Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Jerjers (folder)


  • Please log in to reply
8 replies to this topic

#1 JulioAlvaro

JulioAlvaro

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 17 May 2017 - 04:56 PM

Greetings. A couple weeks ago i got a lot of malwares infecting my PC. I was able to get rid of some of them (Kyubey. winsnare, etc.) But still having problems with a folder that keeps appearing called "Jerjers".
I delete everything related with it but after a couple days it returns and create fake firefox/google+ icon and browser hijacking.

Hope someone can give me a solution for this. Thanks in advance.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
Ran by Julio (administrator) on JULIOALVARO (17-05-2017 22:36:57)
Running from C:\Users\Julio\Desktop\Nova pasta (6)
Loaded Profiles: Julio (Available Profiles: Julio)
Platform: Windows 8.1 (Update) (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Firefox\Firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(eRmail Company, s. r. o.) C:\Users\Julio\AppData\Roaming\eRclient\eRclient.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [156335152 2017-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-20] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-05-03] (Panda Security, S.L.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1477392 2016-04-16] (Lavasoft)
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\Run: [eRclient] => C:\Users\Julio\AppData\Roaming\eRclient\eRclient.exe [1269248 2014-10-15] (eRmail Company, s. r. o.)
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\CurrentVersion\Windows: [Load] C:\Users\Julio\LOCALS~1\Temp\mssthv.cmd <===== ATTENTION
HKLM\...\Providers\eflqpi1k: C:\Program Files (x86)\Joseck Helper\local64spl.dll
IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
IFEO\taskmgr.exe: [Debugger]
ShellExecuteHooks: No Name - {2CD4F1CA-0597-11E7-9A3A-64006A5CFC35} -  -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-16] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-16] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-16] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-16] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-16] (Lavasoft Limited)
Hosts: 127.0.0.1 idnet.ua-corp.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1D628642-A1E9-401E-9DE1-5F0948C9C448}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{1EA25BC1-10B1-4986-8210-9F130AF5A6D3}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491365088&z=ee5d154aae7a4c05288cb05gbz7tcgecdq3w4eamfq&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491365088&z=ee5d154aae7a4c05288cb05gbz7tcgecdq3w4eamfq&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/23&l=1&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491365088&z=ee5d154aae7a4c05288cb05gbz7tcgecdq3w4eamfq&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10281__160416__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-26] (McAfee, Inc.)
Handler: WSWSVCUchrome - No CLSID Value
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081

