rstudio Posted June 15, 2017 ID:1135881 Share Posted June 15, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 Ran by ASUSPC (administrator) on DESKTOP-G171JDO (15-06-2017 12:51:32) Running from C:\Users\ASUSPC\Desktop Loaded Profiles: ASUSPC (Available Profiles: ASUSPC) Platform: Windows 10 Home Version 1607 (X64) Language: Português (Portugal) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe (AVG Netherlands B.V) C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (© 2015 Microsoft Corporation) C:\Users\ASUSPC\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\WLMerger.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-03] (NVIDIA Corporation) HKLM\...\Run: [Ashampoo Backup PB] => "C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupClient-abpb.exe" --hidden HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-25] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] () HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-11-04] (Razer Inc.) HKU\S-1-5-21-140328530-2921895377-1690607904-1001\...\Run: [BingSvc] => C:\Users\ASUSPC\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation) Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{10d9e777-2b95-4667-9429-2aa966ca95a4}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{a7506989-8a3e-4230-9e91-a4e009183f94}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Internet Explorer: ================== HKU\S-1-5-21-140328530-2921895377-1690607904-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE HKU\S-1-5-21-140328530-2921895377-1690607904-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE SearchScopes: HKU\S-1-5-21-140328530-2921895377-1690607904-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4747186A-0804-438F-A4A2-B361EE48ABED}&mid=d3aae30710bb47cc8f52f98b9b2c7861-c8b3fd720ac11d60e77549f0837cb50c03c1c6c3&lang=pt&ds=AVG&coid=avgtbavg&cmpid=0616tb&pr=fr&d=2016-05-22 12:01:47&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-140328530-2921895377-1690607904-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-140328530-2921895377-1690607904-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4747186A-0804-438F-A4A2-B361EE48ABED}&mid=d3aae30710bb47cc8f52f98b9b2c7861-c8b3fd720ac11d60e77549f0837cb50c03c1c6c3&lang=pt&ds=AVG&coid=avgtbavg&cmpid=0616tb&pr=fr&d=2016-05-22 12:01:47&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-05-17] (Intel Security) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-05-17] (Intel Security) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-03] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-03] (Microsoft Corporation) Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-05-17] (Intel Security) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-05-17] (Intel Security) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 0sxrt9u6.default FF ProfilePath: C:\Users\ASUSPC\AppData\Roaming\Mozilla\Firefox\Profiles\0sxrt9u6.default [2017-06-15] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-21] () FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-03] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-21] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-06-03] (Microsoft Corporation) FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-pt CHR Profile: C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default [2017-06-15] CHR Extension: (Apresentações Google) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-20] CHR Extension: (Google Docs) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-20] CHR Extension: (Google Drive) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-20] CHR Extension: (YouTube) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20] CHR Extension: (Color Switch) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlknokhglhpflfcgodinmdmbfoheecdo [2016-06-15] CHR Extension: (Apple Shooter) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\efnckpgchpgcaidjncjkcdefoklgojjb [2016-06-15] CHR Extension: (Google Folhas de Cálculo) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-20] CHR Extension: (Documentos do Google offline) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-20] CHR Extension: (Background Changer) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbpabmjecillbmlhmkbibekmbnidhopk [2016-08-01] CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13] CHR Extension: (Flappy Futebol) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjcfahmlognckbgfkmopablbpoonjenm [2016-06-15] CHR Extension: (Gmail) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-20] CHR Extension: (Chrome Media Router) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-03] CHR HKU\S-1-5-21-140328530-2921895377-1690607904-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Windows (R) Win 7 DDK provider) S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887232 2013-12-24] (Intel(R) Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] () S3 Soda PDF Desktop; C:\Program Files\Soda PDF Desktop\ws.exe [2581864 2017-01-25] (LULU Software) S3 Soda PDF Desktop CrashHandler; C:\Program Files\Soda PDF Desktop\crash-handler-ws.exe [931176 2017-01-25] (LULU Software) S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [998296 2017-05-10] (McAfee, Inc.) S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16160 2017-05-10] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86776 2017-05-10] (McAfee, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation) S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [173824 2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd) S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4317808 2015-07-14] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [98792 2017-03-08] (ASUS Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] () R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-03-08] (REALiX(tm)) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-15] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-15] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-15] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-15] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-15] (Malwarebytes) R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [32736 2017-03-08] (Intel(R) Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-03-08] (Realtek ) S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc) R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.) S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc) S3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [41824 2016-11-03] (SteelSeries ApS) S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [51400 2016-05-27] (SteelSeries ApS) S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2017-06-15] (SlimWare Utilities, Inc.) R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2017-03-08] (Intel Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-15 12:51 - 2017-06-15 12:53 - 00018688 _____ C:\Users\ASUSPC\Desktop\FRST.txt 2017-06-15 12:50 - 2017-06-15 12:51 - 00000000 ____D C:\FRST 2017-06-15 12:14 - 2017-06-15 12:48 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-06-15 12:14 - 2017-06-15 12:48 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-06-15 12:14 - 2017-06-15 12:48 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-06-15 12:14 - 2017-06-15 12:48 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-06-15 12:14 - 2017-06-15 12:15 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-06-15 12:14 - 2017-06-15 12:14 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-06-15 12:14 - 2017-06-15 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-06-15 12:14 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-06-15 12:13 - 2017-06-15 12:50 - 02438656 _____ (Farbar) C:\Users\ASUSPC\Desktop\FRST64.exe 2017-06-15 12:13 - 2017-06-15 12:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-06-15 12:13 - 2017-06-15 12:13 - 00000000 ____D C:\Program Files\Malwarebytes 2017-06-15 12:11 - 2017-06-15 12:11 - 64232976 _____ (Malwarebytes ) C:\Users\ASUSPC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092(1).exe 2017-06-15 12:10 - 2017-06-15 12:11 - 64232976 _____ (Malwarebytes ) C:\Users\ASUSPC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe 2017-06-10 15:42 - 2017-06-10 15:42 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2017-06-03 21:35 - 2017-06-03 21:35 - 00002053 _____ C:\Users\ASUSPC\Documents\Bem-vindo ao Registo de Produto ASUS (2).lnk 2017-06-03 15:17 - 2017-06-03 15:20 - 00000000 ____D C:\Users\ASUSPC\Desktop\Imagens e Videos 2017-06-03 15:04 - 2017-06-15 11:59 - 00000000 ____D C:\Users\ASUSPC\AppData\Local\Ashampoo Backup PB 2017-05-21 19:03 - 2017-06-15 11:50 - 00000000 ____D C:\ProgramData\AVAST Software 2017-05-21 19:00 - 2017-05-21 19:00 - 00000000 ____D C:\ProgramData\Ashampoo Backup PB 2017-05-21 18:54 - 2017-05-21 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2017-05-21 18:53 - 2017-05-21 18:55 - 00000000 ____D C:\Program Files\Notepad++ 2017-05-21 18:53 - 2017-05-21 18:54 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Notepad++ 2017-05-21 18:51 - 2017-05-21 18:51 - 00000819 _____ C:\Users\Public\Desktop\Soda PDF Desktop.lnk 2017-05-21 18:51 - 2017-05-21 18:51 - 00000000 ____D C:\Users\ASUSPC\Documents\Soda PDF Files 2017-05-21 18:51 - 2017-05-21 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop 2017-05-21 18:51 - 2017-05-21 18:51 - 00000000 ____D C:\Program Files\Soda PDF Desktop 2017-05-21 18:44 - 2017-05-21 18:44 - 00000000 ____D C:\ProgramData\Soda PDF Desktop ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-15 