Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Onclick, right coupon and maybe luckysearchs, redirected links


  • This topic is locked This topic is locked
2 replies to this topic

#1 C0mmandos

C0mmandos

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 22 May 2017 - 02:40 PM

Hello members of community.

 

Everything started when I found my computer infected with luckysearches, because that name used to blink on the address bar of Chrome. I folowed any tutorial related I found, each one at time, and I started with those here in bleeping computer.

 

After finding my computer infected everytime I started to search by myself and I started to erase folders like "Everness" and a fake Firefox (that I didn't install) I discovered a file used by a process named UFirefox (or Update Firefox), I stopped the process, erased maybe 6 folders from Program Files, removed any shortcut with traces and searched about these programs and folders at the registry.

 

The result was that I thought that I was free of that thing. To finish I used Bitdefender Recovery disc, and made a deep search while booted in its linux environment.

 

For my surprise, today I starded to see that onclick ads blinking on my address bar, and sometimes, redirecting the links I clicked bringing me to pages I never saw. I started again to search, and about it, and how every tutorial said to use the same programs I already did, and my computer started to show rightcoupon pop ups, and worst, started to open porn555 sites, which can cause me a lot of troubles, I decided to ask your help.

 

Here follow the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by Amauricio (administrator) on SISTEMAS (22-05-2017 16:06:27)
Running from C:\Users\Amauricio\Downloads
Loaded Profiles: Amauricio (Available Profiles: Amauricio & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Platform: Windows 8.1 Pro (Update) (X64) Language: Inglês (Estados Unidos)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Serasa Experian) C:\Program Files (x86)\Serasa Experian\Service\SerasaUpdate.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos System Protection\ssp.exe
(Pranas.NET) C:\Program Files (x86)\Pranas.NET\SQLBackupAndFTP\SbfService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Next Tecnologia\Gin5\Next Integrador\NIClienteEXE.exe
(NextSoft) C:\Program Files (x86)\NextSoft\NextLiveUpdater\Gin5Updater.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_131\bin\jp2launcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [25600 2013-03-04] (A.E.T. Europe B.V.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1480168 2017-01-31] (Sophos Limited)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-2337362025-3021461758-2314052629-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-2337362025-3021461758-2314052629-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2337362025-3021461758-2314052629-1001\...\RunOnce: [Uninstall C:\Users\Amauricio\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Amauricio\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Next Integrador.lnk [2016-11-03]
ShortcutTarget: Next Integrador.lnk -> C:\Windows\Installer\{8E47C6B4-CDB9-4E98-8815-A427AC2BA33A}\_1B19C949C1AF0370A99110.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Next Live Updater.lnk [2016-09-05]
ShortcutTarget: Next Live Updater.lnk -> C:\Windows\Installer\{F8E92E02-311D-4476-9F1E-A6098A8D4255}\_6F09C1602EB82564429908.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Serasa Update.lnk [2016-09-13]
ShortcutTarget: Serasa Update.lnk -> C:\Program Files (x86)\Serasa Experian\Service\eSfUpdateForm.exe (Serasa Experian)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E72E7D02-B451-49D9-A75D-B3C89BBC3DFF}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2337362025-3021461758-2314052629-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-20] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-20] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-20] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-12] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2337362025-3021461758-2314052629-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Amauricio\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-10] (Citrix Online)
FF Plugin HKU\S-1-5-21-2337362025-3021461758-2314052629-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Amauricio\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-12-29] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Amauricio\AppData\Local\Google\Chrome\User Data\Default [2017-05-22]
CHR Extension: (Google Apresentações) - C:\Users\Amauricio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-02]