FireFox:
========
FF ProfilePath: C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\4g869r0k.default-1447441869471\Profiles\4g869r0k.default-1447441869471 [not found]
FF ProfilePath: C:\Users\Julio\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\4g869r0k.default-1447441869471\Profiles\4g869r0k.default-1447441869471 [not found]
FF ProfilePath: C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567 [2017-05-17]
FF Homepage: Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567 -> about:home
FF Extension: (United States English Spellchecker) - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\en-US@dictionaries.addons.mozilla.org [2017-03-15]
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\es-es@dictionaries.addons.mozilla.org [2017-04-29]
FF Extension: (ClixAddon) - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\jid1-wKRSK9TpFpr9Hw@jetpack.xpi [2017-05-09]
FF Extension: (Video DownloadHelper) - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09]
FF Extension: (UploadCC: Screen Capture Tool (Share or Save)) - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\{c792c738-394d-40e2-ab49-2bf457a32c3f}.xpi [2017-04-20]
FF Extension: (Adblock Plus) - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-04-01]
FF ProfilePath: C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567 [2017-05-17]
FF Extension: (FF Adr) - C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-05-17] [not signed]
FF Extension: (United States English Spellchecker) - C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\en-US@dictionaries.addons.mozilla.org [2017-05-17]
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\es-es@dictionaries.addons.mozilla.org [2017-05-17]
FF Extension: (ClixAddon) - C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\jid1-wKRSK9TpFpr9Hw@jetpack.xpi [2017-05-09]
FF Extension: (Português (Portugal) Language Pack) - C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\langpack-pt-PT@firefox.mozilla.org.xpi [2017-05-17] [not signed]
FF Extension: (Video DownloadHelper) - C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09]
FF Extension: (UploadCC: Screen Capture Tool (Share or Save)) - C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\{c792c738-394d-40e2-ab49-2bf457a32c3f}.xpi [2017-04-20]
FF Extension: (Adblock Plus) - C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-04-01]
FF SearchPlugin: C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\searchplugins\ourluckysites.xml [2017-05-17]
FF SearchPlugin: C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\searchplugins\startsearch.xml [2017-05-17]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\gxqcts2t.default-1429325320689\extensions\searchengine@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\3mfodqp8.default\extensions\istart_ffnt@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\3mfodqp8.default\extensions\fftoolbar2014@etech.com => not found
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\gxqcts2t.default-1429325320689\extensions\quick_searchff@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\gxqcts2t.default-1429325320689\extensions\sweetsearch@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-11] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-11] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2092581931-4276195263-200352700-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Julio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Hipmy\Application\chrome.exe <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 3DM; C:\Users\Julio\AppData\Local\3DM\Kitty.dll [754688 2017-04-19] (kitty.exe) [File not signed] <==== ATTENTION
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AppleSrv; C:\ProgramData\Apple\Apple Application\DeviceCfg.dll [118784 2017-03-15] () [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-04-25] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-04-25] (ASUSTeK Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-17] (BIT) [File not signed] <==== ATTENTION
R2 CWASRE; C:\Users\Julio\AppData\Local\CWASRE\Snare.dll [828416 2017-05-17] (IntertSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [101016 2017-05-17] () <==== ATTENTION
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-04-16] (Lavasoft Limited) [File not signed]
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-04-26] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-05-03] (Panda Security, S.L.)
R2 OneDirveSrv; C:\ProgramData\Microsoft OneDrive\setup\SyncTool.dll [129024 2017-05-10] () [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-05-03] (Panda Security, S.L.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 swpvr; C:\ProgramData\Microsoft\Software\Shadow\Provider.dll [122880 2017-05-17] (TODO: <Company name>) [File not signed]
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-04-16] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WindowsAppSvc; C:\ProgramData\Microsoft\Apps\common\helper.dll [117248 2017-05-08] () [File not signed]
R2 WinSAPSvc; C:\Users\Julio\AppData\Roaming\WinSAPSvc\WinSAP.dll [1873920 2017-05-17] (TODO:  <公司名>) [File not signed] <==== ATTENTION
S2 ANSARE; C:\Users\Julio\AppData\Local\ANSARE\Snare.dll [X]
S2 ed2kidle; "C:\Program Files (x86)\amulell\ed2k.exe" -downloadwhenidle [X]
S2 NPASRE; C:\Users\Julio\AppData\Local\NPASRE\Snare.dll [X]
S2 VNASRE; C:\Users\Julio\AppData\Local\VNASRE\Snare.dll [X]
S2 WANARE; C:\Users\Julio\AppData\Local\WANARE\Snare.dll [X]
S2 WinSnare; C:\Users\Julio\AppData\Roaming\WINSNARE\WinSnare.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-04-25] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2016-11-28] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-03-23] (Disc Soft Ltd)
S3 fwdrv; C:\Windows\system32\DRIVERS\fwdrv.sys [27840 2014-03-22] (Web Solution Mart)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 LgBttPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\drivers\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\system32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2016-11-28] ()
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49272 2014-12-29] (Visicom Media Inc.)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-28] (Intel Corporation)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (Visicom Media Inc.)
R2 memudrv; D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201464 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [85712 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [177424 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [264976 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-12-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [171792 2016-02-16] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [127248 2016-02-16] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205072 2016-02-16] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2016-02-16] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2016-02-23] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2016-02-16] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2015-04-09] (Basil Projects)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-12] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-12] (Zemana Ltd.)
U0 aswVmm; no ImagePath
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== ATTENTION
U0 msahci; system32\drivers\msahci.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\softaal64.sys [X]
S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; \SystemRoot\system32\DRIVERS\vmnetbridge.sys [X]
S2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S1 xjdjyont; \??\C:\Windows\system32\drivers\xjdjyont.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-17 22:36 - 2017-05-17 22:36 - 00000000 ____D C:\Users\Julio\Desktop\Nova pasta (6)
2017-05-17 22:36 - 2017-05-17 22:36 - 00000000 ____D C:\FRST
2017-05-17 10:11 - 2017-05-17 10:11 - 00000000 ____D C:\Users\Julio\AppData\Local\Firefox
2017-05-17 10:09 - 2017-05-17 10:09 - 00000000 ____D C:\Users\Julio\AppData\Local\Hotleaf
2017-05-17 10:08 - 2017-05-17 10:08 - 00000000 ____D C:\Users\Julio\AppData\Roaming\Firefox
2017-05-17 10:08 - 2017-05-17 10:08 - 00000000 ____D C:\Program Files (x86)\Hotleaf
2017-05-17 10:07 - 2017-05-17 10:08 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-05-17 10:05 - 2017-05-17 10:05 - 00000000 ____D C:\Program Files (x86)\Default Company Name
2017-05-17 09:46 - 2017-05-17 09:47 - 00000000 ____D C:\Program Files (x86)\MIO
2017-05-16 18:28 - 2017-05-17 10:06 - 00003588 _____ C:\Windows\System32\Tasks\Milimili
2017-05-16 18:27 - 2017-05-17 10:06 - 00000000 ____D C:\Users\Julio\AppData\Roaming\WinSAPSvc
2017-05-16 18:27 - 2017-05-17 09:42 - 00000000 ____D C:\Users\Julio\AppData\Local\CWASRE
2017-05-16 18:27 - 2017-05-16 18:27 - 00000000 ____D C:\Program Files (x86)\Jerjers
2017-05-15 00:52 - 2017-05-15 00:52 - 00013331 _____ C:\Users\Julio\Downloads\file3.rar
2017-05-13 18:57 - 2017-05-13 18:57 - 00003912 _____ C:\Windows\System32\Tasks\Update Checker
2017-05-13 01:17 - 2017-05-17 10:13 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2092581931-4276195263-200352700-1001
2017-05-12 19:11 - 2017-05-17 16:46 - 00000000 ____D C:\Users\Julio\AppData\LocalLow\Mozilla
2017-05-12 19:04 - 2017-04-28 23:44 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-12 19:04 - 2017-04-28 23:44 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-11 19:52 - 2017-05-11 19:52 - 00000000 _____ C:\Windows\SysWOW64\3333333
2017-05-11 19:50 - 2017-05-11 19:50 - 00000000 _____ C:\Windows\SysWOW64\00
2017-05-10 01:08 - 2017-05-10 01:08 - 00000000 ____D C:\Windows\PCHEALTH
2017-05-10 01:03 - 2017-05-10 01:03 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2017-05-10 01:03 - 2017-05-10 01:03 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2017-05-10 00:50 - 2017-03-30 14:15 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-05-10 00:50 - 2017-03-30 14:15 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-05-10 00:50 - 2017-03-30 14:15 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-05-10 00:50 - 2017-03-30 14:15 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-05-09 22:32 - 2017-05-09 22:32 - 00000800 _____ C:\Users\Julio\Desktop\Start Tor Browser.lnk
2017-05-09 22:31 - 2017-05-09 22:32 - 00000000 ____D C:\Users\Julio\Desktop\Tor Browser
2017-05-09 20:43 - 2017-04-16 11:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-05-09 20:43 - 2017-04-16 10:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-05-09 20:43 - 2017-04-16 09:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-09 20:43 - 2017-04-16 08:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-09 20:43 - 2017-04-16 08:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-09 20:43 - 2017-04-16 07:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-09 20:42 - 2017-04-28 22:15 - 07444824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-09 20:42 - 2017-04-26 15:06 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-09 20:42 - 2017-04-16 11:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-09 20:42 - 2017-04-16 11:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-09 20:42 - 2017-04-16 11:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-09 20:42 - 2017-04-16 11:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-09 20:42 - 2017-04-16 10:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-09 20:42 - 2017-04-16 10:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-09 20:42 - 2017-04-16 10:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-09 20:42 - 2017-04-16 09:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-09 20:42 - 2017-04-16 09:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-09 20:42 - 2017-04-16 09:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-09 20:42 - 2017-04-16 09:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-09 20:42 - 2017-04-16 09:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-09 20:42 - 2017-04-16 09:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-09 20:42 - 2017-04-16 09:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-09 20:42 - 2017-04-16 09:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-09 20:42 - 2017-04-16 09:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-09 20:42 - 2017-04-16 09:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-09 20:42 - 2017-04-16 09:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-09 20:42 - 2017-04-16 09:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-09 20:42 - 2017-04-16 09:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-09 20:42 - 2017-04-16 08:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-09 20:42 - 2017-04-16 08:52 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-09 20:42 - 2017-04-16 08:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-09 20:42 - 2017-04-16 08:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-09 20:42 - 2017-04-16 08:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-09 20:42 - 2017-04-16 08:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-09 20:42 - 2017-04-16 08:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-09 20:42 - 2017-04-16 08:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-09 20:42 - 2017-04-16 08:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-09 20:42 - 2017-04-16 08:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-09 20:42 - 2017-04-16 08:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-09 20:42 - 2017-04-16 08:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-09 20:42 - 2017-04-16 08:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-09 20:42 - 2017-04-16 08:17 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-09 20:42 - 2017-04-16 08:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-09 20:42 - 2017-04-16 08:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-09 20:42 - 2017-04-16 08:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-09 20:42 - 2017-04-16 08:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-09 20:42 - 2017-04-16 08:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-09 20:42 - 2017-04-16 08:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-09 20:42 - 2017-04-16 08:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-05-09 20:42 - 2017-04-16 07:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-09 20:42 - 2017-04-16 07:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-09 20:42 - 2017-04-16 07:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-09 20:42 - 2017-04-16 07:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-09 20:42 - 2017-04-16 07:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-09 20:42 - 2017-04-09 23:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-09 20:42 - 2017-04-09 23:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-09 20:42 - 2017-04-08 00:20 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-09 20:42 - 2017-04-07 14:56 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-09 20:42 - 2017-04-02 17:41 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-09 20:42 - 2017-04-02 17:41 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-09 20:42 - 2017-04-01 00:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-09 20:42 - 2017-03-31 22:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-09 20:42 - 2017-03-13 17:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-05-09 20:42 - 2017-03-13 17:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-09 20:42 - 2017-03-13 17:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-09 20:42 - 2017-03-13 17:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-05-09 20:42 - 2017-03-13 17:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-09 20:42 - 2017-03-13 17:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-09 20:42 - 2017-03-11 20:34 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-09 20:42 - 2017-03-11 20:32 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-09 20:42 - 2017-03-11 20:32 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-09 20:42 - 2017-03-11 19:49 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-09 20:42 - 2017-03-11 18:58 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-09 20:42 - 2017-03-11 18:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-09 20:42 - 2017-03-11 00:38 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-05-09 20:42 - 2017-03-11 00:38 - 00275800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-05-09 20:42 - 2017-03-09 21:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-05-09 20:42 - 2017-03-09 20:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-05-09 20:42 - 2017-03-08 03:44 - 00448285 _____ C:\Windows\system32\ApnDatabase.xml
2017-05-09 18:58 - 2017-05-17 10:05 - 00000000 _____ C:\Windows\SysWOW64\1111
2017-05-05 23:18 - 2017-05-06 00:46 - 00000132 _____ C:\Users\Julio\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-05-05 18:49 - 2017-05-17 12:00 - 00003480 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2017-05-04 20:05 - 2017-05-04 20:05 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-03 22:55 - 2017-05-03 23:15 - 00000000 ____D C:\Users\Julio\Documents\RPGVXAce
2017-05-03 22:55 - 2017-05-03 22:55 - 00000000 ____D C:\Users\Julio\AppData\Roaming\SmartSteamEmu
2017-05-03 22:54 - 2017-05-03 22:54 - 00001904 _____ C:\Users\Julio\Desktop\RPG Maker AIO Launcher.lnk
2017-05-03 22:54 - 2017-05-03 22:54 - 00000000 ____D C:\Users\Julio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPG Maker AIO
2017-05-03 22:47 - 2017-05-03 22:47 - 00000000 ____D C:\Program Files (x86)\RPG Maker AIO
2017-05-03 22:08 - 2017-05-03 22:08 - 00000000 ____D C:\Users\Julio\Documents\Games
2017-05-03 19:51 - 2017-05-03 22:45 - 00000000 ____D C:\Users\Julio\Desktop\Nova pasta (4)
2017-05-03 19:03 - 2017-05-11 19:51 - 00000000 _____ C:\Windows\SysWOW64\1111111
2017-04-30 00:54 - 2017-04-30 00:54 - 00000000 ____D C:\Users\Julio\AppData\Local\Microsoft Help
2017-04-29 20:15 - 2017-04-29 20:15 - 00000000 ____D C:\Users\Julio\Documents\Modelos Personalizados do Office
2017-04-26 18:39 - 2017-04-26 18:39 - 00000046 _____ C:\Windows\wininit.ini
2017-04-26 08:12 - 2017-04-26 08:12 - 00000000 ____D C:\Windows\psgo
2017-04-23 18:45 - 2017-04-23 20:50 - 00000000 ____D C:\Users\Julio\Downloads\BoneTown-PL09YiSO
2017-04-23 03:40 - 2017-04-23 03:41 - 23696369 _____ C:\Users\Julio\Downloads\bonuscoiros.rar
2017-04-22 23:25 - 2017-04-22 23:25 - 00014983 _____ C:\Users\Julio\Downloads\weknow_luxurious-sexy.zip
2017-04-22 23:25 - 2012-06-14 16:21 - 00033064 _____ C:\Users\Julio\Downloads\luxurious sexy.ttf
2017-04-20 18:41 - 2017-05-11 19:50 - 00000000 _____ C:\Windows\SysWOW64\11
2017-04-20 05:34 - 2017-05-16 22:18 - 00000035 _____ C:\Users\Julio\AppData\Roaming\sp_data.sys
2017-04-19 17:40 - 2017-04-19 17:40 - 00000000 ____D C:\Users\Julio\AppData\Local\3DM
2017-04-18 08:01 - 2017-04-18 08:01 - 00000000 ____D C:\Windows\Update