12:51 - 2016-05-18 14:04 - 00000165 _____ C:\Users\ASUSPC\AppData\Roaming\sp_data.sys 2017-06-15 12:50 - 2016-06-30 18:02 - 00000500 _____ C:\WINDOWS\Tasks\AVG Driver Updater Startup.job 2017-06-15 12:49 - 2016-06-30 18:02 - 00025608 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys 2017-06-15 12:48 - 2016-05-18 14:03 - 00000000 __SHD C:\Users\ASUSPC\IntelGraphicsProfiles 2017-06-15 12:47 - 2016-09-25 16:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-06-15 12:46 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-06-15 12:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-06-15 12:08 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-06-15 12:06 - 2016-11-19 12:32 - 00000000 ____D C:\Users\ASUSPC\AppData\LocalLow\Mozilla 2017-06-15 12:04 - 2016-11-17 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-06-15 12:04 - 2016-09-25 16:21 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1 2017-06-15 12:04 - 2016-09-25 16:21 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2 2017-06-15 12:02 - 2016-05-18 12:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12 2017-06-15 11:59 - 2016-09-25 16:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS 2017-06-15 11:59 - 2016-05-21 13:10 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-06-15 11:59 - 2016-03-28 12:15 - 00000000 ____D C:\Program Files (x86)\ASUS 2017-06-15 11:57 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-06-15 11:57 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-06-15 11:56 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-15 11:56 - 2016-05-18 14:03 - 00000000 ____D C:\Users\ASUSPC\AppData\Local\Packages 2017-06-15 11:55 - 2016-05-21 13:10 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-06-15 11:50 - 2016-08-14 22:19 - 00000000 ____D C:\Program Files\TrueKey 2017-06-15 11:50 - 2016-08-13 12:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-06-15 11:50 - 2016-05-22 11:56 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\AVAST Software 2017-06-15 11:50 - 2016-05-18 12:00 - 00000000 ____D C:\Program Files\Common Files\AV 2017-06-15 11:45 - 2016-05-20 17:37 - 00000000 ____D C:\Program Files (x86)\AVG 2017-06-15 11:45 - 2016-05-20 17:33 - 00000000 ____D C:\ProgramData\Avg 2017-06-15 11:43 - 2016-05-20 17:32 - 00000000 ____D C:\Users\ASUSPC\AppData\Local\AvgSetupLog 2017-06-15 11:39 - 2016-05-18 12:08 - 00000000 ____D C:\Program Files\CyberLink 2017-06-15 11:39 - 2016-05-18 11:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-06-15 11:38 - 2016-05-18 12:07 - 00000000 ____D C:\ProgramData\CyberLink 2017-06-15 11:34 - 2017-03-08 21:45 - 00000000 ____D C:\ProgramData\ProductData 2017-06-15 11:27 - 2016-12-14 20:44 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Apple Computer 2017-06-15 11:25 - 2016-05-18 11:47 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros 2017-06-15 11:21 - 2017-04-03 08:08 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-06-15 11:21 - 2016-05-20 16:29 - 00000000 ____D C:\ProgramData\Skype 2017-06-15 11:11 - 2017-03-16 10:03 - 00000000 ____D C:\ProgramData\SteelSeries 2017-06-15 11:11 - 2017-03-16 10:03 - 00000000 ____D C:\Program Files\SteelSeries 2017-06-15 11:10 - 2016-12-14 20:34 - 00000000 ____D C:\ProgramData\Apple 2017-06-15 11:03 - 2016-05-20 16:21 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-06-15 11:00 - 2017-03-08 21:45 - 00003042 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (ASUSPC) 2017-06-15 10:59 - 2016-05-20 16:29 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Skype 2017-06-11 00:44 - 2016-09-25 15:48 - 00000000 ____D C:\Users\ASUSPC 2017-06-11 00:30 - 2016-09-25 15:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-06-10 15:43 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-06-10 15:42 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2017-06-10 15:40 - 2016-05-18 12:13 - 00000000 ____D C:\Program Files\Microsoft Office 2017-06-03 20:46 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-06-03 15:07 - 2017-03-08 21:45 - 00000000 ____D C:\ProgramData\IObit 2017-06-03 15:03 - 2016-08-14 22:46 - 00001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk 2017-06-03 15:03 - 2016-08-14 22:46 - 00001230 _____ C:\Users\Public\Desktop\True Key.lnk 2017-05-21 21:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache 2017-05-21 20:49 - 2016-07-17 00:08 - 00503104 _____ C:\WINDOWS\system32\prfh0816.dat 2017-05-21 20:49 - 2016-07-17 00:08 - 00157500 _____ C:\WINDOWS\system32\prfc0816.dat 2017-05-21 20:49 - 2016-03-28 11:59 - 01744202 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-05-21 19:43 - 2016-11-21 19:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc 2017-05-21 19:29 - 2016-05-20 16:04 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-21 19:29 - 2016-05-20 16:04 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-05-21 18:32 - 2016-05-18 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016 2017-05-21 18:21 - 2016-05-18 12:00 - 00000000 ____D C:\ProgramData\McAfee 2017-05-21 18:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed ==================== Files in the root of some directories ======= 2016-05-18 14:04 - 2017-06-15 12:51 - 0000165 _____ () C:\Users\ASUSPC\AppData\Roaming\sp_data.sys 2016-09-25 15:43 - 2016-09-25 15:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== 2016-10-28 23:50 - 2016-10-28 23:50 - 50563233 _____ (Popcorn Time ) C:\Users\ASUSPC\AppData\Local\Temp\setup_7F1E.exe 2016-11-04 09:26 - 2016-11-04 09:27 - 43768960 _____ (Skype Technologies S.A.) C:\Users\ASUSPC\AppData\Local\Temp\SkypeSetup.exe 2017-04-03 08:07 - 2017-04-03 08:07 - 14456872 _____ (Microsoft Corporation) C:\Users\ASUSPC\AppData\Local\Temp\vc_redist.x86.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-05-21 19:38 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 Ran by ASUSPC (15-06-2017 12:54:40) Running from C:\Users\ASUSPC\Desktop Windows 10 Home Version 1607 (X64) (2016-09-25 15:26:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-140328530-2921895377-1690607904-500 - Administrator - Disabled) ASUSPC (S-1-5-21-140328530-2921895377-1690607904-1001 - Administrator - Enabled) => C:\Users\ASUSPC Convidado (S-1-5-21-140328530-2921895377-1690607904-501 - Limited - Disabled) DefaultAccount (S-1-5-21-140328530-2921895377-1690607904-503 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.5 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0041 - ASUS) AVG Driver Updater (HKLM-x32\...\AVG Driver Updater) (Version: 2.2.2 - AVG Netherlands B.V) AVG Driver Updater (x32 Version: 2.2.2 - AVG Netherlands B.V) Hidden Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.4010.0 - CyberLink Corp.) Hidden Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.) Foxit PhantomPDF (HKLM-x32\...\{39263796-F296-43AF-909C-FCF99592BAC4}) (Version: 7.2.52.1209 - Foxit Software Inc.) Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Intel Security True Key (HKLM\...\TrueKey) (Version: 4.17.107.1 - Intel Security) Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation) Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 604.10125.2655.573 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Malwarebytes versão 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft Office 365 - pt-pt (HKLM\...\O365HomePremRetail - pt-pt) (Version: 16.0.8067.2115 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-140328530-2921895377-1690607904-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 53.0.3 (x86 pt-PT) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 pt-PT)) (Version: 53.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.3 - Notepad++ Team) NVIDIA Graphics Driver 353.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.84 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden Painel de controlo da NVIDIA 369.09 (Version: 369.09 - NVIDIA Corporation) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1104 - Nome de sua empresa:) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.27057 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.) Soda PDF Desktop (HKLM-x32\...\SodaDesktop) (Version: 9.0.38.31816 - LULU Software) Soda PDF Desktop View Module (Version: 9.0.38.31757 - LULU Software) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.6.547 - ASUS Cloud Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS) WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.5811 - Kingsoft Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-140328530-2921895377-1690607904-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06273D99-584B-40E7-BDE2-BADB0E4E196E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-19] (ASUSTek Computer Inc.) Task: {08036EB1-0CC9-452C-A7E5-806C4FD1306B} - System32\Tasks\AVG Driver Updater Startup => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe [2016-05-25] (AVG Netherlands B.V) Task: {0B1FD6B5-C470-4E5D-8E60-4CE4A860F1AF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-03] () Task: {0CF4FE64-40E2-456C-A119-1AB98A893B10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-21] (Adobe Systems Incorporated) Task: {120EA415-3224-41A6-8181-F489CD950136} - System32\Tasks\WpsKtpcntrQingTask_ASUSPC => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\office6\ktpcntr.exe [2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {173E4B62-9DB8-4D9D-A00D-188E983E68D2} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\ASUSPC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {1841CA92-F55B-425D-AC04-CF4CE2F16E9D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-03] () Task: {1E6DC43A-FD1D-41F7-A5B4-03C55D6C191C} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.) Task: {2B444874-4490-46D7-BB76-9E96B7A60636} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.) Task: {36099047-B39F-46F6-8B24-C3F6800D908D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.) Task: {3A7A0F8C-DF78-450D-868D-49CC8FDEFD11} - System32\Tasks\Driver Booster SkipUAC (ASUSPC) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe Task: {481179B0-8BA1-47E8-AB63-0283B2CC43F7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2017-06-15] (Microsoft Corporation) Task: {5364E274-2623-4169-8B11-43C9E3CAA815} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation) Task: {68238C86-5A99-45D0-A04A-D311ED332B3C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-03] (Microsoft Corporation) Task: {70299987-E7E7-4C1C-9393-427CF4D11362} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-08-12] (ASUSTeK Computer Inc.) Task: {831EB92A-FB86-4C8D-9584-8B8D9EEDACF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation) Task: {A10762D0-A338-4B58-ACEB-A537856BC384} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation) Task: {A22A4A19-B210-4F1A-AFDD-B93E10531E23} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-08-12] (ASUSTeK Computer Inc.) Task: {A2752A2F-25F1-4FE5-8986-15C2B2DDE337} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-08-12] () Task: {AD5984C9-06BA-448B-8021-DD7603CFEE6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation) Task: {B2227AA6-A9F8-4672-8BB8-7A32D5BC0064} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor) Task: {B66D904B-6FEC-442D-9F2C-B06B6FAAE0A9} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-07-29] (Realtek Semiconductor) Task: {B6DE6881-D7F2-4622-9EE1-1B48AF91CE6D} - System32\Tasks\WpsExternal_ASUSPC_20170301150941 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {B87D8DFE-49E5-4229-8B7C-9BD0E904840D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation) Task: {C6405B9B-910C-4F1E-BB02-0CBF05A5A49D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-06-09] (ASUS) Task: {CBF400DD-89A4-41DC-8D75-EFAFC79A98CF} - System32\Tasks\WpsUpdateTask_ASUSPC => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\wtoolex\wpsupdate.exe [2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {D9651FBA-D512-42F8-9267-5089A31AC46B} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.) Task: {E958529E-5421-4A43-8285-792E2B57CD14} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation) Task: {EA688357-FC75-47A9-BEE0-53C347D02A51} - System32\Tasks\AVG Driver Updater Scan => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe [2016-05-25] (AVG Netherlands B.V) Task: {F3F0F122-3152-4339-A788-AA52CE5E525B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\AVG Driver Updater Scan.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe Task: C:\WINDOWS\Tasks\AVG Driver Updater Startup.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe Task: C:\WINDOWS\Tasks\WpsExternal_ASUSPC_20170301150941.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe ~/wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_ASUSPC.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\office6\ktpcntr.exe Ãqing 10.2.0.5811 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads Task: C:\WINDOWS\Tasks\WpsUpdateTask_ASUSPC.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\wtoolex\wpsupdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\ASUSPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicações do Chrome\Apple Shooter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=efnckpgchpgcaidjncjkcdefoklgojjb ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-03-15 11:17 - 2017-03-04 08:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-25 15:42 - 2016-08-01 13:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-06-15 12:14 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-03-08 03:42 - 2017-03-08 03:42 - 00230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll 2016-09-25 16:28 - 2016-09-25 16:28 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-15 22:21 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-15 11:17 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 11:17 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-15 11:17 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-03-15 11:17 - 2017-03-04 07:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-03-15 11:17 - 2017-03-04 07:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-06-09 20:25 - 2015-06-09 20:25 - 00035376 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2015-06-09 20:25 - 2015-06-09 20:25 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2016-05-18 11:40 - 2015-10-03 03:24 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-08-12 19:44 - 2015-08-12 19:44 - 00012288 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 08:24 - 2016-12-24 15:04 - 00000832 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-140328530-2921895377-1690607904-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ASUSPC\Pictures\Taty\Saved Pictures\17200840_1275254432556972_1697915836_o.jpg DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run32: => "WebStorage" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{E2D5CF08-62AB-4994-8D02-2FAFAD6F695E}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{0993943A-FA46-4F97-B2F8-D5787D7BAE4C}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe FirewallRules: [{F3079C64-25B3-42A1-AABD-32B7FC0EF47E}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{8EE5FFE8-E44B-4E2C-B13B-49E8B90AB49F}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{0553EBB1-3067-4BB8-9D37-793EDA0A1C3D}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{AD4E7676-6143-4753-BE59-D117EDCB3026}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{7A39BF55-26DC-422E-B0A1-4D3094B31BB5}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{2820720F-BE0C-4988-9BCD-110B4376E7D9}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{E3A01F6E-27C1-4738-A76A-FB39CBF0B5E7}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{4FE97A64-7C01-436F-8FC2-60715F3657CC}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{E79A1125-BF3F-4190-A065-C2189A46A50A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A9D594FF-DAB8-4D38-96EE-8B61A398686D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{9075C242-6629-429B-AEB1-0034E5C88E0E}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [TCP Query User{84540F4F-0774-43D1-A651-2405464276F6}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [UDP Query User{6753567D-F203-4587-B145-95669CB9390D}C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe FirewallRules: [TCP Query User{0DD0FAE9-C1C4-4047-80D2-0B442D6C4C64}C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe FirewallRules: [UDP Query User{CAD3705B-3F4D-4C2E-8BB1-A353E950047A}C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe FirewallRules: [TCP Query User{66375690-99EA-4641-A87C-DB654E1537E5}C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe FirewallRules: [{8514CCBA-CC06-493B-BD38-18EBDB11AB34}] => (Allow) C:\Program Files (x86)\OGPlanet\Tales Runner\trgame.exe FirewallRules: [{EC58AF9F-44BD-453F-BF34-56F67C368F87}] => (Allow) C:\Program Files (x86)\OGPlanet\Tales Runner\trgame.exe FirewallRules: [UDP Query User{DA9166A8-6AB8-4282-B811-7495AEAB1BBB}C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe FirewallRules: [TCP Query User{09A13277-EFC2-4D71-917E-156BAD809CE1}C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe FirewallRules: [{C0780731-EF4D-493D-AB35-572D51DFC23E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{6EBFA092-1124-4898-88A2-8F96EA1E6AD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{A50080B2-1F7D-46AE-A383-1C5AA8B9EAE6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{B3D9C8A6-5D13-4042-88BC-D54F78F03201}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{1F8B75D6-2B2E-4843-82B6-F0D173055A46}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{FF147201-D322-42E6-ACF9-004A15919B37}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{D327E065-7BC3-4F39-B3A4-048D75121A34}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{2C4F5E73-ECE3-4910-9363-7FC40454A9D9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{C0085767-224A-4251-B7BD-4F5B52AD1491}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [TCP Query User{F86FA541-4A5A-468B-97CC-26359B4F3BB7}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{D882D4D8-6F27-4A7F-8D11-2333EE48B5C0}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe FirewallRules: [{5621FCD2-1135-4819-B38C-34EFFDF61AEB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{2B883A94-3FF6-44A7-B02F-1FA34E8D5DA5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{9A27A58D-9779-4722-842F-0FA90A1049DF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{3F547125-5D05-45AD-8B96-21DDCEB20B70}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{9852E664-FDED-48C0-BA45-148BC04B6F2B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{E483F709-00EE-4C98-B5B9-02BCFF5AB343}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{240A50D3-0B7B-46D5-A3FF-6CFE1C9C6C38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{3A4AF575-540D-453F-8CB3-72623984DA5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{F893F4AE-5417-404F-9563-D4E86F739CD0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{2D0B764F-96BF-4BF8-889B-F61E016DA9A0}] => (Block) LPort=445 FirewallRules: [{7A8BA7DD-861B-45DE-9C84-97A722E8670B}] => (Block) LPort=445 FirewallRules: [{097AD66A-67FA-42B1-B501-49CB813A662D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe ==================== Restore Points ========================= 22-03-2017 10:53:07 Windows Update 21-05-2017 18:50:29 Installed Soda PDF Desktop View Module 15-06-2017 11:04:18 Removed Suporte para Aplicações Apple (64-bits) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/15/2017 12:14:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome da aplicação com falha: mbamtray.exe, versão: 3.0.0.1068, carimbo de data/hora: 0x59125d35 Nome do módulo com falha: Qt5Core.dll, versão: 5.6.2.0, carimbo de data/hora: 0x58ed4d4f Código de exceção: 0xc0000005 Desvio de falha: 0x0018da93 ID do processo com falha: 0x1884 Hora de início da aplicação com falha: 0x01d2e5c88c7af1fd Caminho da aplicação com falha: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Caminho do módulo com falha: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll ID do Relatório: 1d1c87aa-d1de-4c38-a5f4-0eae7a987183 Nome completo do pacote com falha: ID da aplicação relativa ao pacote com falha: Error: (06/15/2017 12:04:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-G171JDO) Description: O pacote windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel foi terminado porque a sua suspensão levou demasiado tempo. Error: (06/15/2017 12:01:33 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: O procedimento Open para o serviço "BITS" na DLL "C:\Windows\System32\bitsperf.dll" falhou. Os dados de desempenho para este serviço não estarão disponíveis. Os primeiros quatro bytes (DWORD) da secção Data contêm o código de erro. Error: (06/15/2017 11:48:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-G171JDO) Description: A ativação da aplicação Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI falhou com o erro: -2144927141. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais. Error: (06/15/2017 11:47:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-G171JDO) Description: A ativação da aplicação Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App falhou com o erro: -2147024865. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais. Error: (06/15/2017 11:47:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-G171JDO) Description: A ativação da aplicação Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App falhou com o erro: -2144927141. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais. Error: (06/15/2017 11:47:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-G171JDO) Description: A ativação da aplicação Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App falhou com o erro: -2144927141. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais. Error: (06/15/2017 11:37:15 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Falha ao gerar o contexto de ativação para "c:\program files\cyberlink\photodirector5\kernel\ces\CES_CacheAgent.exe.Manifest". Não foi possível localizar a Assemblagem Dependente PDR.X,type="win32",version="1.0.0.0". Utilize sxstrace.exe para obter um diagnóstico detalhado. Error: (06/15/2017 11:37:15 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Falha ao gerar o contexto de ativação para "c:\program files\cyberlink\photodirector5\kernel\ces\CES_AudioCacheAgent.exe.Manifest". Não foi possível localizar a Assemblagem Dependente PDR.X,type="win32",version="1.0.0.0". Utilize sxstrace.exe para obter um diagnóstico detalhado. Error: (06/15/2017 11:29:21 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Falha ao gerar o contexto de ativação para "c:\program files\cyberlink\photodirector5\kernel\ces\CES_CacheAgent.exe.Manifest". Não foi possível localizar a Assemblagem Dependente PDR.X,type="win32",version="1.0.0.0". Utilize sxstrace.exe para obter um diagnóstico detalhado. System errors: ============= Error: (06/15/2017 12:48:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes. Error: (06/15/2017 12:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: O serviço Cache de Tipos de Letra do Arquitectura de Apresentação do Windows 3.0.0.0 falhou o arranque devido ao seguinte erro: O serviço não respondeu ao pedido de início ou controlo atempadamente. Error: (06/15/2017 12:48:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço FontCache3.0.0.0. Error: (06/15/2017 12:48:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: O serviço TrueKey falhou o arranque devido ao seguinte erro: O serviço não respondeu ao pedido de início ou controlo atempadamente. Error: (06/15/2017 12:48:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço TrueKey. Error: (06/15/2017 12:48:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: O serviço ClickToRunSvc falhou o arranque devido ao seguinte erro: O serviço não respondeu ao pedido de início ou controlo atempadamente. Error: (06/15/2017 12:48:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço ClickToRunSvc. Error: (06/15/2017 12:48:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: O serviço Razer Game Scanner Service falhou o arranque devido ao seguinte erro: O serviço não respondeu ao pedido de início ou controlo atempadamente. Error: (06/15/2017 12:48:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço Razer Game Scanner Service. Error: (06/15/2017 12:48:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: O serviço TrueKeyScheduler falhou o arranque devido ao seguinte erro: O serviço não respondeu ao pedido de início ou controlo atempadamente. CodeIntegrity: =================================== Date: 2017-03-16 20:38:54.250 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-10 19:22:41.330 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-09 20:03:38.412 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-08 20:09:23.364 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-05 13:42:40.979 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-03 13:25:04.346 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-27 19:47:28.643 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-26 11:30:56.213 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-13 18:00:52.025 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-12 11:45:19.725 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz Percentage of memory in use: 46% Total physical RAM: 3982.29 MB Available physical RAM: 2121.39 MB Total Virtual: 4942.29 MB Available Virtual: 3102.56 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:295.84 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:558.73 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: FE5E06D7) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 16, 2017 Root Admin ID:1136139 Share Posted June 16, 2017 Hello @rstudio What can I help you with? Your topic title is not very descriptive and your body reply has no information aside from a log. Please give us a bit more information in order to allow us to help you. Thank you Ron Link to post Share on other sites More sharing options...
rstudio Posted June 16, 2017 Author ID:1136330 Share Posted June 16, 2017 Sorry Ron you are quite right, i could put more information. It's a lapton, that when i run the malwarebytes premium trial detected virus or malware.I run it 3 times and detected all the times, with less and less identified files. I have run the Farbar Recovery Scan Tool and post the log here. I just want to be sure that the lapton is clean.what do you think ? Thank you RStudio Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 18, 2017 Root Admin ID:1136564 Share Posted June 18, 2017 Thanks @rstudio Please restart the computer first and then run the following steps and post back the logs when ready.STEP 01 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 02 Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your Desktop. Right-click on icon and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now. After reboot, logfile will be opened. Copy its content into your next reply. Note: Reports will be saved in your system partition, usually at C:\Adwcleaner STEP 03 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 04 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron Link to post Share on other sites More sharing options...
rstudio Posted June 18, 2017 Author ID:1136593 Share Posted June 18, 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 10 Home x64 Ran by ASUSPC (Administrator) on 18/06/2017 at 9:02:35,09 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 10 Failed to delete: C:\Program Files (x86)\GUTE91D.tmp (File) Successfully deleted: C:\ProgramData\productdata (Folder) Successfully deleted: C:\Users\ASUSPC\AppData\Local\slimware utilities inc (Folder) Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) Successfully deleted: C:\WINDOWS\system32\drivers\swdumon.sys (File) Successfully deleted: C:\WINDOWS\system32\Tasks\AVG Driver Updater Scan (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\AVG Driver Updater Startup (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (ASUSPC) (Task) Successfully deleted: C:\WINDOWS\Tasks\AVG Driver Updater Scan.job (Task) Successfully deleted: C:\WINDOWS\Tasks\AVG Driver Updater Startup.job (Task) Registry: 3 Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 18/06/2017 at 9:15:07,29 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