CHR Extension: (Google Docs) - C:\Users\Amauricio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-02]
CHR Extension: (Google Drive) - C:\Users\Amauricio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-02]
CHR Extension: (YouTube) - C:\Users\Amauricio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Amauricio\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-02]
CHR Extension: (Planilhas do Google) - C:\Users\Amauricio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-02]
CHR Extension: (Documentos Google off-line) - C:\Users\Amauricio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-03]
CHR Extension: (Vysor) - C:\Users\Amauricio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2017-05-18]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Amauricio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-02]
CHR Extension: (Gmail) - C:\Users\Amauricio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Amauricio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR Profile: C:\Users\Amauricio\AppData\Local\Google\Chrome\User Data\System Profile [2017-05-05]
CHR HKU\S-1-5-21-2337362025-3021461758-2314052629-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-05-04] (Microsoft Corporation)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [372736 2016-09-05] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16896 2016-09-05] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
R2 MSSQL$SQLNEXT; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [229672 2016-10-25] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2016-10-25] (Sophos Limited)
R2 SerasaUpdate; C:\Program Files (x86)\Serasa Experian\Service\SerasaUpdate.exe [398848 2016-05-03] (Serasa Experian) [File not signed]
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [760672 2017-01-31] (Sophos Limited)
R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [1379856 2016-11-23] (Sophos Limited)
R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [1806904 2016-11-23] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2016-09-13] (Sophos Limited)
R2 SophosDataRecorderService; C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe [996240 2016-09-12] (Sophos Limited)
R2 sophossps; C:\Program Files\Sophos\Sophos System Protection\ssp.exe [5366040 2016-09-12] (Sophos Limited)
R2 SqlBackupAndFtp Service; C:\Program Files (x86)\Pranas.NET\SQLBackupAndFTP\SbfService.exe [55456 2016-08-04] (Pranas.NET)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2016-09-13] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3644368 2016-09-13] (Sophos Limited)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2016-09-05] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [77832 2016-11-28] (Advanced Card Systems Ltd.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-22] (Malwarebytes)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [201168 2016-09-13] (Sophos Limited)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2016-09-13] (Sophos Limited)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2016-09-13] (Sophos Limited)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [47760 2016-09-13] (Sophos Limited)
S3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [40448 2011-01-21] (Generic)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42064 2016-08-15] (Anchorfree Inc.)
S3 usbio; C:\Windows\System32\Drivers\usbio_x64.sys [45216 2013-10-24] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-22 15:47 - 2017-05-22 15:50 - 00050096 _____ C:\Users\Amauricio\Downloads\Addition.txt
2017-05-22 15:44 - 2017-05-22 16:06 - 00022653 _____ C:\Users\Amauricio\Downloads\FRST.txt
2017-05-22 15:43 - 2017-05-22 16:06 - 00000000 ____D C:\FRST
2017-05-22 15:42 - 2017-05-22 15:42 - 02429952 _____ (Farbar) C:\Users\Amauricio\Downloads\FRST64.exe
2017-05-22 11:51 - 2017-05-22 11:54 - 14554768 _____ (Copyright 2017.) C:\Users\Amauricio\Downloads\Zemana.AntiMalware.Portable.exe
2017-05-22 11:17 - 2017-05-22 11:17 - 11584088 _____ (SurfRight B.V.) C:\Users\Amauricio\Downloads\hitmanpro_x64.exe
2017-05-22 11:16 - 2017-05-22 11:16 - 00000677 _____ C:\Users\Amauricio\Desktop\JRT.txt
2017-05-22 11:14 - 2017-05-22 11:14 - 03342069 _____ C:\Users\Amauricio\Downloads\Não confirmado 574108.crdownload
2017-05-22 11:11 - 2017-05-22 11:12 - 01663672 _____ (Malwarebytes) C:\Users\Amauricio\Downloads\JRT.exe
2017-05-22 11:00 - 2017-05-22 11:00 - 00000000 ___HD C:\OneDriveTemp