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-17 22:38 - 2017-04-08 01:14 - 00000000 ____D C:\Users\Julio\Desktop\Nova pasta
2017-05-17 22:38 - 2017-03-12 23:33 - 01162843 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-05-17 22:38 - 2017-03-12 23:33 - 01151097 _____ C:\Windows\ZAM.krnl.trace
2017-05-17 22:19 - 2017-03-14 20:02 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-05-17 21:55 - 2015-10-09 01:45 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-05-17 12:00 - 2016-09-29 18:57 - 00003470 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2017-05-17 10:10 - 2017-03-14 20:07 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-05-17 09:47 - 2017-03-14 21:46 - 00001774 _____ C:\Users\Julio\Desktop\firefox.exe - Atalho.lnk
2017-05-17 09:47 - 2015-12-05 02:07 - 00001831 _____ C:\Users\Public\Desktop\Borderlands The Pre-Sequel.lnk
2017-05-17 09:47 - 2015-03-21 18:13 - 00001605 _____ C:\Users\Julio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-16 23:55 - 2015-10-09 01:45 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-05-15 19:01 - 2015-03-25 21:16 - 20304896 ___SH C:\Users\Julio\Desktop\Thumbs.db
2017-05-15 18:36 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-05-13 01:55 - 2015-10-09 01:45 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-13 01:17 - 2014-10-29 02:09 - 00788756 _____ C:\Windows\system32\prfh0816.dat
2017-05-13 01:17 - 2014-10-29 02:09 - 00163828 _____ C:\Windows\system32\prfc0816.dat
2017-05-13 01:17 - 2014-03-18 16:26 - 01816356 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-13 01:14 - 2017-03-14 22:22 - 00000000 _____ C:\Windows\SysWOW64\1
2017-05-13 01:11 - 2015-03-21 18:12 - 00000000 ____D C:\Users\Julio
2017-05-13 01:11 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-13 01:00 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-12 19:11 - 2015-03-21 20:05 - 00000000 ____D C:\Users\Julio\AppData\Roaming\Mozilla
2017-05-12 19:01 - 2013-08-22 15:44 - 05110720 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-12 18:59 - 2016-11-17 20:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-12 18:59 - 2015-03-21 20:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-12 18:58 - 2015-03-23 00:59 - 00000000 ____D C:\Users\Julio\AppData\Roaming\uTorrent
2017-05-12 03:17 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-11 03:08 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2017-05-11 01:25 - 2015-03-21 20:13 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-11 01:25 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-11 01:25 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-10 01:15 - 2015-03-24 00:00 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-10 01:15 - 2015-03-24 00:00 - 00000000 ____D C:\Windows\system32\MRT
2017-05-10 01:07 - 2013-08-22 14:25 - 00000199 _____ C:\Windows\win.ini
2017-05-09 22:32 - 2015-12-16 03:36 - 00000848 _____ C:\Users\Julio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-05-06 23:34 - 2017-01-17 01:27 - 00000000 ____D C:\Users\Julio\Desktop\Nova pasta (2)
2017-05-05 02:20 - 2017-04-03 02:32 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-04 00:33 - 2015-10-23 20:48 - 00000000 ____D C:\Users\Julio\AppData\LocalLow\Adobe
2017-05-04 00:33 - 2015-03-21 20:12 - 00000000 ____D C:\Users\Julio\AppData\Local\Adobe
2017-05-03 23:28 - 2017-01-13 03:27 - 00000000 ____D C:\Users\Julio\Desktop\imagens
2017-05-03 01:41 - 2015-03-21 18:13 - 00000000 ____D C:\Users\Julio\AppData\Local\Packages
2017-04-21 18:12 - 2017-03-13 02:08 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-04-21 18:11 - 2017-03-14 20:02 - 00000000 _____ C:\Windows\SysWOW64\4
2017-04-20 02:16 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2017-04-19 20:39 - 2017-04-15 01:25 - 00000000 ____D C:\Users\Julio\Documents\Poser Pro 2014 Content
2017-04-19 20:39 - 2016-10-30 20:10 - 00000000 ____D C:\Users\Julio\Documents\Stronghold Crusader 2
2017-04-19 20:39 - 2015-12-04 03:48 - 00000000 ____D C:\Users\Julio\Documents\MEGAsync Downloads
2017-04-19 20:39 - 2015-09-03 00:39 - 00000000 ____D C:\Users\Julio\Documents\Singularity
2017-04-19 20:39 - 2015-08-05 04:26 - 00000000 ____D C:\Users\Julio\AppData\Roaming\Foxit Software
2017-04-19 20:39 - 2015-03-23 01:38 - 00000000 ____D C:\Users\Julio\AppData\Roaming\DAEMON Tools Lite
2017-04-19 20:39 - 2015-03-21 18:15 - 00000000 __RDO C:\Users\Julio\OneDrive
2017-04-19 20:39 - 2015-03-21 18:13 - 00000000 ____D C:\Users\Julio\AppData\Roaming\Adobe
2017-04-19 20:39 - 2014-10-29 01:38 - 00000000 ____D C:\Windows\ASUS
2017-04-19 20:39 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-04-19 20:39 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-04-19 20:39 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2017-04-19 20:39 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\security
2017-04-19 20:39 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\registration
2017-04-19 20:39 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\InputMethod
2017-04-19 20:39 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\IME
2017-04-19 20:39 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Help
2017-04-19 20:39 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\FileManager
2017-04-19 20:39 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-04-19 20:38 - 2016-11-28 23:35 - 00000000 ____D C:\Users\Julio\AppData\Local\The Witcher
2017-04-19 20:38 - 2016-06-20 23:21 - 00000000 ____D C:\Users\Julio\AppData\Local\Windows Live
2017-04-19 20:38 - 2016-01-30 02:47 - 00000000 ____D C:\Users\Julio\AppData\Local\Google
2017-04-19 20:38 - 2015-12-24 00:01 - 00000000 ____D C:\Users\Julio\AppData\Local\Thunderbird
2017-04-19 20:38 - 2015-09-03 21:14 - 00000000 ____D C:\Users\Julio\AppData\Local\Bluestacks
2017-04-19 20:38 - 2015-04-25 22:32 - 00000000 ____D C:\Users\Julio\AppData\Local\SKIDROW
2017-04-19 20:37 - 2015-11-15 05:49 - 00000000 __SHD C:\found.000
2017-04-19 20:37 - 2015-04-19 04:14 - 00000000 ___HD C:\$SysReset
2017-04-19 20:37 - 2015-04-09 22:50 - 00000000 ____D C:\Program Files\KMSpico
2017-04-19 20:37 - 2015-01-16 09:49 - 00000000 ____D C:\Program Files\Intel
2017-04-19 20:37 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2017-04-19 20:37 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-17 21:51 - 2017-03-09 02:45 - 00000000 ____D C:\Users\Julio\Desktop\Nova pasta (5)
2017-04-17 02:02 - 2017-03-12 23:05 - 14554768 _____ (Copyright 2017.) C:\Users\Julio\Downloads\Zemana.AntiMalware.Portable.exe
2017-04-17 00:42 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2017-04-17 00:42 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-17 00:42 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender

==================== Files in the root of some directories =======

2017-05-05 23:18 - 2017-05-06 00:46 - 0000132 _____ () C:\Users\Julio\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-02-12 02:34 - 2017-03-03 21:06 - 0000107 _____ () C:\Users\Julio\AppData\Roaming\Camdata.ini
2017-02-12 02:34 - 2017-03-03 21:06 - 0000408 _____ () C:\Users\Julio\AppData\Roaming\CamLayout.ini
2017-02-12 02:34 - 2017-03-03 21:06 - 0000408 _____ () C:\Users\Julio\AppData\Roaming\CamShapes.ini
2017-02-12 02:34 - 2017-03-03 21:06 - 0004522 _____ () C:\Users\Julio\AppData\Roaming\CamStudio.cfg
2017-02-20 23:13 - 2017-03-03 20:53 - 0000098 _____ () C:\Users\Julio\AppData\Roaming\CamStudio.Producer.command
2017-02-20 23:20 - 2017-03-03 20:53 - 0000000 _____ () C:\Users\Julio\AppData\Roaming\CamStudio.Producer.Data.ini
2017-02-20 23:20 - 2017-03-03 20:53 - 0001206 _____ () C:\Users\Julio\AppData\Roaming\CamStudio.Producer.ini
2016-03-27 20:52 - 2016-03-27 20:52 - 0005120 _____ () C:\Users\Julio\AppData\Roaming\GiftBag.db
2017-04-20 05:34 - 2017-05-16 22:18 - 0000035 _____ () C:\Users\Julio\AppData\Roaming\sp_data.sys
2015-03-24 02:26 - 2015-03-24 02:26 - 0011754 _____ () C:\Users\Julio\AppData\Local\Temp-log.txt
2016-10-24 01:49 - 2016-10-24 01:50 - 0065531 _____ () C:\ProgramData\1477270148.1036.bin
2016-10-24 01:49 - 2016-10-24 01:50 - 0018706 _____ () C:\ProgramData\1477270148.2352.bin
2016-10-24 01:49 - 2016-10-24 01:50 - 0051095 _____ () C:\ProgramData\1477270148.3024.bin
2016-10-24 01:49 - 2016-10-24 01:49 - 0004226 _____ () C:\ProgramData\1477270148.5140.bin
2016-10-24 01:49 - 2016-10-24 01:50 - 0010383 _____ () C:\ProgramData\1477270148.5184.bin
2015-01-16 09:54 - 2015-01-16 09:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-03-12 05:55 - 2017-03-12 05:55 - 0000016 _____ () C:\ProgramData\mntemp
2017-03-12 05:55 - 2017-03-12 05:55 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
2014-10-28 20:39 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-10-28 20:39 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-10-28 20:39 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-08 03:34

==================== End of FRST.txt ============================


Edited by hamluis, 17 May 2017 - 05:13 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:12 PM

Posted 19 May 2017 - 09:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\CurrentVersion\Windows: [Load] C:\Users\Julio\LOCALS~1\Temp\mssthv.cmd <===== ATTENTION
HKLM\...\Providers\eflqpi1k: C:\Program Files (x86)\Joseck Helper\local64spl.dll
IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
IFEO\taskmgr.exe: [Debugger]
ShellExecuteHooks: No Name - {2CD4F1CA-0597-11E7-9A3A-64006A5CFC35} -  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491365088&z=ee5d154aae7a4c05288cb05gbz7tcgecdq3w4eamfq&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491365088&z=ee5d154aae7a4c05288cb05gbz7tcgecdq3w4eamfq&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/23&l=1&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491365088&z=ee5d154aae7a4c05288cb05gbz7tcgecdq3w4eamfq&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10281__160416__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
Handler: WSWSVCUchrome - No CLSID Value
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
FF ProfilePath: C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\4g869r0k.default-1447441869471\Profiles\4g869r0k.default-1447441869471 [not found]
FF ProfilePath: C:\Users\Julio\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\4g869r0k.default-1447441869471\Profiles\4g869r0k.default-1447441869471 [not found]
FF Homepage: Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567 -> about:home
FF Extension: (UploadCC: Screen Capture Tool (Share or Save)) - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\{c792c738-394d-40e2-ab49-2bf457a32c3f}.xpi [2017-04-20]
FF Extension: (FF Adr) - C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-05-17] [not signed]
FF Extension: (UploadCC: Screen Capture Tool (Share or Save)) - C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\{c792c738-394d-40e2-ab49-2bf457a32c3f}.xpi [2017-04-20]
FF SearchPlugin: C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\searchplugins\ourluckysites.xml [2017-05-17]
FF SearchPlugin: C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\searchplugins\startsearch.xml [2017-05-17]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\gxqcts2t.default-1429325320689\extensions\searchengine@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\3mfodqp8.default\extensions\istart_ffnt@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\3mfodqp8.default\extensions\fftoolbar2014@etech.com => not found
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\gxqcts2t.default-1429325320689\extensions\quick_searchff@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\gxqcts2t.default-1429325320689\extensions\sweetsearch@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} => not found
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Hipmy\Application\chrome.exe <==== ATTENTION
R2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-17] (BIT) [File not signed] <==== ATTENTION
R2 CWASRE; C:\Users\Julio\AppData\Local\CWASRE\Snare.dll [828416 2017-05-17] (IntertSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [101016 2017-05-17] () <==== ATTENTION
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
R2 swpvr; C:\ProgramData\Microsoft\Software\Shadow\Provider.dll [122880 2017-05-17] (TODO: <Company name>) [File not signed]
R2 WindowsAppSvc; C:\ProgramData\Microsoft\Apps\common\helper.dll [117248 2017-05-08] () [File not signed]
R2 WinSAPSvc; C:\Users\Julio\AppData\Roaming\WinSAPSvc\WinSAP.dll [1873920 2017-05-17] (TODO:  <???>) [File not signed] <==== ATTENTION
S2 ANSARE; C:\Users\Julio\AppData\Local\ANSARE\Snare.dll [X]
S2 ed2kidle; "C:\Program Files (x86)\amulell\ed2k.exe" -downloadwhenidle [X]
S2 NPASRE; C:\Users\Julio\AppData\Local\NPASRE\Snare.dll [X]
S2 VNASRE; C:\Users\Julio\AppData\Local\VNASRE\Snare.dll [X]
S2 WANARE; C:\Users\Julio\AppData\Local\WANARE\Snare.dll [X]
S2 WinSnare; C:\Users\Julio\AppData\Roaming\WINSNARE\WinSnare.dll [X]
R3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2015-04-09] (Basil Projects)
U0 aswVmm; no ImagePath
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== ATTENTION
U0 msahci; system32\drivers\msahci.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\softaal64.sys [X]
S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys [X]
S3 \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; \SystemRoot\system32\DRIVERS\vmnetbridge.sys [X]
S2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S1 xjdjyont; \??\C:\Windows\system32\drivers\xjdjyont.sys [X]
C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
C:\Users\Julio\LOCALS~1\Temp\mssthv.cmd
C:\Program Files (x86)\Joseck Helper
C:\ProgramData\BIT
C:\Users\Julio\AppData\Local\CWASRE
C:\Program Files\KMSpico
C:\ProgramData\Microsoft\Software\Shadow\Provider.dll
C:\ProgramData\Microsoft\Apps\common\helper.dll
C:\Users\Julio\AppData\Roaming\WinSAPSvc

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Please run the Farbar tool again and post the FRST log.
Include for my review the Addition.txt log that was created by the tool.
---

Please let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:12 PM

Posted 25 May 2017 - 07:50 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 JulioAlvaro

JulioAlvaro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 28 May 2017 - 12:32 PM

Sorry for the late in the feedback. I have been busy.
I´ve done the fix but it caused me a lot of problems (lost internet connection, some programs stop working - Photoshop, for example, several system error messages and OS running very slow) so i have to make a system restore that was not full complete as a couple files could not be recovered.
The Jerjers folder appeared again and now i have 2 system error messages poping up every ten minutes. Thanks in advance.

