Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Folders Being Created Automatically after being removed


  • Please log in to reply
10 replies to this topic

#1 igirao

igirao

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 26 February 2017 - 04:01 PM

Hi, I've noticed that some stranger folders with some files in are being created automatically after being deleted. Some samples follow:

 

Folder 

c:\documents\Xtransfers18

 

Contents

cultural-wally-bless-rich.txt

fourthpacked.xls

shapes-thanks-indigenous-orbit.xlsx

wants enclosure darken temple.sql

whereby.master.mdb

HtryOaV2PoDA.docx

hypothalamic.restrict.whenever.white.jpg

l998Zk7JN.rtf

lwASZOtiteFx.doc

vienna then said.pem

 

Folder

c:\documents\Acvalue26

 

Contents

0LIGd4mJt.rtf

biteconversionexpanding.pem

cultivation.obsolete.underneath.doc

FyG45uoIuv.docx

jobs.aboard.loose.encounter.sql

landing older.xlsx

legislate-truth.jpg

motivesoccupied.xls

rLv.txt

WLBNK.mdb

 

On drive c:\

 

Folders: .Ssorted9 and  _Gworking198. they have some stranger files either.

 

On Drive d:\

 

Folders: {7Bhelper49 and 24 Gdetail165. Same as above.

 

I've never opened none of these files. I had deleted the folders but after a few seconds new ones are created with different names.

I had run eset online and 21 files were removed. But problem still remains. Today I run the FRST. Pls see below

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by Ivan (administrator) on IVAN-VAIO (26-02-2017 14:42:45)
Running from C:\Users\Ivan\Desktop
Loaded Profiles: Ivan (Available Profiles: Ivan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Portuguese (Brazil)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Users\Ivan\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
() C:\Windows\SysWOW64\dxconfig.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\SysWOW64\dxconfig.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Windows\SearchIndexer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
() C:\Windows\SearchIndexer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Vimicro Corporation) C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Farbar) C:\Users\Ivan\Desktop\EnglishFRST64.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2284328 2011-02-15] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2724432 2015-12-26] (Sony Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-09-12] (Caixa Economica Federal)
Winlogon\Notify\ GbPluginIsg: C:\Program Files (x86)\GbPlugin\gbiehIsg.dll [2016-01-04] (Infoseg - Senasp)
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3985464 2016-11-11] (Tonec Inc.)
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Policies\Explorer: [NoDrives] 2
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399015} - C:\Program Files (x86)\GbPlugin\gbiehisg.dll [1870240 2016-01-04] (Infoseg - Senasp)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehcef.dll [1903328 2016-09-12] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\Laplink\DiskImage\oodishi.dll [2014-02-13] (O&O Software GmbH)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.189.88.192 200.189.88.182
Tcpip\..\Interfaces\{4714ED28-43AD-400A-8235-0BD9537DCF5E}: [DhcpNameServer] 200.189.88.192 200.189.88.182
Tcpip\..\Interfaces\{4C38E937-7F82-4F58-AA74-BC28874FC5ED}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-3714546670-946274982-931039520-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony.msn.com
HKU\S-1-5-21-3714546670-946274982-931039520-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3714546670-946274982-931039520-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-11-09] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-13] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-11-09] (Internet Download Manager, Tonec Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll [2016-09-12] (Caixa Economica Federal)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540015} -> C:\Program Files (x86)\GbPlugin\gbiehisg.dll [2016-01-04] (Infoseg - Senasp)
BHO-x32: KeepVid Pro 4.10.0 -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> C:\ProgramData\KeepVid\KeepVid Pro\WSBrowserAppMgr.dll [2016-08-08] ()
Toolbar: HKLM - No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File