2017-05-22 10:34 - 2017-05-22 11:57 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-22 10:34 - 2017-05-22 10:34 - 00187320 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-22 10:34 - 2017-05-22 10:34 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-22 10:34 - 2017-05-22 10:34 - 00093624 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-22 10:34 - 2017-05-22 10:34 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-22 10:34 - 2017-05-22 10:34 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-22 10:34 - 2017-05-22 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-22 10:34 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-22 10:33 - 2017-05-22 10:33 - 63364552 _____ (Malwarebytes ) C:\Users\Amauricio\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe
2017-05-22 10:33 - 2017-05-22 10:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-22 10:31 - 2017-05-22 10:32 - 04110280 _____ C:\Users\Amauricio\Downloads\adwcleaner_6.047.exe
2017-05-22 10:24 - 2017-05-22 10:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Amauricio\Downloads\iExplore.exe
2017-05-22 10:13 - 2017-05-22 11:38 - 00346156 _____ C:\Windows\ntbtlog.txt
2017-05-18 13:54 - 2017-05-18 14:32 - 00000000 ____D C:\Users\Amauricio\Downloads\Produtos_em_Pedidos (1)_arquivos
2017-05-18 13:47 - 2017-05-18 14:32 - 00010351 _____ C:\Users\Amauricio\Downloads\Produtos_em_Pedidos (1).xls
2017-05-18 09:28 - 2017-05-18 09:41 - 00039779 _____ C:\Users\Amauricio\Downloads\planilha compensacao (1) (1).xlsx
2017-05-17 10:27 - 2017-05-17 17:41 - 00000000 ____D C:\Users\Amauricio\Desktop\pENDRIVE
2017-05-17 07:53 - 2017-05-17 10:10 - 00002272 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-16 14:59 - 2017-05-16 15:03 - 00025817 _____ C:\Users\Amauricio\Downloads\planilha compensacao Clinica (1).xlsx
2017-05-16 14:53 - 2017-05-16 14:59 - 00025903 _____ C:\Users\Amauricio\Downloads\planilha compensacao Clinica.xlsx
2017-05-16 14:42 - 2017-05-16 14:51 - 00026286 _____ C:\Users\Amauricio\Downloads\planilha compensacao (1).xlsx
2017-05-16 14:23 - 2017-05-16 14:23 - 00016266 _____ C:\Users\Amauricio\Downloads\Comprovante de Transferência.pdf
2017-05-12 13:37 - 2017-05-12 14:06 - 00018744 _____ C:\Users\Amauricio\Downloads\planilha compensacao.xlsx
2017-05-12 09:05 - 2017-05-12 09:05 - 00032246 _____ C:\Users\Amauricio\Downloads\32170505570714000825550010021756851085321734.pdf
2017-05-11 09:41 - 2017-05-11 09:41 - 00000000 _____ C:\autoexec.bat
2017-05-11 09:21 - 2017-05-11 09:21 - 00005491 _____ C:\Users\Amauricio\Downloads\Estoque_dos_Produtos.xls
2017-05-11 09:11 - 2017-05-17 07:53 - 00000000 _____ C:\Windows\SysWOW64\3333333
2017-05-11 09:10 - 2017-05-17 07:53 - 00000000 _____ C:\Windows\SysWOW64\33
2017-05-11 09:10 - 2017-05-17 07:53 - 00000000 _____ C:\Windows\SysWOW64\1111111
2017-05-11 09:10 - 2017-05-17 07:53 - 00000000 _____ C:\Windows\SysWOW64\1111
2017-05-11 09:10 - 2017-05-17 07:53 - 00000000 _____ C:\Windows\SysWOW64\11
2017-05-11 09:10 - 2017-05-17 07:53 - 00000000 _____ C:\Windows\SysWOW64\00
2017-05-11 08:42 - 2017-05-11 08:42 - 00000000 ____D C:\ProgramData\dbg
2017-05-11 08:40 - 2017-04-28 19:44 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-11 08:40 - 2017-04-28 19:44 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 10:53 - 2017-05-10 10:53 - 07651116 _____ C:\Users\Amauricio\Desktop\RelatorioDinamico Cookie Con.xlsx
2017-05-10 10:20 - 2017-05-10 10:21 - 00000000 ____D C:\Filmes  SUD
2017-05-10 09:22 - 2017-04-28 18:15 - 07444824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 09:22 - 2017-04-26 11:06 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 09:22 - 2017-04-16 07:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-10 09:22 - 2017-04-16 07:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 09:22 - 2017-04-16 07:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-05-10 09:22 - 2017-04-16 07:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 09:22 - 2017-04-16 07:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 09:22 - 2017-04-16 06:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-10 09:22 - 2017-04-16 06:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 09:22 - 2017-04-16 06:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-05-10 09:22 - 2017-04-16 06:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 09:22 - 2017-04-16 05:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 09:22 - 2017-04-16 05:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 09:22 - 2017-04-16 05:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 09:22 - 2017-04-16 05:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 09:22 - 2017-04-16 05:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 09:22 - 2017-04-16 05:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 09:22 - 2017-04-16 05:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 09:22 - 2017-04-16 05:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 09:22 - 2017-04-16 05:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 09:22 - 2017-04-16 05:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 09:22 - 2017-04-16 05:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-10 09:22 - 2017-04-16 05:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 09:22 - 2017-04-16 05:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 09:22 - 2017-04-16 05:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 09:22 - 2017-04-16 04:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 09:22 - 2017-04-16 04:52 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-10 09:22 - 2017-04-16 04:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 09:22 - 2017-04-16 04:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 09:22 - 2017-04-16 04:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 09:22 - 2017-04-16 04:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 09:22 - 2017-04-16 04:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 09:22 - 2017-04-16 04:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 09:22 - 2017-04-16 04:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 09:22 - 2017-04-16 04:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 09:22 - 2017-04-16 04:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 09:22 - 2017-04-16 04:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-10 09:22 - 2017-04-16 04:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 09:22 - 2017-04-16 04:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 09:22 - 2017-04-16 04:17 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-10 09:22 - 2017-04-16 04:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 09:22 - 2017-04-16 04:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 09:22 - 2017-04-16 04:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 09:22 - 2017-04-16 04:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 09:22 - 2017-04-16 04:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 09:22 - 2017-04-16 04:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 09:22 - 2017-04-16 04:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 09:22 - 2017-04-16 04:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-05-10 09:22 - 2017-04-16 03:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 09:22 - 2017-04-16 03:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 09:22 - 2017-04-16 03:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 09:22 - 2017-04-16 03:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 09:22 - 2017-04-16 03:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 09:22 - 2017-04-16 03:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 09:22 - 2017-04-09 19:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 09:22 - 2017-04-09 19:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 09:22 - 2017-04-07 20:20 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 09:22 - 2017-04-07 10:56 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 09:22 - 2017-04-02 13:41 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 09:22 - 2017-04-02 13:41 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 09:22 - 2017-03-31 20:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 09:22 - 2017-03-31 18:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 09:22 - 2017-03-13 13:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-05-10 09:22 - 2017-03-13 13:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-10 09:22 - 2017-03-13 13:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-10 09:22 - 2017-03-13 13:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-05-10 09:22 - 2017-03-13 13:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-10 09:22 - 2017-03-13 13:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-10 09:22 - 2017-03-11 16:34 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 09:22 - 2017-03-11 16:32 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 09:22 - 2017-03-11 16:32 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 09:22 - 2017-03-11 15:49 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 09:22 - 2017-03-11 14:58 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 09:22 - 2017-03-11 14:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 09:22 - 2017-03-10 20:38 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-05-10 09:22 - 2017-03-10 20:38 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-05-10 09:22 - 2017-03-09 17:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-05-10 09:22 - 2017-03-09 16:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-05-10 09:22 - 2017-03-07 23:44 - 00448285 _____ C:\Windows\system32\ApnDatabase.xml