FIX LOG:

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by Julio (27-05-2017 23:50:23) Run:1
Running from C:\Users\Julio\Desktop\Nova pasta (6)
Loaded Profiles: Julio (Available Profiles: Julio)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\CurrentVersion\Windows: [Load] C:\Users\Julio\LOCALS~1\Temp\mssthv.cmd <===== ATTENTION
HKLM\...\Providers\eflqpi1k: C:\Program Files (x86)\Joseck Helper\local64spl.dll
IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
IFEO\taskmgr.exe: [Debugger]
ShellExecuteHooks: No Name - {2CD4F1CA-0597-11E7-9A3A-64006A5CFC35} -  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491365088&z=ee5d154aae7a4c05288cb05gbz7tcgecdq3w4eamfq&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491365088&z=ee5d154aae7a4c05288cb05gbz7tcgecdq3w4eamfq&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchfix.info/?unqvl=63&idate=2015/03/23&l=1&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491365088&z=ee5d154aae7a4c05288cb05gbz7tcgecdq3w4eamfq&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10281__160416__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
Handler: WSWSVCUchrome - No CLSID Value
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
FF ProfilePath: C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\4g869r0k.default-1447441869471\Profiles\4g869r0k.default-1447441869471 [not found]
FF ProfilePath: C:\Users\Julio\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\4g869r0k.default-1447441869471\Profiles\4g869r0k.default-1447441869471 [not found]
FF Homepage: Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567 -> about:home
FF Extension: (UploadCC: Screen Capture Tool (Share or Save)) - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\{c792c738-394d-40e2-ab49-2bf457a32c3f}.xpi [2017-04-20]
FF Extension: (FF Adr) - C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-05-17] [not signed]
FF Extension: (UploadCC: Screen Capture Tool (Share or Save)) - C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\{c792c738-394d-40e2-ab49-2bf457a32c3f}.xpi [2017-04-20]
FF SearchPlugin: C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\searchplugins\ourluckysites.xml [2017-05-17]
FF SearchPlugin: C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\searchplugins\startsearch.xml [2017-05-17]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\gxqcts2t.default-1429325320689\extensions\searchengine@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\3mfodqp8.default\extensions\istart_ffnt@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\3mfodqp8.default\extensions\fftoolbar2014@etech.com => not found
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\gxqcts2t.default-1429325320689\extensions\quick_searchff@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\gxqcts2t.default-1429325320689\extensions\sweetsearch@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} => not found
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495010820&z=18e22316c734ab2a1466347g2z1tbw0e0g0e9b4g7t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32XJ9FFC08081
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Hipmy\Application\chrome.exe <==== ATTENTION
R2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-17] (BIT) [File not signed] <==== ATTENTION
R2 CWASRE; C:\Users\Julio\AppData\Local\CWASRE\Snare.dll [828416 2017-05-17] (IntertSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [101016 2017-05-17] () <==== ATTENTION
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
R2 swpvr; C:\ProgramData\Microsoft\Software\Shadow\Provider.dll [122880 2017-05-17] (TODO: <Company name>) [File not signed]
R2 WindowsAppSvc; C:\ProgramData\Microsoft\Apps\common\helper.dll [117248 2017-05-08] () [File not signed]
R2 WinSAPSvc; C:\Users\Julio\AppData\Roaming\WinSAPSvc\WinSAP.dll [1873920 2017-05-17] (TODO:  <???>) [File not signed] <==== ATTENTION
S2 ANSARE; C:\Users\Julio\AppData\Local\ANSARE\Snare.dll [X]
S2 ed2kidle; "C:\Program Files (x86)\amulell\ed2k.exe" -downloadwhenidle [X]
S2 NPASRE; C:\Users\Julio\AppData\Local\NPASRE\Snare.dll [X]
S2 VNASRE; C:\Users\Julio\AppData\Local\VNASRE\Snare.dll [X]
S2 WANARE; C:\Users\Julio\AppData\Local\WANARE\Snare.dll [X]
S2 WinSnare; C:\Users\Julio\AppData\Roaming\WINSNARE\WinSnare.dll [X]
R3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2015-04-09] (Basil Projects)
U0 aswVmm; no ImagePath
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== ATTENTION
U0 msahci; system32\drivers\msahci.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\softaal64.sys [X]
S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys [X]
S3 \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; \SystemRoot\system32\DRIVERS\vmnetbridge.sys [X]
S2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S1 xjdjyont; \??\C:\Windows\system32\drivers\xjdjyont.sys [X]
C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
C:\Users\Julio\LOCALS~1\Temp\mssthv.cmd
C:\Program Files (x86)\Joseck Helper
C:\ProgramData\BIT
C:\Users\Julio\AppData\Local\CWASRE
C:\Program Files\KMSpico
C:\ProgramData\Microsoft\Software\Shadow\Provider.dll
C:\ProgramData\Microsoft\Apps\common\helper.dll
C:\Users\Julio\AppData\Roaming\WinSAPSvc

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value removed successfully
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\eflqpi1k => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\\order eflqpi1k => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GoogleUpdate.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GoogleUpdaterService.exe => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{2CD4F1CA-0597-11E7-9A3A-64006A5CFC35} => value removed successfully
HKCR\CLSID\{2CD4F1CA-0597-11E7-9A3A-64006A5CFC35} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key removed successfully
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key removed successfully
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => key removed successfully
HKCR\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => key not found.
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key removed successfully
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKCR\PROTOCOLS\Handler\WSWSVCUchrome => key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\4g869r0k.default-1447441869471\Profiles\4g869r0k.default-1447441869471 => path removed successfully
Firefox "homepage" removed successfully
C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\{c792c738-394d-40e2-ab49-2bf457a32c3f}.xpi => moved successfully
C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi => not found.
C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\{c792c738-394d-40e2-ab49-2bf457a32c3f}.xpi => not found.
"C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\searchplugins\ourluckysites.xml" => not found.
"C:\Users\Julio\AppData\Roaming\Firefox\Firefox\Profiles\ym0qno8f.default-1489352470567\searchplugins\startsearch.xml" => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\searchengine@gmail.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\istart_ffnt@gmail.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\quick_searchff@gmail.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sweetsearch@gmail.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} => value removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => value restored successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML => key removed successfully
HKLM\System\CurrentControlSet\Services\BIT => key removed successfully
BIT => service removed successfully
HKLM\System\CurrentControlSet\Services\CWASRE => key removed successfully
CWASRE => service removed successfully
FirefoxU => service not found.
HKLM\System\CurrentControlSet\Services\Service KMSELDI => key removed successfully
Service KMSELDI => service removed successfully
swpvr => service not found.
HKLM\System\CurrentControlSet\Services\WindowsAppSvc => key removed successfully
WindowsAppSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\WinSAPSvc => key removed successfully
WinSAPSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\ANSARE => key removed successfully
ANSARE => service removed successfully
HKLM\System\CurrentControlSet\Services\ed2kidle => key removed successfully
ed2kidle => service removed successfully
HKLM\System\CurrentControlSet\Services\NPASRE => key removed successfully
NPASRE => service removed successfully
HKLM\System\CurrentControlSet\Services\VNASRE => key removed successfully
VNASRE => service removed successfully
HKLM\System\CurrentControlSet\Services\WANARE => key removed successfully
WANARE => service removed successfully
HKLM\System\CurrentControlSet\Services\WinSnare => key removed successfully
WinSnare => service removed successfully
WinDivert1.1 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\WinDivert1.1 => key removed successfully
WinDivert1.1 => service removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
HKLM\System\CurrentControlSet\Services\iSafeKrnlMon => key removed successfully
iSafeKrnlMon => service removed successfully
HKLM\System\CurrentControlSet\Services\msahci => key removed successfully
msahci => service removed successfully
HKLM\System\CurrentControlSet\Services\QMUdisk => key removed successfully
QMUdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\softaal => key removed successfully
softaal => service removed successfully
HKLM\System\CurrentControlSet\Services\SRepairDrv => key removed successfully
SRepairDrv => service removed successfully
HKLM\System\CurrentControlSet\Services\tsnethlpx64 => key removed successfully
tsnethlpx64 => service removed successfully
S3 \SystemRoot\System32\drivers\vmci.sys [X] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\VMnetAdapter => key removed successfully
VMnetAdapter => service removed successfully
HKLM\System\CurrentControlSet\Services\VMnetBridge => key removed successfully
VMnetBridge => service removed successfully
HKLM\System\CurrentControlSet\Services\VMnetuserif => key removed successfully
VMnetuserif => service removed successfully
HKLM\System\CurrentControlSet\Services\X6va029 => key removed successfully
X6va029 => service removed successfully
HKLM\System\CurrentControlSet\Services\xjdjyont => key removed successfully
xjdjyont => service removed successfully
"C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe" => not found.
"C:\Users\Julio\LOCALS~1\Temp\mssthv.cmd" => not found.
"C:\Program Files (x86)\Joseck Helper" => not found.
C:\ProgramData\BIT => moved successfully
"C:\Users\Julio\AppData\Local\CWASRE" => not found.
C:\Program Files\KMSpico => moved successfully
"C:\ProgramData\Microsoft\Software\Shadow\Provider.dll" => not found.
C:\ProgramData\Microsoft\Apps\common\helper.dll => moved successfully
C:\Users\Julio\AppData\Roaming\WinSAPSvc => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43263960 B
Java, Flash, Steam htmlcache => 104743596 B
Windows/system/drivers => 9963702 B
Edge => 0 B
Chrome => 0 B
Firefox => 795023342 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 27260 B
NetworkService => 13361152 B
Julio => 619629383 B