FireFox:
========
FF DefaultProfile: adnt6zdd.default
FF ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\adnt6zdd.default [2017-02-26]
FF Homepage: Mozilla\Firefox\Profiles\adnt6zdd.default -> www.google.com
FF Extension: (United States English Spellchecker) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\adnt6zdd.default\Extensions\en-US@dictionaries.addons.mozilla.org [2017-01-21]
FF Extension: (MEGA) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\adnt6zdd.default\Extensions\firefox@mega.co.nz.xpi [2017-02-17]
FF Extension: (uBlock Origin) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\adnt6zdd.default\Extensions\uBlock0@raymondhill.net.xpi [2017-02-20]
FF Extension: (TV-Fox) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\adnt6zdd.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2017-02-12]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\adnt6zdd.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\adnt6zdd.default\features\{669f63f1-6eb4-45cb-ad83-8c9774499a3e}\disableSHA1rollout@mozilla.org.xpi [2017-02-24]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF HKLM-x32\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi
FF Extension: (KeepVid Pro) - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi [2017-01-05]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8878}] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpi
FF Extension: (GBBD Infoseg - Senasp) - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpi [2016-09-13] [not signed]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: (GBBD Caixa Economica Federal) - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2016-07-19] [not signed]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886F}] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpi
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ivan\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ivan\AppData\Roaming\IDM\idmmzcc5 [2017-02-25] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-28] ()
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-28] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/cef -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/cef64 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/isg -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg.dll [2015-02-26] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/isg64 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll [2015-02-26] (GAS Tecnologia)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default [2017-02-23]
CHR Extension: (Google Apresentações) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-23]
CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23]
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-11]
CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Video Downloader professional) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-10-21]
CHR Extension: (Planilhas do Google) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-23]
CHR Extension: (YouTube Flash Video Player) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldkdmkgnlbehfgeifjpjabmandnchpe [2016-10-21]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-21]
CHR Extension: (Documentos Google off-line) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-21]
CHR Extension: (AdBlock) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-21]
CHR Extension: (Video Downloader Pro) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-10-21]
CHR Extension: (IDM Integration Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-21]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-21]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-11-21]
CHR HKU\S-1-5-21-3714546670-946274982-931039520-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-11-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-15] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [308616 2017-02-03] (Avira Operations GmbH & Co. KG)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [18368 2017-01-24] (Cybereason)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-09-12] (GAS Tecnologia)
S4 ImDskSvc; C:\Windows\system32\imdsksvc.exe [18016 2014-09-19] (Olof Lagerkvist)
R2 KingoSoftService; C:\Users\Ivan\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [367584 2016-11-28] ()
R2 Microsoft DirectX Configuration Service; C:\Windows\SysWOW64\dxconfig.exe [64512 2017-01-19] () [File not signed]
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S4 OO DiskImage; C:\Program Files\Laplink\DiskImage\oodiag.exe [6258880 2014-02-13] (O&O Software GmbH)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
S3 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6348560 2015-10-29] (TeamViewer GmbH)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [958112 2011-10-24] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Windows Indexer; C:\Windows\SearchIndexer.exe [64512 2017-01-01] () [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [311872 2011-11-10] ()
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-08-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [20536 2014-06-03] (Olof Lagerkvist)
S3 facap; C:\Windows\System32\DRIVERS\facap.sys [38400 2012-09-03] (Windows ® Win 7 DDK provider)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia)
R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [42560 2014-09-19] (Olof Lagerkvist)
S3 MDANTDRV; C:\Windows\system32\MDANTDRV.sys [34296 2016-12-29] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [936960 2010-03-17] (DiBcom SA) [File not signed]
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-07-13] (DiBcom S.A.)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [116928 2014-02-13] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [41152 2014-02-13] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255680 2014-02-13] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44736 2014-02-13] (O&O Software GmbH)
S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]
S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [18528 2014-10-23] ()
S3 prwntdrv; C:\Windows\SysWOW64\prwntdrv.sys [15456 2014-10-23] ()
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-04-24] ()
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) [File not signed]
S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [821888 2011-01-26] (Windows ® Win 7 DDK provider)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198400 2009-03-11] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-03-18] (GAS Tecnologia LTDA)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2016-02-29] (Wondershare)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2017-02-26] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [97376 2016-06-08] (GAS Tecnologia)