rstudio Posted June 18, 2017 Author ID:1136595 Share Posted June 18, 2017 # AdwCleaner v6.047 - Logfile created 18/06/2017 at 09:22:51 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-06-16.2 [Server] # Operating System : Windows 10 Home (X64) # Username : ASUSPC - DESKTOP-G171JDO # Running from : C:\Users\ASUSPC\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** [-] Service deleted: swdumon ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key deleted: HKU\S-1-5-21-140328530-2921895377-1690607904-1001\Software\SlimWare Utilities Inc [#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc [-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc [#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc [-] Key deleted: [x64] HKLM\SOFTWARE\AVG Secure Search [-] Key deleted: [x64] HKLM\SOFTWARE\Reimage [-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd [#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd ***** [ Web browsers ] ***** [-] [C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: chfdnecihphmhljaaejmgoiahnihplgn [-] [C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1722 Bytes] - [18/06/2017 09:22:51] C:\AdwCleaner\AdwCleaner[S0].txt - [2195 Bytes] - [18/06/2017 09:21:58] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1868 Bytes] ########## Link to post Share on other sites More sharing options...
rstudio Posted June 18, 2017 Author ID:1136695 Share Posted June 18, 2017 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 Ran by ASUSPC (18-06-2017 20:06:50) Running from C:\Users\ASUSPC\Desktop Windows 10 Home Version 1607 (X64) (2016-09-25 15:26:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-140328530-2921895377-1690607904-500 - Administrator - Disabled) ASUSPC (S-1-5-21-140328530-2921895377-1690607904-1001 - Administrator - Enabled) => C:\Users\ASUSPC Convidado (S-1-5-21-140328530-2921895377-1690607904-501 - Limited - Disabled) DefaultAccount (S-1-5-21-140328530-2921895377-1690607904-503 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated) ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.5 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0041 - ASUS) AVG Driver Updater (HKLM-x32\...\AVG Driver Updater) (Version: 2.2.2 - AVG Netherlands B.V) AVG Driver Updater (x32 Version: 2.2.2 - AVG Netherlands B.V) Hidden Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.4010.0 - CyberLink Corp.) Hidden Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.) Foxit PhantomPDF (HKLM-x32\...\{39263796-F296-43AF-909C-FCF99592BAC4}) (Version: 7.2.52.1209 - Foxit Software Inc.) Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden Intel Security True Key (HKLM\...\TrueKey) (Version: 4.17.107.1 - Intel Security) Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation) Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 604.10125.2655.573 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Malwarebytes versão 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft Office 365 - pt-pt (HKLM\...\O365HomePremRetail - pt-pt) (Version: 16.0.8067.2115 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-140328530-2921895377-1690607904-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 53.0.3 (x86 pt-PT) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 pt-PT)) (Version: 53.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.3 - Notepad++ Team) NVIDIA Graphics Driver 353.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.84 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden Painel de controlo da NVIDIA 369.09 (Version: 369.09 - NVIDIA Corporation) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.27057 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.) Soda PDF Desktop (HKLM-x32\...\SodaDesktop) (Version: 9.0.38.31816 - LULU Software) Soda PDF Desktop View Module (Version: 9.0.38.31757 - LULU Software) Hidden Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.6.547 - ASUS Cloud Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS) WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.5811 - Kingsoft Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-140328530-2921895377-1690607904-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06273D99-584B-40E7-BDE2-BADB0E4E196E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-19] (ASUSTek Computer Inc.) Task: {0B1FD6B5-C470-4E5D-8E60-4CE4A860F1AF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-03] () Task: {0CF4FE64-40E2-456C-A119-1AB98A893B10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-18] (Adobe Systems Incorporated) Task: {120EA415-3224-41A6-8181-F489CD950136} - System32\Tasks\WpsKtpcntrQingTask_ASUSPC => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\office6\ktpcntr.exe [2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {173E4B62-9DB8-4D9D-A00D-188E983E68D2} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\ASUSPC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {1841CA92-F55B-425D-AC04-CF4CE2F16E9D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-03] () Task: {1E6DC43A-FD1D-41F7-A5B4-03C55D6C191C} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.) Task: {2B444874-4490-46D7-BB76-9E96B7A60636} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.) Task: {36099047-B39F-46F6-8B24-C3F6800D908D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.) Task: {5364E274-2623-4169-8B11-43C9E3CAA815} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation) Task: {68238C86-5A99-45D0-A04A-D311ED332B3C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-03] (Microsoft Corporation) Task: {831EB92A-FB86-4C8D-9584-8B8D9EEDACF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation) Task: {9E58A68B-631A-4CA4-B78F-CCC8E8F9D893} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-08-12] (ASUSTeK Computer Inc.) Task: {A10762D0-A338-4B58-ACEB-A537856BC384} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation) Task: {A2752A2F-25F1-4FE5-8986-15C2B2DDE337} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-08-12] () Task: {AD5984C9-06BA-448B-8021-DD7603CFEE6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation) Task: {B2227AA6-A9F8-4672-8BB8-7A32D5BC0064} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor) Task: {B66D904B-6FEC-442D-9F2C-B06B6FAAE0A9} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-07-29] (Realtek Semiconductor) Task: {B6DE6881-D7F2-4622-9EE1-1B48AF91CE6D} - System32\Tasks\WpsExternal_ASUSPC_20170301150941 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {B87D8DFE-49E5-4229-8B7C-9BD0E904840D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation) Task: {C6405B9B-910C-4F1E-BB02-0CBF05A5A49D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-06-09] (ASUS) Task: {CBF400DD-89A4-41DC-8D75-EFAFC79A98CF} - System32\Tasks\WpsUpdateTask_ASUSPC => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\wtoolex\wpsupdate.exe [2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {CCC9B5CC-6ED5-4064-8487-1F4B3DBF5613} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-08-12] (ASUSTeK Computer Inc.) Task: {D9651FBA-D512-42F8-9267-5089A31AC46B} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.) Task: {E958529E-5421-4A43-8285-792E2B57CD14} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation) Task: {F3F0F122-3152-4339-A788-AA52CE5E525B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\WpsExternal_ASUSPC_20170301150941.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe ~/wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_ASUSPC.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\office6\ktpcntr.exe Ãqing 10.2.0.5811 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads Task: C:\WINDOWS\Tasks\WpsUpdateTask_ASUSPC.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\wtoolex\wpsupdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\ASUSPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicações do Chrome\Apple Shooter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=efnckpgchpgcaidjncjkcdefoklgojjb ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-03-15 11:17 - 2017-03-04 08:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-25 15:42 - 2016-08-01 13:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-06-15 12:14 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-03-08 03:42 - 2017-03-08 03:42 - 00230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll 2016-09-25 16:28 - 2016-09-25 16:28 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-15 22:21 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-15 11:17 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 11:17 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-15 11:17 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-03-15 11:17 - 2017-03-04 07:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-03-15 11:17 - 2017-03-04 07:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-03-02 09:09 - 2017-03-02 09:10 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-03-02 09:09 - 2017-03-02 09:09 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-03-02 09:09 - 2017-03-02 09:10 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2016-06-03 16:52 - 2016-06-03 16:54 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2017-03-02 09:09 - 2017-03-02 09:10 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-03-02 09:09 - 2017-03-02 09:10 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-05-20 16:21 - 2016-05-20 16:33 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2017-03-09 18:53 - 2017-03-09 18:54 - 10650112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2017-03-09 18:53 - 2017-03-09 18:54 - 02653184 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll 2017-03-09 18:53 - 2017-03-09 18:54 - 00761344 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll 2015-06-09 20:25 - 2015-06-09 20:25 - 00035376 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2015-06-09 20:25 - 2015-06-09 20:25 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2016-05-18 11:40 - 2015-10-03 03:24 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 08:24 - 2016-12-24 15:04 - 00000832 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-140328530-2921895377-1690607904-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "Ashampoo Backup PB" HKLM\...