RecycleBin => 22594369 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:55:38 ====

 

 

 

 

NEW SCAN:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
Ran by Julio (administrator) on JULIOALVARO (28-05-2017 18:22:47)
Running from C:\Users\Julio\Desktop\Nova pasta (6)
Loaded Profiles: Julio (Available Profiles: Julio)
Platform: Windows 8.1 (Update) (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(eRmail Company, s. r. o.) C:\Users\Julio\AppData\Roaming\eRclient\eRclient.exe
(AVAST Software) C:\Users\Julio\AppData\Local\background_fault\aswRD.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [132223576 2017-05-24] (Microsoft Corporation)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-20] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-05-03] (Panda Security, S.L.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-05] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1477392 2016-04-16] (Lavasoft)
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\Run: [eRclient] => C:\Users\Julio\AppData\Roaming\eRclient\eRclient.exe [1269248 2014-10-15] (eRmail Company, s. r. o.)
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\Run: [background_fault] => C:\Users\Julio\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-27] (AVAST Software) <===== ATTENTION
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-16] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-16] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-16] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-16] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-16] (Lavasoft Limited)
Hosts: 127.0.0.1 idnet.ua-corp.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1D628642-A1E9-401E-9DE1-5F0948C9C448}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{1EA25BC1-10B1-4986-8210-9F130AF5A6D3}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler: WSWSVCUchrome - No CLSID Value