R1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [31960 2014-06-03] (XOSLAB.COM)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 14:42 - 2017-02-26 14:45 - 00031070 _____ C:\Users\Ivan\Desktop\FRST.txt
2017-02-26 14:42 - 2017-02-26 14:42 - 00000000 ____D C:\Users\Ivan\Desktop\FRST-OlderVersion
2017-02-26 14:41 - 2017-02-26 14:42 - 02423296 _____ (Farbar) C:\Users\Ivan\Desktop\EnglishFRST64.exe
2017-02-26 14:39 - 2017-02-26 14:39 - 00531463 _____ C:\Users\QEJ6\opportunity.dean.dawn.xlsx
2017-02-26 14:39 - 2017-02-26 14:39 - 00506560 _____ C:\Users\Akinrag\probabilities-belly-fur.xlsx
2017-02-26 14:39 - 2017-02-26 14:39 - 00212330 _____ C:\Users\Akinrag\killing_encouraged_heading_returns.mdb
2017-02-26 14:39 - 2017-02-26 14:39 - 00209919 _____ C:\Users\QEJ6\chairs-decrease.mdb
2017-02-26 14:39 - 2017-02-26 14:39 - 00063672 _____ C:\Users\QEJ6\lqOJJPTbf7.xls
2017-02-26 14:39 - 2017-02-26 14:39 - 00062601 _____ C:\Users\Akinrag\playersconstruemainlypowder.xls
2017-02-26 14:39 - 2017-02-26 14:39 - 00055119 _____ C:\Users\QEJ6\irYNPkaFAGEv.pem
2017-02-26 14:39 - 2017-02-26 14:39 - 00053348 _____ C:\Users\Akinrag\lunch.accordance.whispered.radar.pem
2017-02-26 14:39 - 2017-02-26 14:39 - 00034022 _____ C:\Users\Akinrag\ones.scalar.txt
2017-02-26 14:39 - 2017-02-26 14:39 - 00023400 _____ C:\Users\Akinrag\oxygenwonderful.sql
2017-02-26 14:39 - 2017-02-26 14:39 - 00016421 _____ C:\Users\QEJ6\every_lot_congo.txt
2017-02-26 14:39 - 2017-02-26 14:39 - 00014138 _____ C:\Users\QEJ6\institutions-turning-billy.sql
2017-02-26 14:39 - 2017-02-26 14:39 - 00000000 __SHD C:\Users\Ivan\Desktop\ This folder protects against ransomware. Modifying it will reduce protection
2017-02-26 14:39 - 2017-02-26 14:39 - 00000000 ___HD C:\Users\QEJ6
2017-02-26 14:39 - 2017-02-26 14:39 - 00000000 ___HD C:\Users\Ivan\Documents\Xtransfers18
2017-02-26 14:39 - 2017-02-26 14:39 - 00000000 ___HD C:\Users\Ivan\Documents\Acvalue26
2017-02-26 14:39 - 2017-02-26 14:39 - 00000000 ___HD C:\Users\Akinrag
2017-02-26 14:39 - 2017-02-26 14:39 - 00000000 ____D C:\_Gworking198
2017-02-26 14:39 - 2017-02-26 14:39 - 00000000 ____D C:\.Ssorted9
2017-02-26 02:20 - 2017-02-26 02:20 - 441893535 _____ C:\Users\Ivan\Downloads\---Chris de Burgh in concert - YouTube.mp4
2017-02-26 02:05 - 2017-02-26 02:05 - 36211962 _____ C:\Users\Ivan\Downloads\Lady in red ( LIVE ) -Chris De Burgh.mp4
2017-02-25 10:47 - 2017-02-25 10:47 - 00005482 _____ C:\Users\Ivan\Documents\ESET1.txt
2017-02-24 19:39 - 2017-02-24 19:39 - 00000027 _____ C:\Settings.ini
2017-02-23 22:20 - 2017-02-23 22:20 - 00081558 _____ C:\Users\Ivan\Downloads\Blindspot.S02E14.HDTV.x264-LOL.rar
2017-02-23 10:54 - 2017-02-23 11:51 - 4089577472 _____ C:\Users\Ivan\Downloads\A LENDA DO ZORRO.iso
2017-02-21 14:53 - 2017-02-21 14:58 - 00000000 ____D C:\ProgramData\SystemExplorer
2017-02-21 14:53 - 2017-02-21 14:53 - 00001046 _____ C:\Users\Public\Desktop\System Explorer.lnk
2017-02-21 14:53 - 2017-02-21 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2017-02-21 14:53 - 2017-02-21 14:53 - 00000000 ____D C:\Program Files (x86)\System Explorer
2017-02-18 15:04 - 2017-02-18 15:04 - 01917528 _____ (Mister Group ) C:\Users\Ivan\Downloads\SystemExplorerSetup.exe
2017-02-18 12:31 - 2017-02-18 12:31 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2017-02-15 20:45 - 2017-02-15 20:46 - 45491643 _____ C:\Users\Ivan\Downloads\Wondershare.DVD.Creator.v4.0.0.16-P2P.rar
2017-02-15 19:42 - 2017-02-15 19:42 - 00000000 ____D C:\Users\Ivan\Documents\Necessarie
2017-02-15 01:30 - 2017-02-15 01:30 - 00001969 _____ C:\Users\Ivan\Documents\Como Tirar o CR para Airsoft.txt
2017-02-15 01:29 - 2017-02-15 01:29 - 87504399 _____ C:\Users\Ivan\Downloads\COMO TIRAR O CR - CERTIFICADO DE REGISTRO - BRASIL - AIRSOFT.mp4
2017-02-14 21:52 - 2017-02-14 21:52 - 00000000 ____D C:\Users\Ivan\Documents\SafeZone
2017-02-14 21:51 - 2017-02-14 21:51 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\WinPatrol
2017-02-14 21:51 - 2017-02-14 21:51 - 00000000 ____D C:\ProgramData\WinPatrol
2017-02-14 21:51 - 2016-01-17 09:51 - 00015640 _____ C:\Windows\system32\Drivers\CGKDarkWatcher.sys
2017-02-12 21:10 - 2017-02-12 21:10 - 00098494 _____ C:\Users\Ivan\Downloads\Blindspot.S02E13.rar
2017-02-12 00:35 - 2017-02-12 01:33 - 386547712 _____ C:\Users\Ivan\Downloads\Milagres do Paraiso.ISO
2017-02-11 17:34 - 2017-02-11 17:34 - 02696220 _____ C:\Users\Ivan\Downloads\Informe Anual da DIRF PagSeguro.pdf
2017-02-11 14:57 - 2017-02-11 14:57 - 01350637 _____ C:\Users\Ivan\Downloads\snort_manual.pdf
2017-02-11 14:56 - 2017-02-11 14:56 - 00296152 _____ C:\Users\Ivan\Downloads\SnortUsersWebcast_IntroSnort.pdf
2017-02-11 14:50 - 2017-02-11 14:50 - 38910920 _____ (WinPatrol) C:\Users\Ivan\Downloads\winpatrolwar-setup.exe
2017-02-11 14:33 - 2017-02-11 14:33 - 03821802 _____ C:\Users\Ivan\Downloads\Snort_2_9_9_0_Installer.exe
2017-02-11 13:46 - 2017-02-11 13:46 - 16531456 _____ C:\Users\Ivan\Downloads\Suricata-3.2-1-32bit.msi
2017-02-10 20:46 - 2017-02-10 20:46 - 00001364 _____ C:\Users\Public\Desktop\Lazesoft Recovery Suite Professional Edition.lnk
2017-02-09 22:56 - 2017-02-09 23:03 - 00000000 ____D C:\Users\Ivan\Downloads\Lazesoft Recovery Suite 4.2.1 Professional Edition FULL
2017-02-09 22:48 - 2017-02-11 02:15 - 00001000 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-02-09 22:47 - 2017-02-09 22:47 - 00000000 ____D C:\Users\Ivan\Downloads\Avira.Phantom.VPN.Pro.2.2.1.20599
2017-02-09 21:22 - 2017-02-09 21:22 - 00000000 ____D C:\Users\Ivan\Documents\KeepVid Pro
2017-02-08 16:30 - 2017-02-08 16:30 - 04179759 _____ C:\Users\Ivan\Downloads\Avira.Phantom.VPN.Pro.2.2.1.20599.zip
2017-02-08 16:04 - 2017-02-08 16:06 - 132416870 _____ C:\Users\Ivan\Downloads\Lazesoft Recovery Suite Unlimited Edition 3.5.1.rar
2017-02-07 01:37 - 2017-02-07 01:39 - 62859787 _____ C:\Users\Ivan\Downloads\Lazesoft Recovery Suite 4.2.1 Professional Edition FULL.rar
2017-02-06 19:04 - 2017-02-06 19:04 - 04759016 _____ C:\Users\Ivan\Downloads\Avira_Phantom_VPN_1.3.1.30415.rar
2017-02-06 18:27 - 2017-02-23 22:21 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\IDM
2017-02-06 18:27 - 2017-02-06 18:28 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-02-06 18:27 - 2017-02-06 18:27 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-02-06 18:27 - 2017-02-06 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-02-06 18:26 - 2017-02-06 18:26 - 00000000 ____D C:\Users\Ivan\Downloads\IDM.6.26.Build.11.softfunda.com
2017-02-06 16:13 - 2017-02-06 16:13 - 00000510 _____ C:\Users\Ivan\Documents\NetFlix Login.txt
2017-02-06 15:34 - 2017-02-06 15:38 - 10893901 _____ C:\Users\Ivan\Downloads\IDM.6.26.Build.11.rar
2017-02-06 15:31 - 2017-02-06 17:31 - 648515675 _____ C:\Users\Ivan\Downloads\EasyRE.Pro.Win7.8.10.rar
2017-02-04 18:36 - 2017-02-04 18:36 - 02579769 _____ C:\Users\Ivan\Downloads\Ativar Wiwndows 7 - MaxTuto.rar