2017-05-08 17:05 - 2017-05-08 17:05 - 00024167 _____ C:\Users\Amauricio\Downloads\RelatorioDinamico Vendas por unidade por mês.xlsx
2017-05-08 17:02 - 2017-05-08 17:02 - 00205864 _____ C:\Users\Amauricio\Downloads\RelatorioDinamico_20170508050241.xlsx
2017-05-08 15:46 - 2017-05-10 09:56 - 07688204 _____ C:\Users\Amauricio\Downloads\RelatorioDinamico_20170508034536.xlsx
2017-05-08 15:08 - 2017-05-08 15:08 - 00000000 ____D C:\Users\Amauricio\AppData\Roaming\DataRecommendations
2017-05-08 15:08 - 2017-05-08 15:08 - 00000000 ____D C:\Users\Amauricio\AppData\Local\DataRecommendation
2017-05-08 09:42 - 2017-05-08 09:43 - 00000000 ____D C:\Users\Public\Documents\temp
2017-05-08 09:42 - 2017-05-08 09:42 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-08 09:42 - 2017-05-08 09:42 - 00000000 ____D C:\Users\Public\Documents\chrome
2017-05-08 08:33 - 2016-09-13 18:24 - 00047760 _____ (Sophos Limited) C:\Windows\system32\Drivers\swi_callout.sys
2017-05-04 16:09 - 2017-05-04 16:09 - 00237568 _____ C:\Users\Amauricio\Downloads\Orçamento_Mrchenew.xls
2017-05-04 13:19 - 2017-05-04 13:19 - 00060194 _____ C:\Users\Amauricio\Downloads\Sedex destinatario unico.pdf
2017-05-02 11:08 - 2017-05-02 11:08 - 00000000 ____D C:\Users\Amauricio\AppData\Roaming\Google
2017-05-02 11:04 - 2017-05-17 07:53 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-02 10:13 - 2017-05-17 07:53 - 00000000 ____D C:\Users\Amauricio\AppData\Local\CrashDumps
2017-05-02 09:19 - 2017-05-02 09:19 - 00000000 ____D C:\Users\Amauricio\Downloads\Indicadores_por_Dia_Mes_arquivos
2017-04-26 12:14 - 2017-05-02 10:06 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-04-26 12:13 - 2017-04-26 14:04 - 00000000 ____D C:\ProgramData\RogueKiller
2017-04-26 10:51 - 2017-05-22 11:04 - 00000000 ____D C:\AdwCleaner
2017-04-26 09:10 - 2017-04-26 09:10 - 00000000 ____D C:\ProgramData\Apple
2017-04-25 16:08 - 2017-04-25 16:08 - 00000000 ____D C:\Users\Amauricio\Downloads\therebels.nescauzin.up00551
2017-04-25 11:07 - 2017-04-25 11:07 - 00000000 ____D C:\Users\Amauricio\AppData\Roaming\TightVNC
2017-04-25 11:05 - 2017-04-25 11:05 - 00000000 ____D C:\ProgramData\TightVNC
2017-04-25 11:05 - 2017-04-25 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2017-04-25 11:05 - 2017-04-25 11:05 - 00000000 ____D C:\Program Files\TightVNC
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-22 16:05 - 2016-08-31 14:31 - 00000000 ____D C:\Users\Amauricio\Documents\Arquivos do Outlook
2017-05-22 15:07 - 2016-08-31 13:52 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6575A24C-57E0-4C63-A696-F674D727540F}
2017-05-22 13:26 - 2016-08-31 14:27 - 00002314 ____H C:\Users\Amauricio\Documents\Default.rdp
2017-05-22 12:20 - 2016-08-31 13:19 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2337362025-3021461758-2314052629-1001
2017-05-22 11:58 - 2017-03-14 13:55 - 00000000 ___RD C:\Users\Amauricio\Google Drive
2017-05-22 11:58 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\inetsrv
2017-05-22 11:57 - 2016-08-31 13:33 - 00000000 __SHD C:\Users\Amauricio\IntelGraphicsProfiles
2017-05-22 11:56 - 2017-03-30 08:40 - 00000000 ____D C:\Temp
2017-05-22 11:56 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-22 10:21 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Inf
2017-05-22 08:53 - 2016-08-31 13:13 - 00000000 ____D C:\Users\Amauricio\AppData\Local\Packages
2017-05-19 10:51 - 2016-10-11 14:18 - 00013374 _____ C:\Users\Amauricio\Documents\Planilha de Controle da Fábrica.xlsx
2017-05-19 09:45 - 2016-09-05 10:52 - 00000000 ____D C:\Users\Amauricio\Documents\SQL Server Management Studio Express
2017-05-17 17:38 - 2017-03-02 09:44 - 00000000 ____D C:\Users\Amauricio\Downloads\Aperfeiçoamento
2017-05-17 17:36 - 2016-12-27 15:15 - 00000000 ____D C:\Users\Amauricio\Downloads\fx
2017-05-17 14:43 - 2013-08-22 12:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-17 14:42 - 2016-08-31 14:02 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-05-17 14:42 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-17 13:23 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-17 13:21 - 2016-08-31 13:50 - 00000000 ____D C:\Program Files\Microsoft Office
2017-05-17 11:01 - 2016-09-28 09:48 - 00000000 ____D C:\BAK
2017-05-17 10:18 - 2016-09-05 09:39 - 00935060 _____ C:\Windows\system32\prfh0416.dat
2017-05-17 10:18 - 2016-09-05 09:39 - 00220006 _____ C:\Windows\system32\prfc0416.dat
2017-05-17 10:18 - 2014-11-21 05:43 - 02233650 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-17 10:00 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness
2017-05-17 09:29 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\LiveKernelReports