FireFox:
========
FF ProfilePath: C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567 [2017-05-28]
FF Extension: (United States English Spellchecker) - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\en-US@dictionaries.addons.mozilla.org [2017-03-15]
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\es-es@dictionaries.addons.mozilla.org [2017-04-29]
FF Extension: (ClixAddon) - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\jid1-wKRSK9TpFpr9Hw@jetpack.xpi [2017-05-09]
FF Extension: (Video DownloadHelper) - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09]
FF Extension: (Adblock Plus) - C:\Users\Julio\AppData\Roaming\Mozilla\Firefox\Profiles\ym0qno8f.default-1489352470567\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-25]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-11] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-11] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2092581931-4276195263-200352700-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Julio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 3DM; C:\Users\Julio\AppData\Local\3DM\Kitty.dll [754688 2017-04-19] (kitty.exe) [File not signed] <==== ATTENTION
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AppleSrv; C:\ProgramData\Apple\Apple Application\DeviceCfg.dll [118784 2017-03-15] () [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-04-25] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-04-25] (ASUSTeK Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-04-16] (Lavasoft Limited) [File not signed]
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-05-16] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-05-03] (Panda Security, S.L.)
R2 OneDirveSrv; C:\ProgramData\Microsoft OneDrive\setup\SyncTool.dll [129024 2017-05-10] () [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-05-03] (Panda Security, S.L.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 terana; C:\Users\Julio\AppData\Local\terana\terana.dll [908288 2017-05-27] (IntertSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-04-16] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 CSHMDR; C:\Users\Julio\AppData\Local\CSHMDR\Snare.dll [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-04-25] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2016-11-28] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-03-23] (Disc Soft Ltd)
S3 fwdrv; C:\Windows\system32\DRIVERS\fwdrv.sys [27840 2014-03-22] (Web Solution Mart)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 LgBttPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\drivers\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\system32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2016-11-28] ()
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49272 2014-12-29] (Visicom Media Inc.)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-28] (Intel Corporation)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (Visicom Media Inc.)
R2 memudrv; D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201464 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [85712 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [177424 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [264976 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-12-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [171792 2016-02-16] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [127248 2016-02-16] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205072 2016-02-16] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2016-02-16] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2016-02-23] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2016-02-16] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-12] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-12] (Zemana Ltd.)
U2 snare; no ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-28 01:09 - 2017-05-28 07:22 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3B2D2E9D-ADEA-442C-BF22-359ECCA0B05C}
2017-05-28 00:26 - 2015-05-22 09:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-05-27 22:55 - 2017-05-28 02:17 - 00000000 ____D C:\Users\Julio\AppData\Local\Last_Man
2017-05-27 22:52 - 2017-05-27 22:52 - 00000726 _____ C:\Users\Julio\Desktop\Last Man.lnk
2017-05-27 22:49 - 2017-05-27 22:49 - 00000000 ____D C:\Games
2017-05-27 18:51 - 2017-05-27 18:51 - 00000000 ____D C:\Users\Julio\AppData\Local\terana
2017-05-27 18:51 - 2017-05-27 18:51 - 00000000 ____D C:\Users\Julio\AppData\Local\background_fault
2017-05-25 00:57 - 2017-05-25 00:57 - 00003166 _____ C:\Windows\System32\Tasks\klcp_update
2017-05-25 00:57 - 2017-05-25 00:57 - 00000000 ____D C:\Users\Julio\AppData\Roaming\MPC-HC
2017-05-25 00:53 - 2017-05-25 00:54 - 43807219 _____ (KLCP ) C:\Users\Julio\Downloads\k-lite-mega-codec-pack-12-9-0.exe
2017-05-24 19:04 - 2017-05-24 19:04 - 00000000 ____D C:\Users\Julio\AppData\Local\Setleaf
2017-05-24 19:03 - 2017-05-24 19:03 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-24 05:11 - 2017-05-28 00:51 - 00000000 _____ C:\Windows\SysWOW64\1
2017-05-23 01:58 - 2017-05-28 02:18 - 00000000 ____D C:\Users\Julio\AppData\LocalLow\Mozilla
2017-05-22 00:32 - 2017-05-22 02:44 - 486462952 _____ C:\Users\Julio\Downloads\Daredevil.S02E09.TopTvShows.Net.avi
2017-05-22 00:31 - 2017-05-22 02:07 - 356327885 _____ C:\Users\Julio\Downloads\Daredevil.S02E08.TopTvShows.Net.avi
2017-05-17 22:36 - 2017-05-28 18:22 - 00000000 ____D C:\Users\Julio\Desktop\Nova pasta (6)
2017-05-17 22:36 - 2017-05-28 18:22 - 00000000 ____D C:\FRST
2017-05-17 10:09 - 2017-05-17 10:09 - 00000000 ____D C:\Users\Julio\AppData\Local\Hotleaf
2017-05-16 18:28 - 2017-05-27 18:51 - 00003588 _____ C:\Windows\System32\Tasks\Milimili
2017-05-13 18:57 - 2017-05-13 18:57 - 00003912 _____ C:\Windows\System32\Tasks\Update Checker
2017-05-13 01:17 - 2017-05-26 20:47 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2092581931-4276195263-200352700-1001
2017-05-12 19:04 - 2017-04-28 23:44 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-12 19:04 - 2017-04-28 23:44 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-11 19:52 - 2017-05-11 19:52 - 00000000 _____ C:\Windows\SysWOW64\3333333
2017-05-11 19:50 - 2017-05-11 19:50 - 00000000 _____ C:\Windows\SysWOW64\00
2017-05-10 00:50 - 2017-03-30 14:15 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-05-10 00:50 - 2017-03-30 14:15 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-05-10 00:50 - 2017-03-30 14:15 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-05-10 00:50 - 2017-03-30 14:15 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-05-09 22:32 - 2017-05-09 22:32 - 00000800 _____ C:\Users\Julio\Desktop\Start Tor Browser.lnk
2017-05-09 22:31 - 2017-05-09 22:32 - 00000000 ____D C:\Users\Julio\Desktop\Tor Browser
2017-05-09 20:43 - 2017-04-16 11:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-05-09 20:43 - 2017-04-16 10:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-05-09 20:43 - 2017-04-16 09:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-09 20:43 - 2017-04-16 08:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-09 20:43 - 2017-04-16 08:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-09 20:43 - 2017-04-16 07:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-09 20:42 - 2017-04-28 22:15 - 07444824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-09 20:42 - 2017-04-26 15:06 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-09 20:42 - 2017-04-16 11:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-09 20:42 - 2017-04-16 11:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-09 20:42 - 2017-04-16 11:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-09 20:42 - 2017-04-16 11:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-09 20:42 - 2017-04-16 10:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-09 20:42 - 2017-04-16 10:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-09 20:42 - 2017-04-16 10:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-09 20:42 - 2017-04-16 09:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-09 20:42 - 2017-04-16 09:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-09 20:42 - 2017-04-16 09:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-09 20:42 - 2017-04-16 09:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-09 20:42 - 2017-04-16 09:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-09 20:42 - 2017-04-16 09:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-09 20:42 - 2017-04-16 09:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-09 20:42 - 2017-04-16 09:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-09 20:42 - 2017-04-16 09:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-09 20:42 - 2017-04-16 09:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-09 20:42 - 2017-04-16 09:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-09 20:42 - 2017-04-16 09:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-09 20:42 - 2017-04-16 09:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-09 20:42 - 2017-04-16 08:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-09 20:42 - 2017-04-16 08:52 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-09 20:42 - 2017-04-16 08:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-09 20:42 - 2017-04-16 08:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-09 20:42 - 2017-04-16 08:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-09 20:42 - 2017-04-16 08:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-09 20:42 - 2017-04-16 08:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-09 20:42 - 2017-04-16 08:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-09 20:42 - 2017-04-16 08:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-09 20:42 - 2017-04-16 08:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-09 20:42 - 2017-04-16 08:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-09 20:42 - 2017-04-16 08:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-09 20:42 - 2017-04-16 08:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-09 20:42 - 2017-04-16 08:17 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-09 20:42 - 2017-04-16 08:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-09 20:42 - 2017-04-16 08:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-09 20:42 - 2017-04-16 08:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-09 20:42 - 2017-04-16 08:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-09 20:42 - 2017-04-16 08:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-09 20:42 - 2017-04-16 08:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-09 20:42 - 2017-04-16 08:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-05-09 20:42 - 2017-04-16 07:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-09 20:42 - 2017-04-16 07:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-09 20:42 - 2017-04-16 07:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-09 20:42 - 2017-04-16 07:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-09 20:42 - 2017-04-16 07:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-09 20:42 - 2017-04-09 23:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-09 20:42 - 2017-04-09 23:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-09 20:42 - 2017-04-08 00:20 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-09 20:42 - 2017-04-07 14:56 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-09 20:42 - 2017-04-02 17:41 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-09 20:42 - 2017-04-02 17:41 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-09 20:42 - 2017-04-01 00:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-09 20:42 - 2017-03-31 22:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-09 20:42 - 2017-03-13 17:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-05-09 20:42 - 2017-03-13 17:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-09 20:42 - 2017-03-13 17:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-09 20:42 - 2017-03-13 17:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-05-09 20:42 - 2017-03-13 17:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-09 20:42 - 2017-03-13 17:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-09 20:42 - 2017-03-11 20:34 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-09 20:42 - 2017-03-11 20:32 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-09 20:42 - 2017-03-11 20:32 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-09 20:42 - 2017-03-11 19:49 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-09 20:42 - 2017-03-11 18:58 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-09 20:42 - 2017-03-11 18:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-09 20:42 - 2017-03-11 00:38 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-05-09 20:42 - 2017-03-11 00:38 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-05-09 20:42 - 2017-03-09 21:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-05-09 20:42 - 2017-03-09 20:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-05-09 20:42 - 2017-03-08 03:44 - 00448285 _____ C:\Windows\system32\ApnDatabase.xml
2017-05-09 18:58 - 2017-05-24 19:03 - 00000000 _____ C:\Windows\SysWOW64\1111
2017-05-05 23:18 - 2017-05-06 00:46 - 00000132 _____ C:\Users\Julio\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-05-05 18:49 - 2017-05-28 12:00 - 00003480 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2017-05-03 22:55 - 2017-05-23 01:53 - 00000000 ____D C:\Users\Julio\AppData\Roaming\SmartSteamEmu
2017-05-03 22:55 - 2017-05-03 23:15 - 00000000 ____D C:\Users\Julio\Documents\RPGVXAce
2017-05-03 22:54 - 2017-05-03 22:54 - 00001904 _____ C:\Users\Julio\Desktop\RPG Maker AIO Launcher.lnk
2017-05-03 22:54 - 2017-05-03 22:54 - 00000000 ____D C:\Users\Julio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPG Maker AIO
2017-05-03 22:47 - 2017-05-03 22:47 - 00000000 ____D C:\Program Files (x86)\RPG Maker AIO
2017-05-03 22:08 - 2017-05-03 22:08 - 00000000 ____D C:\Users\Julio\Documents\Games
2017-05-03 19:51 - 2017-05-03 22:45 - 00000000 ____D C:\Users\Julio\Desktop\Nova pasta (4)
2017-05-03 19:03 - 2017-05-11 19:51 - 00000000 _____ C:\Windows\SysWOW64\1111111
2017-04-30 00:54 - 2017-04-30 00:54 - 00000000 ____D C:\Users\Julio\AppData\Local\Microsoft Help