2017-02-04 00:52 - 2017-02-04 00:52 - 12801140 _____ C:\Users\Ivan\Downloads\Como ativar seu windows 7 da forma correta todas as versões.mp4
2017-02-03 21:28 - 2017-02-03 21:28 - 00004713 _____ C:\Users\Ivan\Documents\Chaves do W10.txt
2017-02-03 17:53 - 2017-02-03 17:57 - 00000000 ____D C:\MP3
2017-01-29 02:15 - 2017-01-29 02:15 - 07962635 _____ C:\Users\Ivan\Downloads\Internet Download Manager (IDM) 6.25 Build 2 [Oct 16,2015].rar
2017-01-29 01:34 - 2017-01-29 01:34 - 06930368 _____ (Tonec Inc.) C:\Users\Ivan\Downloads\idman627build3f.exe
2017-01-29 00:51 - 2017-01-29 00:55 - 59043604 _____ C:\Users\Ivan\Downloads\ES-Demônios da Garoa-Ontem e Hoje.rar
2017-01-29 00:47 - 2017-01-29 00:47 - 54850425 _____ C:\Users\Ivan\Downloads\ES-Sertanejo Bom de Dança.rar
2017-01-28 23:12 - 2017-01-28 23:14 - 130891164 _____ C:\Users\Ivan\Downloads\ES- A Praia da Música Brasileira (2011).rar
2017-01-28 22:16 - 2017-01-28 22:35 - 52081349 _____ C:\Users\Ivan\Downloads\ES-Toco Preto - MPB em Chorinho (1999).rar
2017-01-28 18:17 - 2017-01-28 18:17 - 01172815 _____ C:\Users\Ivan\Downloads\ossec-agent-win32-2.8.3.exe
2017-01-28 18:09 - 2017-01-28 18:09 - 00603984 _____ (Filesland.com ) C:\Users\Ivan\Downloads\openport.exe
2017-01-28 15:07 - 2017-01-28 15:07 - 00921531 _____ C:\Users\Ivan\Downloads\detecting-malicious-smb-activity-bro-37472.pdf
2017-01-28 02:21 - 2017-01-29 02:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 14:42 - 2017-01-18 18:10 - 00000000 ____D C:\FRST
2017-02-26 14:36 - 2009-07-14 00:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-26 14:36 - 2009-07-14 00:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-26 14:28 - 2015-10-15 20:25 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-02-26 14:28 - 2014-09-05 15:58 - 00000000 ____D C:\ProgramData\GbPlugin
2017-02-26 14:28 - 2014-09-05 15:58 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-02-26 14:27 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-26 02:28 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\DMCache
2017-02-26 02:27 - 2016-11-18 16:56 - 00000000 ____D C:\Users\Ivan\AppData\LocalLow\Mozilla
2017-02-25 20:19 - 2016-02-29 16:10 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-25 15:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-25 01:45 - 2017-01-14 23:47 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\vlc
2017-02-24 21:12 - 2014-04-01 13:44 - 00706008 _____ C:\Windows\system32\prfh0416.dat
2017-02-24 21:12 - 2014-04-01 13:44 - 00147848 _____ C:\Windows\system32\prfc0416.dat
2017-02-24 21:12 - 2009-07-14 01:13 - 01635890 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-24 21:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-02-24 02:52 - 2014-03-13 12:20 - 00000000 ____D C:\Windows\system32\MRT
2017-02-24 02:43 - 2014-03-13 12:20 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-24 02:26 - 2015-06-15 21:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 22:30 - 2016-01-24 23:11 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\uTorrent
2017-02-23 21:36 - 2014-03-13 09:37 - 00000000 ____D C:\Users\Ivan\AppData\Local\CrashDumps
2017-02-23 12:25 - 2016-11-23 20:52 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\dvdcss
2017-02-21 14:06 - 2016-02-29 16:10 - 00003958 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-21 14:06 - 2014-03-13 18:22 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-21 14:06 - 2014-03-13 18:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-21 14:06 - 2014-03-13 18:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-21 14:06 - 2014-03-13 17:36 - 00000000 ____D C:\Users\Ivan\AppData\Local\Adobe
2017-02-21 14:06 - 2012-02-25 21:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-20 23:15 - 2016-04-01 23:15 - 00025618 _____ C:\Users\Ivan\AppData\default.pls
2017-02-18 12:53 - 2016-03-03 01:06 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Android Ultimate Toolbox Pro
2017-02-15 21:23 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\Downloads\Compressed
2017-02-15 20:24 - 2016-12-25 15:48 - 00000000 ____D C:\Users\Ivan\Documents\Wondershare DVD Creator
2017-02-15 20:24 - 2016-12-25 15:48 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-02-15 20:24 - 2016-08-07 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-02-15 20:15 - 2016-08-07 03:29 - 00326424 _____ C:\Users\Ivan\Documents\starburn.txt
2017-02-11 02:15 - 2015-09-10 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-10 22:09 - 2014-03-13 10:40 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Adobe
2017-02-10 20:46 - 2016-07-27 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazesoft Recovery Suite
2017-02-10 20:46 - 2016-07-27 17:08 - 00000000 ____D C:\Program Files (x86)\Lazesoft Recovery Suite
2017-02-09 22:48 - 2014-03-13 10:56 - 00000000 ____D C:\ProgramData\Avira
2017-02-09 22:48 - 2014-03-13 10:56 - 00000000 ____D C:\Program Files (x86)\Avira
2017-02-09 20:57 - 2017-01-05 15:37 - 00000000 ____D C:\ProgramData\KeepVid Pro
2017-02-06 20:54 - 2015-08-23 01:45 - 00002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 20:54 - 2015-08-23 01:45 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 18:27 - 2016-09-25 10:48 - 00000969 _____ C:\Users\Ivan\Desktop\Internet Download Manager.lnk
2017-01-29 02:28 - 2014-03-13 14:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2015-10-15 20:27 - 2015-10-15 20:27 - 0017908 _____ () C:\Users\Ivan\AppData\Roaming\unins000.dat
2016-09-13 22:26 - 2016-09-13 22:30 - 0018130 _____ () C:\Users\Ivan\AppData\Roaming\unins001.dat
2014-03-18 15:53 - 2014-03-18 15:53 - 0001567 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140318.155318.txt
2014-04-05 15:52 - 2014-04-05 15:52 - 0001567 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140405.155230.txt
2014-06-13 08:21 - 2014-06-13 08:21 - 0001544 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140613.082127.txt
2015-05-11 19:26 - 2015-05-11 19:26 - 0001565 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20150511.192628.txt
2015-10-01 17:34 - 2015-10-01 17:34 - 0001542 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20151001.173412.txt
2015-10-06 14:04 - 2015-10-06 14:04 - 0001566 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20151006.140408.txt
2016-04-10 22:40 - 2016-04-10 22:40 - 0001543 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20160410.224022.txt
2016-09-08 01:32 - 2016-09-08 01:32 - 0001565 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20160908.013223.txt
2015-10-19 13:42 - 2015-10-19 13:42 - 0000028 _____ () C:\Users\Ivan\AppData\Local\settings.ini
2016-11-28 02:40 - 2016-11-28 02:40 - 0000176 _____ () C:\Users\Ivan\AppData\Local\uts.ini
2012-02-25 20:11 - 2012-02-25 20:12 - 0000226 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-22 19:03