\StartupApproved\Run32: => "WebStorage" HKU\S-1-5-21-140328530-2921895377-1690607904-1001\...\StartupApproved\Run: => "BingSvc" HKU\S-1-5-21-140328530-2921895377-1690607904-1001\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{E2D5CF08-62AB-4994-8D02-2FAFAD6F695E}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{0993943A-FA46-4F97-B2F8-D5787D7BAE4C}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe FirewallRules: [{F3079C64-25B3-42A1-AABD-32B7FC0EF47E}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{8EE5FFE8-E44B-4E2C-B13B-49E8B90AB49F}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{0553EBB1-3067-4BB8-9D37-793EDA0A1C3D}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{AD4E7676-6143-4753-BE59-D117EDCB3026}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{7A39BF55-26DC-422E-B0A1-4D3094B31BB5}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{2820720F-BE0C-4988-9BCD-110B4376E7D9}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{E3A01F6E-27C1-4738-A76A-FB39CBF0B5E7}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{4FE97A64-7C01-436F-8FC2-60715F3657CC}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{E79A1125-BF3F-4190-A065-C2189A46A50A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A9D594FF-DAB8-4D38-96EE-8B61A398686D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{9075C242-6629-429B-AEB1-0034E5C88E0E}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [TCP Query User{84540F4F-0774-43D1-A651-2405464276F6}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [UDP Query User{6753567D-F203-4587-B145-95669CB9390D}C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe FirewallRules: [TCP Query User{0DD0FAE9-C1C4-4047-80D2-0B442D6C4C64}C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe FirewallRules: [UDP Query User{CAD3705B-3F4D-4C2E-8BB1-A353E950047A}C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe FirewallRules: [TCP Query User{66375690-99EA-4641-A87C-DB654E1537E5}C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe FirewallRules: [{8514CCBA-CC06-493B-BD38-18EBDB11AB34}] => (Allow) C:\Program Files (x86)\OGPlanet\Tales Runner\trgame.exe FirewallRules: [{EC58AF9F-44BD-453F-BF34-56F67C368F87}] => (Allow) C:\Program Files (x86)\OGPlanet\Tales Runner\trgame.exe FirewallRules: [UDP Query User{DA9166A8-6AB8-4282-B811-7495AEAB1BBB}C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe FirewallRules: [TCP Query User{09A13277-EFC2-4D71-917E-156BAD809CE1}C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe FirewallRules: [{C0780731-EF4D-493D-AB35-572D51DFC23E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{6EBFA092-1124-4898-88A2-8F96EA1E6AD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{A50080B2-1F7D-46AE-A383-1C5AA8B9EAE6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{B3D9C8A6-5D13-4042-88BC-D54F78F03201}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{1F8B75D6-2B2E-4843-82B6-F0D173055A46}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{FF147201-D322-42E6-ACF9-004A15919B37}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{D327E065-7BC3-4F39-B3A4-048D75121A34}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{2C4F5E73-ECE3-4910-9363-7FC40454A9D9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{C0085767-224A-4251-B7BD-4F5B52AD1491}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [TCP Query User{F86FA541-4A5A-468B-97CC-26359B4F3BB7}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{D882D4D8-6F27-4A7F-8D11-2333EE48B5C0}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe FirewallRules: [{5621FCD2-1135-4819-B38C-34EFFDF61AEB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{2B883A94-3FF6-44A7-B02F-1FA34E8D5DA5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{9A27A58D-9779-4722-842F-0FA90A1049DF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{3F547125-5D05-45AD-8B96-21DDCEB20B70}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{9852E664-FDED-48C0-BA45-148BC04B6F2B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{E483F709-00EE-4C98-B5B9-02BCFF5AB343}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{240A50D3-0B7B-46D5-A3FF-6CFE1C9C6C38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{3A4AF575-540D-453F-8CB3-72623984DA5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{2D0B764F-96BF-4BF8-889B-F61E016DA9A0}] => (Block) LPort=445 FirewallRules: [{7A8BA7DD-861B-45DE-9C84-97A722E8670B}] => (Block) LPort=445 FirewallRules: [{097AD66A-67FA-42B1-B501-49CB813A662D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{12FBDC12-C021-4BF7-909C-98DB7FD45E2E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 15-06-2017 11:04:18 Removed Suporte para Aplicações Apple (64-bits) 18-06-2017 09:29:01 Installed Sophos Virus Removal Tool. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/18/2017 09:29:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objeto Escritor de Sistema. Details: AddLegacyDriverFiles: Unable to back up image of binary LLDP (Link-Layer Discovery Protocol) da Microsoft. System Error: Acesso negado. . Error: (06/18/2017 09:10:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (06/18/2017 09:06:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome da aplicação com falha: UpdateChecker.exe, versão: 0.0.0.0, carimbo de data/hora: 0x559e27a7 Nome do módulo com falha: ntdll.dll, versão: 10.0.14393.479, carimbo de data/hora: 0x58256ca0 Código de exceção: 0xc0000005 Desvio de falha: 0x0005f185 ID do processo com falha: 0x1e6c Hora de início da aplicação com falha: 0x01d2e808b758136d Caminho da aplicação com falha: C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\ntdll.dll ID do Relatório: 7b583967-6d5d-48a6-a6db-d0b6d081e289 Nome completo do pacote com falha: ID da aplicação relativa ao pacote com falha: Error: (06/18/2017 09:06:18 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópia sombra de volumes: Erro inesperado ao chamar a rotina QueryFullProcessImageNameW. hr = 0x80070006, O identificador é inválido. . Operação: A Executar Operação Assíncrona Contexto: Estado Atual: DoSnapshotSet Error: (06/18/2017 09:03:19 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objeto Escritor de Sistema. Details: AddLegacyDriverFiles: Unable to back up image of binary LLDP (Link-Layer Discovery Protocol) da Microsoft. System Error: Acesso negado. . Error: (06/16/2017 11:21:25 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (06/15/2017 12:14:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome da aplicação com falha: mbamtray.exe, versão: 3.0.0.1068, carimbo de data/hora: 0x59125d35 Nome do módulo com falha: Qt5Core.dll, versão: 5.6.2.0, carimbo de data/hora: 0x58ed4d4f Código de exceção: 0xc0000005 Desvio de falha: 0x0018da93 ID do processo com falha: 0x1884 Hora de início da aplicação com falha: 0x01d2e5c88c7af1fd Caminho da aplicação com falha: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Caminho do módulo com falha: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll ID do Relatório: 1d1c87aa-d1de-4c38-a5f4-0eae7a987183 Nome completo do pacote com falha: ID da aplicação relativa ao pacote com falha: Error: (06/15/2017 12:04:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-G171JDO) Description: O pacote windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel foi terminado porque a sua suspensão levou demasiado tempo. Error: (06/15/2017 12:01:33 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: O procedimento Open para o serviço "BITS" na DLL "C:\Windows\System32\bitsperf.dll" falhou. Os dados de desempenho para este serviço não estarão disponíveis. Os primeiros quatro bytes (DWORD) da secção Data contêm o código de erro. Error: (06/15/2017 11:48:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-G171JDO) Description: A ativação da aplicação Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI falhou com o erro: -2144927141. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais. System errors: ============= Error: (06/18/2017 11:29:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80070643: Ferramenta de Remoção de Software Malicioso para Windows 8, 8.1, 10 e Windows Server 2012, Edição 2012 R2, 2016 x64 - Jun. 2017 (KB890830). Error: (06/18/2017 09:24:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} e APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} ao SID (S-1-5-19) de utilizador NT AUTHORITY\SERVIÇO LOCAL a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes. Error: (06/18/2017 09:24:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} e APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} ao SID (S-1-5-19) de utilizador NT AUTHORITY\SERVIÇO LOCAL a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes. Error: (06/18/2017 09:24:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes. Error: (06/18/2017 09:24:06 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY) Description: A DLL de notificação de palavra-passe "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" não foi carregada com o erro 126. Verifique se o caminho da DLL de notificação definido no registo, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, se refere a um caminho correto e absoluto (<unidade>:\<caminho>\<nomeficheiro>.