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-28 18:23 - 2017-03-12 23:33 - 00735519 _____ C:\Windows\ZAM.krnl.trace
2017-05-28 18:23 - 2017-03-12 23:33 - 00731531 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-05-28 17:55 - 2015-10-09 01:45 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-05-28 12:00 - 2016-09-29 18:57 - 00003470 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2017-05-28 02:47 - 2015-03-21 20:12 - 00000000 ____D C:\Users\Julio\AppData\Local\Adobe
2017-05-28 01:42 - 2017-04-20 05:34 - 00000035 _____ C:\Users\Julio\AppData\Roaming\sp_data.sys
2017-05-28 00:54 - 2014-10-29 02:09 - 00788756 _____ C:\Windows\system32\prfh0816.dat
2017-05-28 00:54 - 2014-10-29 02:09 - 00163828 _____ C:\Windows\system32\prfc0816.dat
2017-05-28 00:54 - 2014-03-18 16:26 - 01816356 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-28 00:54 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-05-28 00:52 - 2017-03-14 20:07 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-05-28 00:49 - 2015-10-09 01:45 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-05-28 00:49 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-28 00:46 - 2015-12-04 00:29 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-05-28 00:46 - 2015-03-21 18:12 - 00000000 ____D C:\Users\Julio
2017-05-28 00:36 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\registration
2017-05-27 23:58 - 2016-03-29 22:47 - 00000008 __RSH C:\Users\Julio\ntuser.pol
2017-05-27 23:55 - 2015-10-09 01:45 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-27 23:51 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\GroupPolicy
2017-05-27 22:56 - 2017-04-08 01:14 - 00000000 ____D C:\Users\Julio\Desktop\Nova pasta
2017-05-27 22:41 - 2015-03-25 21:16 - 21730816 ___SH C:\Users\Julio\Desktop\Thumbs.db
2017-05-27 00:27 - 2017-01-13 03:27 - 00000000 ____D C:\Users\Julio\Desktop\imagens
2017-05-27 00:14 - 2015-10-23 20:48 - 00000000 ____D C:\Users\Julio\AppData\LocalLow\Adobe
2017-05-26 04:50 - 2017-03-06 23:17 - 00000000 ____D C:\Users\Julio\Desktop\Fotos antigas de cerveira
2017-05-26 04:50 - 2017-01-17 01:27 - 00000000 ____D C:\Users\Julio\Desktop\Nova pasta (2)
2017-05-26 03:49 - 2017-03-14 20:02 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-05-26 02:04 - 2017-03-09 02:45 - 00000000 ____D C:\Users\Julio\Desktop\Nova pasta (5)
2017-05-25 00:56 - 2015-03-23 22:54 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2017-05-24 05:10 - 2015-03-24 00:00 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-23 02:33 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2017-05-23 02:06 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2017-05-23 01:58 - 2015-03-21 20:05 - 00000000 ____D C:\Users\Julio\AppData\Roaming\Mozilla
2017-05-23 01:54 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-18 18:57 - 2017-03-14 21:46 - 00001470 _____ C:\Users\Julio\Desktop\firefox.exe - Atalho.lnk
2017-05-17 09:47 - 2015-12-05 02:07 - 00001831 _____ C:\Users\Public\Desktop\Borderlands The Pre-Sequel.lnk
2017-05-17 09:47 - 2015-03-21 18:13 - 00001605 _____ C:\Users\Julio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-13 01:00 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-12 19:01 - 2013-08-22 15:44 - 05110720 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-12 18:59 - 2016-11-17 20:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-12 18:59 - 2015-03-21 20:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-12 18:58 - 2015-03-23 00:59 - 00000000 ____D C:\Users\Julio\AppData\Roaming\uTorrent
2017-05-12 03:17 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-11 19:50 - 2017-04-20 18:41 - 00000000 _____ C:\Windows\SysWOW64\11
2017-05-11 03:08 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2017-05-11 01:25 - 2015-03-21 20:13 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-11 01:25 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-10 01:15 - 2015-03-24 00:00 - 00000000 ____D C:\Windows\system32\MRT
2017-05-10 01:07 - 2013-08-22 14:25 - 00000199 _____ C:\Windows\win.ini
2017-05-09 22:32 - 2015-12-16 03:36 - 00000848 _____ C:\Users\Julio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-05-05 02:20 - 2017-04-03 02:32 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-03 01:41 - 2015-03-21 18:13 - 00000000 ____D C:\Users\Julio\AppData\Local\Packages

==================== Files in the root of some directories =======

2017-05-05 23:18 - 2017-05-06 00:46 - 0000132 _____ () C:\Users\Julio\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-02-12 02:34 - 2017-03-03 21:06 - 0000107 _____ () C:\Users\Julio\AppData\Roaming\Camdata.ini
2017-02-12 02:34 - 2017-03-03 21:06 - 0000408 _____ () C:\Users\Julio\AppData\Roaming\CamLayout.ini
2017-02-12 02:34 - 2017-03-03 21:06 - 0000408 _____ () C:\Users\Julio\AppData\Roaming\CamShapes.ini
2017-02-12 02:34 - 2017-03-03 21:06 - 0004522 _____ () C:\Users\Julio\AppData\Roaming\CamStudio.cfg
2017-02-20 23:13 - 2017-03-03 20:53 - 0000098 _____ () C:\Users\Julio\AppData\Roaming\CamStudio.Producer.command
2017-02-20 23:20 - 2017-03-03 20:53 - 0000000 _____ () C:\Users\Julio\AppData\Roaming\CamStudio.Producer.Data.ini
2017-02-20 23:20 - 2017-03-03 20:53 - 0001206 _____ () C:\Users\Julio\AppData\Roaming\CamStudio.Producer.ini
2016-03-27 20:52 - 2016-03-27 20:52 - 0005120 _____ () C:\Users\Julio\AppData\Roaming\GiftBag.db
2017-04-20 05:34 - 2017-05-28 01:42 - 0000035 _____ () C:\Users\Julio\AppData\Roaming\sp_data.sys
2015-03-24 02:26 - 2015-03-24 02:26 - 0011754 _____ () C:\Users\Julio\AppData\Local\Temp-log.txt
2016-10-24 01:49 - 2016-10-24 01:50 - 0065531 _____ () C:\ProgramData\1477270148.1036.bin
2016-10-24 01:49 - 2016-10-24 01:50 - 0018706 _____ () C:\ProgramData\1477270148.2352.bin
2016-10-24 01:49 - 2016-10-24 01:50 - 0051095 _____ () C:\ProgramData\1477270148.3024.bin
2016-10-24 01:49 - 2016-10-24 01:49 - 0004226 _____ () C:\ProgramData\1477270148.5140.bin
2016-10-24 01:49 - 2016-10-24 01:50 - 0010383 _____ () C:\ProgramData\1477270148.5184.bin
2015-01-16 09:54 - 2015-01-16 09:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-03-12 05:55 - 2017-03-12 05:55 - 0000016 _____ () C:\ProgramData\mntemp
2017-03-12 05:55 - 2017-03-12 05:55 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
2014-10-28 20:39 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-10-28 20:39 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-10-28 20:39 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\Users\Julio\AppData\Local\background_fault\aswRD.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-28 04:48

==================== End of FRST.txt ============================

 

 

 

 

 

SYSTEM ERRORS:

QQLme.exe system error: libcef.dll missing
QQLme.exe system error: SQLITE3.dll missing



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:12 PM

Posted 28 May 2017 - 01:15 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVAST Software) C:\Users\Julio\AppData\Local\background_fault\aswRD.exe
HKU\S-1-5-21-2092581931-4276195263-200352700-1001\...\Run: [background_fault] => C:\Users\Julio\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-27] (AVAST Software) <===== ATTENTION
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2092581931-4276195263-200352700-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
Handler: WSWSVCUchrome - No CLSID Value
FF Plugin HKU\S-1-5-21-2092581931-4276195263-200352700-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Julio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
R2 AppleSrv; C:\ProgramData\Apple\Apple Application\DeviceCfg.dll [118784 2017-03-15] () [File not signed]
S2 terana; C:\Users\Julio\AppData\Local\terana\terana.dll [908288 2017-05-27] (IntertSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S2 CSHMDR; C:\Users\Julio\AppData\Local\CSHMDR\Snare.dll [X] <==== ATTENTION
U2 snare; no ImagePath
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
C:\Users\Julio\AppData\Local\background_fault
C:\Users\Julio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
C:\ProgramData\Apple\Apple Application\DeviceCfg.dll
C:\Users\Julio\AppData\Local\terana
C:\Users\Julio\AppData\Local\CSHMDR

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know if the error are persisting.

Include for my review the Addition.txt files that Farbar has created.

#6 JulioAlvaro

JulioAlvaro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 29 May 2017 - 01:54 PM

After looking at your fix txt files i was able to identify and manually delete malware files and reg files. After some fix it looks more stable now.
About the main problem, the Jerjers malware i still have to wait a couple days to confirm (all files were removed but...) as it appears from times to times and it may take some days until it shows up again. So right now i cannot confirm total remove of this malware.

Thanks for your help and if the problem persist (i can only tell it in a few days) i will ask to reopen this thread. Best regards



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:12 PM

Posted 30 May 2017 - 07:11 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#8 JulioAlvaro

JulioAlvaro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 01 June 2017 - 12:44 PM

Sorry, problem not solved... after the fix and Malwarebytes, Jerjers folder appeared again with fake shortcuts in desktop (2 games shortcuts) and browser hijacking...



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:12 PM

Posted 02 June 2017 - 07:03 AM


If not already done please run the Fix I previously suggested.
Post the Fixlog.txt for my review.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===


If the problem persists, run these tools.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===


--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users