2017-05-17 09:07 - 2016-08-31 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-05-17 09:07 - 2016-08-31 13:37 - 00000000 ____D C:\ProgramData\Sophos
2017-05-17 09:07 - 2016-08-31 13:37 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-05-17 07:54 - 2017-04-17 10:54 - 00000000 ____D C:\Users\Amauricio\AppData\LocalLow\Mozilla
2017-05-17 07:53 - 2017-04-17 10:54 - 00002016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-15 17:55 - 2016-08-31 13:13 - 00000000 ____D C:\Users\Amauricio
2017-05-15 08:38 - 2016-11-14 07:28 - 00000000 ___RD C:\Users\Amauricio\OneDrive - BYU-Idaho
2017-05-12 10:02 - 2016-09-05 09:10 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-11 19:22 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache
2017-05-11 15:10 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF
2017-05-11 11:53 - 2017-04-17 13:22 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-05-11 11:52 - 2017-04-17 13:22 - 00102049 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-05-11 09:53 - 2017-02-10 13:09 - 00000000 ____D C:\ProgramData\Freemake
2017-05-11 09:50 - 2017-04-17 13:22 - 00113946 _____ C:\Windows\ZAM.krnl.trace
2017-05-11 08:38 - 2013-08-22 11:44 - 00552760 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-10 17:51 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2017-05-10 17:51 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 12:02 - 2016-09-02 15:34 - 00000000 ____D C:\Windows\system32\MRT
2017-05-10 11:54 - 2016-09-02 15:34 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-10 11:54 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp
2017-05-08 09:42 - 2016-09-20 08:46 - 00000000 ____D C:\Users\Amauricio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome
2017-05-05 08:53 - 2016-09-05 15:06 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-03 13:13 - 2016-12-23 22:31 - 00000000 ____D C:\Users\Amauricio\AppData\Local\ElevatedDiagnostics
2017-05-02 11:04 - 2016-08-31 14:22 - 00000000 ____D C:\Users\Amauricio\AppData\Local\Google
2017-05-02 09:32 - 2017-01-04 07:55 - 00000000 ____D C:\hd
2017-04-29 00:44 - 2016-08-31 14:22 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 00:44 - 2016-08-31 14:22 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 09:16 - 2017-02-01 11:06 - 00007601 _____ C:\Users\Amauricio\AppData\Local\Resmon.ResmonCfg
2017-04-26 17:53 - 2017-02-23 11:13 - 00018204 _____ C:\Users\Amauricio\Desktop\Lista MrCheney.xlsx
2017-04-26 14:20 - 2016-07-12 10:14 - 00000132 _____ C:\Users\Amauricio\Desktop\GRN.url
2017-04-26 14:15 - 2016-10-07 11:46 - 00000148 _____ C:\Users\Amauricio\Desktop\Fidelidade.url
2017-04-26 14:15 - 2016-07-12 10:14 - 00000149 _____ C:\Users\Amauricio\Desktop\Painel do Fornecedor.url
2017-04-26 14:14 - 2016-07-12 10:14 - 00000149 _____ C:\Users\Amauricio\Desktop\Painel ADM Pedidos.url
2017-04-26 14:14 - 2016-07-12 10:14 - 00000146 _____ C:\Users\Amauricio\Desktop\Sistema Pedidos.url
2017-04-26 11:55 - 2017-04-19 14:24 - 00014370 _____ C:\Windows\system32\.crusader
2017-04-26 11:19 - 2017-04-19 14:05 - 00000000 ____D C:\ProgramData\HitmanPro
2017-04-26 10:49 - 2016-11-16 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-26 09:34 - 2016-10-18 13:47 - 00000000 ____D C:\Program Files (x86)\Bematech
2017-04-26 09:29 - 2016-11-10 08:41 - 00000000 ____D C:\Users\Amauricio\AppData\Local\Citrix
2017-04-24 16:54 - 2017-01-18 16:27 - 00018521 _____ C:\Users\Amauricio\Desktop\Estudo Preço Produtos Novos.xlsx
 
==================== Files in the root of some directories =======
 
2017-01-02 07:31 - 2017-01-18 17:39 - 0000600 _____ () C:\Users\Amauricio\AppData\Local\PUTTY.RND
2017-02-01 11:06 - 2017-04-28 09:16 - 0007601 _____ () C:\Users\Amauricio\AppData\Local\Resmon.ResmonCfg
 
Files to move or delete:
====================
C:\Users\Amauricio\signver.dll
C:\Users\Amauricio\signver1.dll
 
 
Some files in TEMP:
====================
2017-04-26 12:13 - 2016-08-13 04:40 - 1737080 _____ (Microsoft Corporation) C:\Users\Amauricio\AppData\Local\Temp\dllnt_dump.dll
2017-02-10 13:07 - 2017-02-10 13:07 - 34471160 _____ (Ellora Assets Corporation                                   ) C:\Users\Amauricio\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2017-03-05 19:24 - 2017-03-05 19:24 - 14456872 _____ (Microsoft Corporation) C:\Users\Amauricio\AppData\Local\Temp\vc_redist.x86.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-16 12:38
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 PM

Posted 27 May 2017 - 02:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/647373 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 PM

Posted 01 June 2017 - 02:50 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users