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by Ivan (26-02-2017 14:46:50)
Running from C:\Users\Ivan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-03-13 13:04:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3714546670-946274982-931039520-500 - Administrator - Disabled)
Guest (S-1-5-21-3714546670-946274982-931039520-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3714546670-946274982-931039520-1009 - Limited - Enabled)
Ivan (S-1-5-21-3714546670-946274982-931039520-1005 - Administrator - Enabled) => C:\Users\Ivan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.6 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Android Ultimate Toolbox Pro (HKLM-x32\...\{80E86044-5C1D-42A3-A119-1FA8839FB701}) (Version: 1.2.0.0 - D01 MicroApps)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.142 - ArcSoft)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.367 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.485 - ArcSoft)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.5.1.27035 - Avira Operations GmbH & Co. KG)
Avira Scout (HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
AviraScoutMsi (x32 Version: 16.02.15.00170 - Avira Operations GmbH & Co. KG) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.18.50 - Conexant)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Cybereason RansomFree 2.2.3.0 (HKLM-x32\...\{D94D745E-266E-4B2B-B505-7B6042C0C1C9}) (Version: 2.2.3.0 - Cybereason Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.8.0 - oldsch00l)
Digital microscope (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.)
DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 2.3.0.3 - DiskInternals Research)
DiskInternals Linux Recovery (HKLM-x32\...\DiskInternals Linux Recovery) (Version: 4.5 - DiskInternals Research)
DiskInternals Partition Recovery (HKLM-x32\...\DiskInternals Partition Recovery) (Version: 5.7 - DiskInternals Research)
Easy File Locker 1.5 (HKLM-x32\...\Easy File Locker) (Version: 1.5 - XOSLAB.COM)
Geosense for Windows (HKLM\...\{D617DF82-6046-44EB-AD4A-D3423319E12C}) (Version: 1.2.0.0 - Within Network, LLC)
GoldWave v6.10 (HKLM\...\GoldWave v6.10) (Version: 6.10 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: 1.* - )
inSSIDer 4 (HKLM-x32\...\{068F709E-5BA2-4C2F-84E9-B2DFF374F366}) (Version: 4.2.0.12 - MetaGeek, LLC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intelbras Media Player 3.36.11 (HKLM-x32\...\Intelbras Media Player) (Version: 3.36.11 - )
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyboard Shortcuts (HKLM-x32\...\{FE8974B4-479C-4DBA-8544-9E5342ABB26A}) (Version: 1.1.0.08290 - Sony Corporation)
Laplink DiskImage Professional (HKLM\...\{56F8EF3C-D9A0-4728-95D5-DC05A72931F5}) (Version: 7.81.11 - Laplink Software, Inc)
Laplink PCmover Enterprise (HKLM-x32\...\{21FED337-581F-47D9-B7E2-ABF6C7C132A8}) (Version: 10.01.645 - Laplink Software, Inc.)
Media Gallery (Version: 2.0.0.11150 - Sony Corporation) Hidden
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
MicroCapture 2.0 (HKLM-x32\...\MicroCapture) (Version: 2.0 - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 pt-BR)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{C6115A28-F277-4E82-B067-84D28BF21046}) (Version: 7.03.1357 - Nero AG)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
OOBE (x32 Version: 11.2.1.10 - Sony Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
PC Remote (HKLM-x32\...\{C934DF74-D0D9-445C-90AA-34012A04E11D}) (Version: 3.51 - PC Remote)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.01.06110 - Sony Corporation) Hidden
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
Qualcomm Atheros Direct Connect (x32 Version: 3.0 - Qualcomm Atheros) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raise Data Recovery (HKLM\...\rdr) (Version: 6.4.2 - LLC SysDev Laboratories)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Remix OS (HKLM-x32\...\RemixOS) (Version:  - )
Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
Screen Grab Pro (HKLM-x32\...\{581125F9-D1C6-4797-93BB-47A992D69AA8}) (Version:  - )
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SMI Grabber Device (HKLM-x32\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.29 - Somagic)
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.9.0 - Synaptics Incorporated)
Syncios 6.0.2 (HKLM-x32\...\Syncios) (Version: 6.0.2 - Anvsoft)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.50527 A - TeamViewer)
TFTP Client (HKLM-x32\...\TFTP Client) (Version:  - )
Tftpd64 Standalone Edition (remove only) (HKLM-x32\...\Tftpd64) (Version:  - )
TinyTake by MangoApps (HKLM-x32\...\{cbb7c584-20c0-4426-9921-ac1cc52ff54d}) (Version: 4.0.1 - MangoApps)
TinyTake by MangoApps (x32 Version: 4.0.1 - MangoApps) Hidden
VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
VAIO - Media Gallery (HKLM-x32\...\{DD696AF7-8A89-41D5-976A-2053E41A69BE}) (Version: 2.2.3.04170 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.6.11.11160 - Sony Corporation) Hidden
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.1.0.07060 - Sony Corporation)
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Care (x32 Version: 6.4.0.15030 - Sony Corporation) Hidden
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (x32 Version: 4.5.0.03040 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 5.5.0.03040 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.4.0.03240 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Help and Support (HKLM-x32\...\{F5248E24-F52C-4FD1-B76F-102460BAFD6B}) (Version: 14.00.0125 - Sony Corporation)
VAIO Improvement (x32 Version: 1.0.0.14150 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.0.0.02250 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.550.0 - DDNi)
VAIO Quick Web Access (x32 Version: 1.4.5.5 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.10.2.08270 - Sony Corporation)
VAIO Transfer Support (x32 Version: 1.4.0.14230 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F000C}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F000C}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll (GAS Tecnologia)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {009C04E9-C525-4404-B6D1-8DF6D6DC3694} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {05376BBF-F45D-4DA2-BA43-45A3064BE927} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {095A8847-20C2-4A6C-ACCF-4DF1F0737AFC} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {18CB6D2A-3C3C-4C39-949A-B15A2A7BE1DE} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {1D0B746E-663B-445B-B5EF-62BE990FAC90} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
Task: {21292617-EA11-48D7-938A-8E789EF1C231} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {25C8D1DE-0489-48A2-AED8-1004F9D6DC52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {26DC3E0C-B5E7-4C39-93CF-1E710116085B} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {2B863642-3438-4D67-8BCB-AE6B23EC95BA} - System32\Tasks\VAIO® Messenger (Ivan) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {2EF3D667-644A-4E75-B96D-566ED111FD9D} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f3de85391025 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {3554DA6E-AA9E-4627-9837-9CEE4B8EE030} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {3AE5B1F5-4361-4F30-B6A2-04341920CC8F} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {45B644A3-64E0-4C6D-8F10-AB53162BC895} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2011-08-31] ()
Task: {51E4DFF9-4230-40FB-BA18-98AF805BC24F} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f3de85dace73 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {54499AD8-03B1-43F0-8593-6AD3F37EB409} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {62C56036-F72E-4AB7-8A36-EC7807A76612} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {6427CB57-91FA-43F0-A8E2-701F62D66204} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-01-24] (Cybereason)
Task: {654EF357-8E87-46B8-981E-17E175E659C0} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {7F18F11C-2259-4045-BD4F-DA24CFA621B7} - System32\Tasks\TinyTakeUpgrade => C:\Users\Ivan\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe [2015-10-13] (MangoApps Inc.)
Task: {8058F7E6-4B0E-465F-ADB0-349673A08666} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {85F3EE02-4F44-4B77-A63E-DAEDF6C56C10} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {8A855ED2-26EE-4C7E-B169-1514FB070BCF} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {92E0678C-7B0D-4FCE-8325-AC3A5D022681} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {9BB0577A-BB1F-4B2E-B90D-C9F3378A99CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-21] (Adobe Systems Incorporated)
Task: {B3AF4A93-B58D-4832-8DFE-0C0662393F43} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {B4B66809-153E-4054-BEB3-450B3E80B02E} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {BBB45B94-D3A4-45A9-A958-66BB99359CD8} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-21] (Adobe Systems Incorporated)
Task: {C27D5544-478D-40E8-BFDE-B0A22CEA9C09} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C5DEB034-64BC-4A8E-94DE-F7E13CBE9848} - System32\Tasks\Sony Corporation\VAIO Personalization Manager\VpmLM Task Music Ivan => C:\Program Files\Sony\VAIO Personalization Manager\VpmLM.exe [2011-10-03] (Sony Corporation)
Task: {C92E867A-053D-45B5-AC69-524C9ED8C323} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-01-24] (Cybereason)
Task: {CE6548F1-8A4A-41C7-9E67-056850378CFF} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {D41279D5-BC7F-4868-834C-9BD575704A3E} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {DABCD011-1F9F-4EBF-A996-C19B739CD941} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib TaskTray => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [2011-11-03] (Sony Corporation)
Task: {E0B846C9-F3FA-456E-B21E-7BAEF1FE3017} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E37EC287-8E65-4D27-863F-228B5EFC7031} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {E82D9BAC-9C33-4C8B-A90E-420D2B13723D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {EC26B6E7-9154-49ED-95F5-CDBA85E00152} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {EE689E85-8183-45EC-9F7C-D3306EE6151C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {FD139FD3-BE2B-49C9-A172-1B66471E155E} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-12-17 17:53 - 2010-12-17 17:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-06-15 23:40 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2011-06-21 07:42 - 2011-06-21 07:42 - 00034304 _____ () C:\Windows\System32\sst3cl6.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-02-21 17:38 - 2016-02-21 17:38 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-11-28 02:40 - 2016-11-28 02:39 - 00017376 _____ () C:\Users\Ivan\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
2017-01-19 18:50 - 2017-01-19 18:50 - 00064512 _____ () C:\Windows\SysWOW64\dxconfig.exe
2017-01-01 16:38 - 2017-01-01 16:38 - 00064512 _____ () C:\Windows\SearchIndexer.exe
2010-12-17 17:53 - 2010-12-17 17:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-03-28 03:04 - 2011-03-28 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-05-08 14:50 - 2015-05-08 14:50 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2013-11-01 14:59 - 2013-11-01 14:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2012-02-25 21:00 - 2011-03-05 20:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2016-05-11 09:35 - 2016-05-11 09:35 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f1b815cf32572cea383bc47659c174fa\IsdiInterop.ni.dll
2012-02-25 20:21 - 2010-11-06 03:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-03-13 10:29 - 2013-07-03 02:08 - 00061864 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudModel.dll
2014-03-13 10:29 - 2013-07-03 02:08 - 00018856 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudClient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2166]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\caixa.gov.br -> imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\infoseg.gov.br -> hxxp://www.infoseg.gov.br
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\samsungsetup.com -> hxxp://www.samsungsetup.com
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\serpro.gov.br -> hxxps://infoseg9.serpro.gov.br

