100) (User: )

Description: Unable to initialize the filter host process. Terminating.

Details:

This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

Error: (12/29/2016 08:09:58 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (12/29/2016 07:56:50 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (12/29/2016 04:48:27 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (12/28/2016 12:06:45 AM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (12/27/2016 06:36:59 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: MsMpEng.exe, version: 4.9.218.0, time stamp: 0x56ac1720

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0404a683

Faulting process id: 0x14bc

Faulting application start time: 0x01d26041a394e93a

Faulting application path: C:\Program Files\Microsoft Security Client\MsMpEng.exe

Faulting module path: unknown

Report Id: 59073608-cc35-11e6-be58-14feb5a2b5f8

Error: (12/27/2016 06:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: MsMpEng.exe, version: 4.9.218.0, time stamp: 0x56ac1720

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0404a683

Faulting process id: 0x1360

Faulting application start time: 0x01d25ffe9a0b0e55

Faulting application path: C:\Program Files\Microsoft Security Client\MsMpEng.exe

Faulting module path: unknown

Report Id: d8231774-cc34-11e6-be58-14feb5a2b5f8

System errors:

=============

Error: (12/30/2016 09:42:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (12/30/2016 09:32:50 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (12/30/2016 09:32:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

qutmipc

Error: (12/30/2016 09:32:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Service Installer TrueKey service failed to start due to the following error:

The system cannot find the file specified.

Error: (12/29/2016 09:55:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.

Error: (12/29/2016 09:55:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (12/29/2016 09:52:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

qutmipc

Error: (12/29/2016 09:52:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The GubedZL service terminated with the following error:

The specified procedure could not be found.

Error: (12/29/2016 09:52:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Service Installer TrueKey service failed to start due to the following error:

The system cannot find the file specified.

Error: (12/29/2016 09:22:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz

Percentage of memory in use: 76%

Total physical RAM: 2932.52 MB

Available physical RAM: 694.21 MB

Total Virtual: 5863.34 MB

Available Virtual: 2507.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:73.24 GB) (Free:32.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (b patient) (Fixed) (Total:97.65 GB) (Free:90.98 GB) NTFS

Drive e: (e) (Fixed) (Total:97.65 GB) (Free:72.24 GB) NTFS

Drive f: (f) (Fixed) (Total:97.65 GB) (Free:90.67 GB) NTFS

Drive g: () (Fixed) (Total:99.55 GB) (Free:99.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9D1F0CFB)

Partition 1: (Active) - (Size=73.2 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=392.5 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,726 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,789 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,863 views	JcTcom 18 Aug 2022
Security → Virus, Spyware, Malware Removal → Getting a warning over & over but not getting it clean [Solved] Started by Phlegmbot , 28 Mar 2022 malware, spyware, redirect 1 2	Hot 21 replies 6,790 views	DR M 10 Apr 2022
Security → Virus, Spyware, Malware Removal → PC keeps hanging and restarting on its own [Closed] Started by lolx21341 , 29 Jan 2022 Hanging, Restarting, Virus and 2 more...	3 replies 3,600 views	DR M 03 Feb 2022

#1
sai bandaru

Posted 29 December 2016 - 11:06 PM

Advertisements

#2
RKinner

Posted 30 December 2016 - 10:33 AM

Similar Topics

Also tagged with one or more of these keywords: malware

Possible Malware infection - help request [Solved]

Help getting started checking laptop for malware [Solved]

Checkmate Ransomware detection / removal?

Getting a warning over & over but not getting it clean [Solved]

PC keeps hanging and restarting on its own [Closed]

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

websites being redirected to other unwanted sites

#1 sai bandaru Posted 29 December 2016 - 11:06 PM

Advertisements

#2 RKinner Posted 30 December 2016 - 10:33 AM

Similar Topics

Also tagged with one or more of these keywords: malware

0 user(s) are reading this topic

As Featured On:

Connect With Us

Sign In

#1
sai bandaru

Posted 29 December 2016 - 11:06 PM

#2
RKinner

Posted 30 December 2016 - 10:33 AM