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-01-30 01:14 - 00000894 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3714546670-946274982-931039520-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.189.88.192 - 200.189.88.182
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: ImDskSvc => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: OO DiskImage => 2
MSCONFIG\Services: SophosVirusRemovalTool => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: VCService => 3
MSCONFIG\Services: WsDrvInst => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk => C:\Windows\pss\TMMonitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia BackUp & Recorder Monitor.lnk => C:\Windows\pss\TotalMedia BackUp & Recorder Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Server.lnk => C:\Windows\pss\TotalMedia Server.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Avira System Speedup User Starter => "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\KeepVid\KeepVid Pro\DelayPluginI.exe
MSCONFIG\startupreg: Diebold - Warsaw => C:\Program Files\Diebold\Warsaw\core.exe
MSCONFIG\startupreg: FAStartup =>
MSCONFIG\startupreg: FATrayAlert => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
MSCONFIG\startupreg: FreeHideIPunstall =>
MSCONFIG\startupreg: GoogleChromeAutoLaunch_C76D497934B1A0EE0E3BF23C3F10F9A7 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: OODITRAY.EXE => C:\Program Files\Laplink\DiskImage\ooditray.exe
MSCONFIG\startupreg: PC Remote Server => C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe /silent
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Syncios device service => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
MSCONFIG\startupreg: TinyTake by MangoApps => "C:\Users\Ivan\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake by MangoApps.exe" NOTOPENCONTEXTMENU
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A70359FB-69DA-45AF-A7D0-E0B4566E3133}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{CF064422-05B5-4043-B099-1F2D4178C90A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{70A47580-D530-4C4A-A92D-A6B04B4DD111}] => (Allow) LPort=2869
FirewallRules: [{690A5E44-93E9-4E3B-A75A-79BE604E252D}] => (Allow) LPort=1900
FirewallRules: [{CC660E36-D225-45D0-ACF9-8701019DBA70}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3C353CC2-E905-43A5-BB48-109BB2E18455}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{51834E06-7B2C-4308-A3E5-7BA8CF8BCEB5}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
FirewallRules: [{31C8BE3E-B4C8-49FB-9F19-A6F615827F9B}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe
FirewallRules: [{14D45B68-ACD8-4340-86CA-C9E13AA13718}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
FirewallRules: [{9F8F5C54-4D93-4000-B4B0-CFA5DC44FE59}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [{CAC38972-004A-4D1A-8A67-D3F18742900F}] => (Allow) C:\Program Files (x86)\Sony\Media Gallery\VRLP.exe
FirewallRules: [{26B62950-7CFA-4286-BD5B-C68DFB15E44C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D113E971-C739-4B3A-A5EC-42C65ED9716B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC69ED9E-9303-4128-9024-C4D57D814B42}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{7192DA52-8681-4B15-ABD7-AC26415C8542}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{8664838F-22A5-4EC5-B735-470557676330}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{D5697FF2-A701-47FB-8272-24F2A091A4BF}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{1BF5F74D-025D-493B-A633-B223A201C7AC}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{3A608BE2-255B-466D-9AAE-C43BA4F4DAFA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8945EE26-AEAE-49AC-9F66-5B7357DB9C54}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37439B52-B830-4EBC-B943-AAA2C4AFB384}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1EA0333B-8755-445D-A045-B35961902A4B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{46A0D045-05C4-4D1F-843A-B5A1A9EB34F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FF41E427-5A11-4FA3-8F02-E77D49E77E70}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{638F7488-C483-414E-969A-0413DE17F912}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [UDP Query User{C529F1AE-6246-42C7-81A6-CFE18E236096}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [{44F2E0EF-251C-4038-82E8-7571FE4AE4C4}] => (Allow) C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AA026661-1E60-4B47-BF5E-C0505D4F250A}] => (Allow) C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0A8EA6FA-D041-4248-907D-A33649096D12}] => (Allow) C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2C99A0B3-3C01-4EB0-99FA-8C4A5CE47514}] => (Allow) C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE5658E9-3EE7-48B1-8828-C1DBC8FEFB5D}] => (Allow) C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE3F91C6-2FE9-4D9A-ACCA-706CC7255287}] => (Allow) C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9AEFD00B-CB98-4910-81A5-396442A32179}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{061C0E8E-1DB0-41DE-877D-DCAAC8A55158}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{A70F557A-FECD-4DFC-A078-A928350BB404}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{6A3B8C2C-662A-43BF-92DA-80D6F834536F}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [TCP Query User{15505A3B-E9BF-432D-B139-4D85D085189E}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{A2395079-CC16-4908-92AA-F964E8FD1A71}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{3941A930-5766-456F-A126-B79FF00CE3E4}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{1EE1D3DE-1B75-418E-B88D-CB28D122FCF4}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [{6A60F6F5-8C02-4A83-BEA4-68B2435BB81E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{4F1079E9-5C42-4803-B76C-6A452AB62C21}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe
FirewallRules: [UDP Query User{B8767609-ABD2-464F-A955-33F5D4CB5C6F}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe
FirewallRules: [TCP Query User{FC289D15-F163-4E5D-AD63-0C6F4396AE37}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe
FirewallRules: [UDP Query User{4D2E170E-6FF6-4CC0-A11D-ACF3A14CE3D1}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe
FirewallRules: [{368890DC-D616-4D0A-96D2-B702804439B1}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [{E8721374-3AE5-4130-8850-93985B0B5A21}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [TCP Query User{DA6FBAC5-ED00-4BA6-898F-6874BFAADE01}C:\windows\ehome\ehexthost.exe] => (Allow) C:\windows\ehome\ehexthost.exe
FirewallRules: [UDP Query User{23F57204-109E-449C-95B2-78B3A39ADD8B}C:\windows\ehome\ehexthost.exe] => (Allow) C:\windows\ehome\ehexthost.exe
FirewallRules: [{C05C36E1-75DC-4F2D-A1D1-CBF30F00B59B}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 3\IP Camera Viewer.exe
FirewallRules: [{21FB453E-3A60-4E80-A5B6-2FAD6528A689}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 3\IP Camera Viewer.exe
FirewallRules: [{7AAB3F22-966F-40BC-91D9-9F3263FE5B35}] => (Block) %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{53436137-4432-4141-B141-EE2520A9CC71}] => (Block) %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe
FirewallRules: [{9F9D14D1-D98E-4ADF-BE12-A893FB0E0EBA}] => (Block) %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{DB887C5C-3C10-4681-86E1-9CD48F61B719}] => (Block) %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{4F5AECDD-146C-4878-BE67-5F6B836923AF}] => (Block) %ProgramFiles%\Wondershare\Filmora\ImageHost.exe
FirewallRules: [{D3833999-D5B7-4165-9751-85A67F7EE70C}] => (Block) %ProgramFiles%\Wondershare\Filmora\Wondershare Helper Compact.exe
FirewallRules: [{10596333-2C4C-4C44-844E-C3EC70794BF5}] => (Block) %ProgramFiles%\Wondershare\Filmora\WSResDownloader.exe
FirewallRules: [{8A8B072C-6FA5-4DB1-9B0E-BEDD7538C2C0}] => (Block) %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{17847381-76CD-492A-B7BF-195C9B579485}] => (Block) %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe
FirewallRules: [{D29FB238-9957-4747-B682-3D2784AA1DED}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{169D8E2E-4102-43BA-946A-4DB3B8A2CED7}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{29A47274-F4AF-4E30-BE50-258BFC49E286}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [TCP Query User{FF0413C0-8AC0-421A-9788-C4C722D5DF86}C:\users\ivan\downloads\rtl1090a\rtl1090.exe] => (Allow) C:\users\ivan\downloads\rtl1090a\rtl1090.exe
FirewallRules: [UDP Query User{52BE858F-5C0D-4EF2-9B03-5D5E07629095}C:\users\ivan\downloads\rtl1090a\rtl1090.exe] => (Allow) C:\users\ivan\downloads\rtl1090a\rtl1090.exe
FirewallRules: [{B20F4783-3192-4E98-AD65-5189FF792D87}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{461001B9-BC1B-475B-8A26-63286E5B2B8D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{48864A6E-2E7E-4AF1-8B14-33D3417E6BA8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99FCE23D-DF17-4461-839A-77E1D5C0F1C6}] => (Block) %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{F4A5015C-8719-46E9-A098-259CD6EC3B5B}] => (Block) %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{8F2EA323-7CA7-4845-B71F-81159404CEF7}] => (Block) %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{90A832AF-C289-495F-8556-4871D3F3D160}] => (Block) %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe
FirewallRules: [{5AF79AAC-2E99-4F0A-B858-9850B8A1D612}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{241B5A05-FAC1-4222-A27A-D55090C0B364}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [TCP Query User{C84872FE-C12D-4F12-BF10-94EC0814B286}C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe] => (Block) C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe
FirewallRules: [UDP Query User{D166B843-3A2D-415E-ABF4-3ABD007756E0}C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe] => (Block) C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe
FirewallRules: [{6910F66E-27DD-479D-A919-1D33807A2F8B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-01-2017 21:39:49 Installed Cybereason RansomFree 2.2.3.0
25-01-2017 02:55:35 Removed Oasis2Service
01-02-2017 10:51:22 Ponto de Verificação Agendado
06-02-2017 18:33:55 Instalação de Pacote de Driver de Dispositivo: TAP-Windows Provider V9 Adaptadores de rede
11-02-2017 13:59:26 Installed Suricata IDS/IPS 3.2-1-32bit
11-02-2017 14:18:36 Removed Suricata IDS/IPS 3.2-1-32bit
19-02-2017 05:27:36 Ponto de Verificação Agendado
24-02-2017 02:42:12 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2017 02:28:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/26/2017 02:23:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Ivan-VAIO)
Description: O Windows não pode localizar o perfil local e está fazendo seu logon com um perfil temporário. As alterações que você fizer nesse perfil serão perdidas quando você fizer logoff.

Error: (02/26/2017 02:23:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Ivan-VAIO)
Description: O Windows fez o backup deste perfil de usuário. O Windows tentará usar automaticamente esse perfil na próxima vez em que o usuário fizer logon.

Error: (02/26/2017 02:23:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Ivan-VAIO)
Description: O Windows não pode carregar o perfil armazenado localmente. As possíveis causas do erro são direitos de segurança insuficientes ou um perfil local corrompido.

 DETALHE - O arquivo já está sendo usado por outro processo.

Error: (02/26/2017 02:23:33 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORIDADE NT)
Description: O Windows não pôde carregar o Registro. Isso geralmente é causado por memória insuficiente ou direitos de segurança insuficientes.

 DETALHE - O arquivo já está sendo usado por outro processo.
 para C:\Users\Ivan\ntuser.dat

Error: (02/26/2017 02:23:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/25/2017 08:00:09 PM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: Um problema impediu que os dados do Programa de Aperfeiçoamento da Experiência do Usuário fossem consolidados em arquivos que podem ser enviados para a Microsoft, (Erro 80004005).

Error: (02/25/2017 10:56:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/25/2017 01:10:51 AM) (Source: Customer Experience Improvement Program) (EventID: 1006) (User: )
Description: Um problema impediu que os dados do Programa de Aperfeiçoamento da Experiência do Usuário fossem consolidados em arquivos que podem ser enviados para a Microsoft, (Erro 80004005).

Error: (02/24/2017 07:57:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "C:\Users\Ivan\Desktop\esetsmartinstaller_enu.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (02/26/2017 02:30:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (02/26/2017 02:30:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (02/26/2017 02:30:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (02/26/2017 02:30:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (02/26/2017 02:28:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (02/26/2017 02:28:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (02/26/2017 02:28:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (02/26/2017 02:28:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
gbpddfac
gbpddreg

Error: (02/26/2017 02:27:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento anterior do sistema em 2:25:42 PM às ‎2/‎26/‎2017 não era esperado.

Error: (02/26/2017 02:25:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 43%
Total physical RAM: 4043.86 MB
Available physical RAM: 2269.96 MB
Total Virtual: 8085.89 MB
Available Virtual: 5542.6 MB

==================== Drives ================================

Drive b: () (Network) (Total:310.72 GB) (Free:61.35 GB) NTFS
Drive c: () (Fixed) (Total:310.72 GB) (Free:61.35 GB) NTFS
Drive d: () (Fixed) (Total:274.2 GB) (Free:14.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 90547D58)
Partition 1: (Not Active) - (Size=11.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=310.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=274.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 PM

Posted 26 February 2017 - 06:15 PM

hi,

 

Do you notice if utorrent running all the time?

Do you see the icon by the clock? If not do you see the .exe in process manager?

 

We will get a download for you to use and see if it drags up anything:

 

Usually only online once or twicw per day so you may not get a response back form me until the following day.

 

--------------------------------------------------------------------------------------------

Please download the free version of Malwarebytes to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
 
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
 
If an update is found, it will download and install the latest version.
 
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click  *Remove Selected.*
 
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
 
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.


How Can I Reduce My Risk to Malware?


#3 igirao

igirao
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 26 February 2017 - 09:45 PM

Hi, to your questions the answer is no. Pls see the report of MB below. I was suspecting of a recent program installed. And I was right. The program that was creating those folders with files in is the Cybereason RansomFree software. I uninstalled it and the folders were gone. I went to their website to see if I could get in touch with them to know why the program behaves like that but no chat or form, only by phone. I would like to know why the program creates those weird folders and files. That's it.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/26/17
Scan Time: 7:48 PM
Logfile: MB.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1366
License: Expired

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ivan-VAIO\Ivan

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 411921
Time Elapsed: 15 min, 25 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 1
PUM.Optional.NoDrives, HKU\S-1-5-21-3714546670-946274982-931039520-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NODRIVES, Replaced, [19575], [293343],1.0.1366

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 10
PUP.Optional.Trotux, C:\USERS\IVAN\APPDATA\ROAMING\PROFILES\WIJERIEDMUSERTION.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1366
PUP.Optional.Trotux, C:\USERS\IVAN\APPDATA\ROAMING\PROFILES\WIJERIEDMUSERTION.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1366
PUP.Optional.Trotux, C:\USERS\IVAN\APPDATA\ROAMING\PROFILES\WIJERIEDMUSERTION.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1366
PUP.Optional.Trotux, C:\USERS\IVAN\APPDATA\ROAMING\PROFILES\WIJERIEDMUSERTION.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1366
PUP.Optional.Trotux, C:\USERS\IVAN\APPDATA\ROAMING\PROFILES\WIJERIEDMUSERTION.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1366
PUP.Optional.Trotux, C:\USERS\IVAN\APPDATA\ROAMING\PROFILES\WIJERIEDMUSERTION.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1366
PUP.Optional.Trotux, C:\USERS\IVAN\APPDATA\ROAMING\PROFILES\WIJERIEDMUSERTION.DEFAULT\PREFS.JS, Replaced, [420], [324486],1.0.1366
PUP.Optional.Trotux, C:\USERS\IVAN\APPDATA\ROAMING\PROFILES\WIJERIEDMUSERTION.DEFAULT\SEARCHPLUGINS\KRRFKGD4.XML, Quarantined, [420], [324483],1.0.1366
RiskWare.Tool.HCK, C:\$RECYCLE.BIN\S-1-5-21-3714546670-946274982-931039520-1005\$RD9HZFP.1\KEYGEN-FFF.ZIP, Quarantined, [2562], [69974],1.0.1366
RiskWare.Tool.HCK, C:\$RECYCLE.BIN\S-1-5-21-3714546670-946274982-931039520-1005\$RD9HZFP.1\KEYGEN.EXE, Quarantined, [2562], [69974],1.0.1366

Physical Sector: 0
(No malicious items detected)

(end)



#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 PM

Posted 27 February 2017 - 05:19 PM

There was a popular virus a few years ago that would keep utorrnet running and sharing files in the background, thats why I asked the questions.

 

 

that was creating those folders with files in is the Cybereason RansomFree software. I uninstalled it and the folders were gone

Looks like it uses dummy files:

source: http://www.pcworld.com/article/3150748/security/this-free-software-protects-your-pc-against-ransomware.html

 

 

It alerts you that the program placed some specially constructed files on your system that help RansomFree do its job. Eilat wouldn’t go into too much detail about what these files do. He would say they were there to be the “victims” of potential ransomware infections and to slow the malware down.

 

Heres two more apps along the same lines. If you know how to protect yourself from general malware then you should be good to go. Ransomware is really no different, you "get it" the same ways. Of course, unless you have back ups- all your data is toast.

 

https://blog.malwarebytes.com/malwarebytes-news/2016/01/introducing-the-malwarebytes-anti-ransomware-beta/

https://www.bitdefender.com/solutions/anti-ransomware-tool.html


How Can I Reduce My Risk to Malware?


#5 igirao

igirao
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 28 February 2017 - 04:19 PM

I read those topics from the links you provided. The weird files the program creates are all encrypted. I will try MBRW to see how it behaves. Other option is to use VeraCrypt. Anything else we should do?



#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 PM

Posted 28 February 2017 - 07:13 PM

VeraCrypt is not for protecting your machine from ransomware. Its strictly for disk/file encryption.

 

The other two I listed and the one you had do attempt to protect your files from being encrypted and held for ransom. They run in the background and will try to stop the process should you get hit with the malware.

 

Sounds like the files you had were just dummy files the malware would hopefully hit first before the process was stopped by the software.

 

I think your good. Keep Malwarebytes and remember the free version has to be updated manually and a scan started manually. You can delete the FRST icon and its files if you want

 

Happy Safe Surfing.


How Can I Reduce My Risk to Malware?


#7 igirao

igirao
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 01 March 2017 - 11:57 PM

I do know about VeraCrypt. How can a ransomware hit your drive/files if they are encrypted? Though it can try, you're somehow protected against it.

 

Anyway, thanks for your support. We always have to be watchful and prompt to meet possible problems. As I have in mind, free things do not catch everything. Then you have to fight it with what you've got.

 

:thumbup2:  Have a nice weekend.



#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 PM

Posted 05 March 2017 - 09:51 AM

 

How can a ransomware hit your drive/files if they are encrypted?

 

The malware will just re-encrypt the files making the key available only to the malware creator.

 

You supply money and you might get your files back. Hence the name -ransomware. 

 

The best defense for this is to have backups of critical data off line that wouldnt get hit. Or some software that would attempt to interrupt the process so it cant complete. Like Malwarebytes Anti-ransome, Bitdefender or Cybereason Ransome free and others.

 


How Can I Reduce My Risk to Malware?


#9 igirao

igirao
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 05 March 2017 - 09:47 PM

I'm still in doubt. When you encrypt your drive or file with keys, nothing can be done with them unless you provide the keys. I think they cannot be managed of any way, maybe deleted. I've never tried that but i'll give it a try. Then again, how can a ransomware manage (read, write and re-encrypt them) w/o the keys? Is that possible? I also know that an up-to-date backup off line is one of the best shot.

 

:thumbsup2:



#10 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 PM

Posted 07 March 2017 - 07:56 PM

 

how can a ransomware manage (read, write and re-encrypt them) w/o the keys? Is that possible?

Yes, its possible:

 

https://security.stackexchange.com/questions/66592/can-cryptolocker-or-other-ransomware-encrypt-files-that-are-already-encrypted#66593


How Can I Reduce My Risk to Malware?


#11 igirao

igirao
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 08 March 2017 - 09:15 PM

Hi! Yeah, I read that post. It somehow can be possible. But I did a test with a file I had locked with file locker. I tried to encrypt it with VeraCrypt and it had no success at all. The file locked could not be managed at all. No moving, deleting ,copying or whatsoever. Access denied. Now, when you encrypt a file it's locked in a container ( volume) that is a file and the original file stays not encrypted. When you create a new volume that will be encrypted, you can move the encrypted file to this new volume. So there's no security encrypting a file to be protected against ransomware. Only with locked files.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users