<ext>), e não a um caminho relativo ou inválido. Se o caminho da DLL estiver correto, confirme se os ficheiros de suporte estão localizados no mesmo diretório e se a conta de sistema tem acesso de leitura para o caminho da DLL e para quaisquer ficheiros de suporte. Contacte o fornecedor da DLL de notificação para obter suporte adicional. Estão disponíveis na Web mais detalhes, em http://go.microsoft.com/fwlink/?LinkId=245898. Error: (06/18/2017 09:22:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes. Error: (06/18/2017 09:22:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Instalador de Módulos do Windows terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 120000 milissegundos: Reiniciar o serviço. Error: (06/18/2017 09:22:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Cache de Tipos de Letra do Arquitectura de Apresentação do Windows 3.0.0.0 terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 0 milissegundos: Reiniciar o serviço. Error: (06/18/2017 09:22:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Windows Search terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 30000 milissegundos: Reiniciar o serviço. Error: (06/18/2017 09:22:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Intel Security True Key terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço. CodeIntegrity: =================================== Date: 2017-06-18 11:26:41.317 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-15 14:14:25.014 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-16 20:38:54.250 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-10 19:22:41.330 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-09 20:03:38.412 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-08 20:09:23.364 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-05 13:42:40.979 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-03 13:25:04.346 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-27 19:47:28.643 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-26 11:30:56.213 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz Percentage of memory in use: 56% Total physical RAM: 3982.29 MB Available physical RAM: 1745.59 MB Total Virtual: 4942.29 MB Available Virtual: 2320.09 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:305.7 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:558.73 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: FE5E06D7) Partition: GPT. ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 Ran by ASUSPC (administrator) on DESKTOP-G171JDO (18-06-2017 20:04:19) Running from C:\Users\ASUSPC\Desktop Loaded Profiles: ASUSPC (Available Profiles: ASUSPC) Platform: Windows 10 Home Version 1607 (X64) Language: Português (Portugal) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\WinStore.App.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-03] (NVIDIA Corporation) HKLM\...\Run: [Ashampoo Backup PB] => "C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupClient-abpb.exe" --hidden HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-25] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] () HKU\S-1-5-21-140328530-2921895377-1690607904-1001\...\Run: [BingSvc] => C:\Users\ASUSPC\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation) Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.3.1 Tcpip\..\Interfaces\{10d9e777-2b95-4667-9429-2aa966ca95a4}: [DhcpNameServer] 192.168.3.1 Tcpip\..\Interfaces\{a7506989-8a3e-4230-9e91-a4e009183f94}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-140328530-2921895377-1690607904-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE HKU\S-1-5-21-140328530-2921895377-1690607904-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE SearchScopes: HKU\S-1-5-21-140328530-2921895377-1690607904-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-05-17] (Intel Security) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-05-17] (Intel Security) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-03] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-03] (Microsoft Corporation) Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-05-17] (Intel Security) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-05-17] (Intel Security) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: 0sxrt9u6.default FF ProfilePath: C:\Users\ASUSPC\AppData\Roaming\Mozilla\Firefox\Profiles\0sxrt9u6.default [2017-06-18] FF Homepage: Mozilla\Firefox\Profiles\0sxrt9u6.default -> www.sapo.pt FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-18] () FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-03] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-18] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-06-03] (Microsoft Corporation) FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-18] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default [2017-06-15] CHR Extension: (Apresentações Google) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-20] CHR Extension: (Google Docs) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-20] CHR Extension: (Google Drive) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-20] CHR Extension: (YouTube) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20] CHR Extension: (Color Switch) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlknokhglhpflfcgodinmdmbfoheecdo [2016-06-15] CHR Extension: (Apple Shooter) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\efnckpgchpgcaidjncjkcdefoklgojjb [2016-06-15] CHR Extension: (Google Folhas de Cálculo) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-20] CHR Extension: (Documentos do Google offline) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-20] CHR Extension: (Background Changer) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbpabmjecillbmlhmkbibekmbnidhopk [2016-08-01] CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13] CHR Extension: (Flappy Futebol) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjcfahmlognckbgfkmopablbpoonjenm [2016-06-15] CHR Extension: (Gmail) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-20] CHR Extension: (Chrome Media Router) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-03] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Windows (R) Win 7 DDK provider) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887232 2013-12-24] (Intel(R) Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S3 Soda PDF Desktop; C:\Program Files\Soda PDF Desktop\ws.exe [2581864 2017-01-25] (LULU Software) S3 Soda PDF Desktop CrashHandler; C:\Program Files\Soda PDF Desktop\crash-handler-ws.exe [931176 2017-01-25] (LULU Software) R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [998296 2017-05-10] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16160 2017-05-10] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86776 2017-05-10] (McAfee, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation) S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [173824 2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd) S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4317808 2015-07-14] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [98792 2017-03-08] (ASUS Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] () R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-03-08] (REALiX(tm)) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-15] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-18] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-18] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-18] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-18] (Malwarebytes) R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [32736 2017-03-08] (Intel(R) Corporation) R1 MpKslb7353c69; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8CACB89-B04E-40DA-9DF9-3D43358272DA}\MpKslb7353c69.sys [44928 2017-06-18] (Microsoft Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-03-08] (Realtek ) S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc) S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc) S3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [41824 2016-11-03] (SteelSeries ApS) S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [51400 2016-05-27] (SteelSeries ApS) R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2017-03-08] (Intel Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-18 09:32 - 2017-06-18 09:32 - 00000000 ____D C:\ProgramData\Sophos 2017-06-18 09:30 - 2017-06-18 09:30 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2017-06-18 09:30 - 2017-06-18 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2017-06-18 09:30 - 2017-06-18 09:30 - 00000000 ____D C:\Program Files (x86)\Sophos 2017-06-18 09:17 - 2017-06-18 09:22 - 00000000 ____D C:\AdwCleaner 2017-06-18 09:15 - 2017-06-18 09:15 - 00001665 _____ C:\Users\ASUSPC\Desktop\JRT.txt 2017-06-18 08:57 - 2017-06-18 09:28 - 169668288 _____ (Sophos Limited) C:\Users\ASUSPC\Desktop\Sophos Virus Removal Tool.exe 2017-06-18 08:56 - 2017-06-18 09:17 - 04110280 _____ C:\Users\ASUSPC\Desktop\AdwCleaner.exe 2017-06-18 08:56 - 2017-06-18 09:02 - 01663672 _____ (Malwarebytes) C:\Users\ASUSPC\Desktop\JRT.exe 2017-06-15 12:54 - 2017-06-15 12:56 - 00038840 _____ C:\Users\ASUSPC\Desktop\Addition.txt 2017-06-15 12:51 - 2017-06-18 20:05 - 00017949 _____ C:\Users\ASUSPC\Desktop\FRST.txt 2017-06-15 12:50 - 2017-06-18 20:04 - 00000000 ____D C:\FRST 2017-06-15 12:14 - 2017-06-18 09:38 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-06-15 12:14 - 2017-06-18 09:24 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-06-15 12:14 - 2017-06-18 09:24 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-06-15 12:14 - 2017-06-18 09:24 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-06-15 12:14 - 2017-06-15 12:15 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-06-15 12:14 - 2017-06-15 12:14 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-06-15 12:14 - 2017-06-15 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-06-15 12:14 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-06-15 12:13 - 2017-06-15 12:50 - 02438656 _____ (Farbar) C:\Users\ASUSPC\Desktop\FRST64.exe 2017-06-15 12:13 - 2017-06-15 12:13 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-06-15 12:13 - 2017-06-15 12:13 - 00000000 ____D C:\Program Files\Malwarebytes 2017-06-15 12:11 - 2017-06-15 12:11 - 64232976 _____ (Malwarebytes ) C:\Users\ASUSPC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092(1).exe 2017-06-15 12:10 - 2017-06-15 12:11 - 64232976 _____ (Malwarebytes ) C:\Users\ASUSPC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe 2017-06-10 15:42 - 2017-06-10 15:42 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2017-06-03 21:35 - 2017-06-03 21:35 - 00002053 _____ C:\Users\ASUSPC\Documents\Bem-vindo ao Registo de Produto ASUS (2).lnk 2017-06-03 15:17 - 2017-06-03 15:20 - 00000000 ____D C:\Users\ASUSPC\Desktop\Imagens e Videos 2017-06-03 15:04 - 2017-06-15 11:59 - 00000000 ____D C:\Users\ASUSPC\AppData\Local\Ashampoo Backup PB 2017-05-21 19:03 - 2017-06-15 11:50 - 00000000 ____D C:\ProgramData\AVAST Software 2017-05-21 19:00 - 2017-05-21 19:00 - 00000000 ____D C:\ProgramData\Ashampoo Backup PB 2017-05-21 18:54 - 2017-05-21 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2017-05-21 18:53 - 2017-05-21 18:55 - 00000000 ____D C:\Program Files\Notepad++ 2017-05-21 18:53 - 2017-05-21 18:54 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Notepad++ 2017-05-21 18:51 - 2017-05-21 18:51 - 00000000 ____D C:\Users\ASUSPC\Documents\Soda PDF Files 2017-05-21 18:51 - 2017-05-21 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop 2017-05-21 18:51 - 2017-05-21 18:51 - 00000000 ____D C:\Program Files\Soda PDF Desktop 2017-05-21 18:44 - 2017-05-21 18:44 - 00000000 ____D C:\ProgramData\Soda PDF Desktop ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-18 20:02 - 2016-09-25 15:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-06-18 12:09 - 2016-09-25 16:21 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1 2017-06-18 12:09 - 2016-09-25 16:21 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2 2017-06-18 11:29 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-06-18 11:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-06-18 09:26 - 2016-11-19 12:32 - 00000000 ____D C:\Users\ASUSPC\AppData\LocalLow\Mozilla 2017-06-18 09:26 - 2016-05-18 14:04 - 00000165 _____ C:\Users\ASUSPC\AppData\Roaming\sp_data.sys 2017-06-18 09:24 - 2016-09-25 16:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-06-18 09:24 - 2016-05-18 14:03 - 00000000 __SHD C:\Users\ASUSPC\IntelGraphicsProfiles 2017-06-18 09:23 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-06-18 09:19 - 2016-05-20 16:04 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-06-18 09:19 - 2016-05-20 16:04 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-06-18 09:11 - 2016-09-25 16:21 - 00003526 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-06-18 09:11 - 2016-09-25 16:21 - 00003402 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-06-18 09:06 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-18 09:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-06-18 08:57 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-06-18 08:57 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-06-15 13:00 - 2016-12-24 15:45 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-06-15 12:59 - 2016-08-02 20:02 - 00000000 ____D C:\Users\ASUSPC\AppData\Local\Razer 2017-06-15 12:59 - 2016-08-02 19:52 - 00000000 ____D C:\ProgramData\Razer 2017-06-15 12:59 - 2016-08-02 19:52 - 00000000 ____D C:\Program Files (x86)\Razer 2017-06-15 12:59 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-06-15 12:04 - 2016-11-17 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-06-15 12:02 - 2016-05-18 12:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12 2017-06-15 11:59 - 2016-09-25 16:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS 2017-06-15 11:59 - 2016-05-21 13:10 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-06-15 11:59 - 2016-03-28 12:15 - 00000000 ____D C:\Program Files (x86)\ASUS 2017-06-15 11:56 - 2016-05-18 14:03 - 00000000 ____D C:\Users\ASUSPC\AppData\Local\Packages 2017-06-15 11:55 - 2016-05-21 13:10 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-06-15 11:50 - 2016-08-14 22:19 - 00000000 ____D C:\Program Files\TrueKey 2017-06-15 11:50 - 2016-08-13 12:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-06-15 11:50 - 2016-05-22 11:56 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\AVAST Software 2017-06-15 11:50 - 2016-05-18 12:00 - 00000000 ____D C:\Program Files\Common Files\AV 2017-06-15 11:45 - 2016-05-20 17:37 - 00000000 ____D C:\Program Files (x86)\AVG 2017-06-15 11:45 - 2016-05-20 17:33 - 00000000 ____D C:\ProgramData\Avg 2017-06-15 11:43 - 2016-05-20 17:32 - 00000000 ____D C:\Users\ASUSPC\AppData\Local\AvgSetupLog 2017-06-15 11:39 - 2016-05-18 12:08 - 00000000 ____D C:\Program Files\CyberLink 2017-06-15 11:39 - 2016-05-18 11:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-06-15 11:38 - 2016-05-18 12:07 - 00000000 ____D C:\ProgramData\CyberLink 2017-06-15 11:27 - 2016-12-14 20:44 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Apple Computer 2017-06-15 11:25 - 2016-05-18 11:47 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros 2017-06-15 11:21 - 2017-04-03 08:08 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-06-15 11:21 - 2016-05-20 16:29 - 00000000 ____D C:\ProgramData\Skype 2017-06-15 11:11 - 2017-03-16 10:03 - 00000000 ____D C:\ProgramData\SteelSeries 2017-06-15 11:11 - 2017-03-16 10:03 - 00000000 ____D C:\Program Files\SteelSeries 2017-06-15 11:10 - 2016-12-14 20:34 - 00000000 ____D C:\ProgramData\Apple 2017-06-15 11:03 - 2016-05-20 16:21 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-06-15 10:59 - 2016-05-20 16:29 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Skype 2017-06-11 00:44 - 2016-09-25 15:48 - 00000000 ____D C:\Users\ASUSPC 2017-06-10 15:43 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-06-10 15:42 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2017-06-10 15:40 - 2016-05-18 12:13 - 00000000 ____D C:\Program Files\Microsoft Office 2017-06-03 20:46 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-06-03 15:07 - 2017-03-08 21:45 - 00000000 ____D C:\ProgramData\IObit 2017-06-03 15:03 - 2016-08-14 22:46 - 00001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk 2017-06-03 07:36 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-06-03 07:36 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-05-21 21:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache 2017-05-21 20:49 - 2016-07-17 00:08 - 00503104 _____ C:\WINDOWS\system32\prfh0816.dat 2017-05-21 20:49 - 2016-07-17 00:08 - 00157500 _____ C:\WINDOWS\system32\prfc0816.dat 2017-05-21 20:49 - 2016-03-28 11:59 - 01744202 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-05-21 19:43 - 2016-11-21 19:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc 2017-05-21 18:32 - 2016-05-18 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016 2017-05-21 18:21 - 2016-05-18 12:00 - 00000000 ____D C:\ProgramData\McAfee ==================== Files in the root of some directories ======= 2016-05-18 14:04 - 2017-06-18 09:26 - 0000165 _____ () C:\Users\ASUSPC\AppData\Roaming\sp_data.sys 2016-09-25 15:43 - 2016-09-25 15:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== 2016-10-28 23:50 - 2016-10-28 23:50 - 50563233 _____ (Popcorn Time ) C:\Users\ASUSPC\AppData\Local\Temp\setup_7F1E.exe 2016-11-04 09:26 - 2016-11-04 09:27 - 43768960 _____ (Skype Technologies S.A.) C:\Users\ASUSPC\AppData\Local\Temp\SkypeSetup.exe 2017-04-03 08:07 - 2017-04-03 08:07 - 14456872 _____ (Microsoft Corporation) C:\Users\ASUSPC\AppData\Local\Temp\vc_redist.x86.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-18 11:25 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
rstudio Posted June 18, 2017 Author ID:1136697 Share Posted June 18, 2017 When i run Sophos Removal tool nothong was found. Thank you Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 19, 2017 Root Admin ID:1136757 Share Posted June 19, 2017 Please open Malwarebytes and check for updates. Then do a Threat Scan and post back that log and let me know if you're still having any issues. Thanks Ron Link to post Share on other sites More sharing options...
rstudio Posted June 19, 2017 Author ID:1136900 Share Posted June 19, 2017 Malwarebytes show no more bad files. I think it's all ok. Thank you for all Ron !! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 19, 2017 Root Admin ID:1136907 Share Posted June 19, 2017 You're quite welcome @rstudio At this time there are no more signs of an infection on your system.However if you are still seeing any signs of an infection please let me know. Let's go ahead and remove the tools and logs we've used during this process. Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time. They are often updated daily so if you went to use them again in the future they would be outdated anyways. The following procedures will implement some cleanup procedures to remove these tools. Download Delfix from here and save it to your desktop. (you may already have this) Ensure Remove disinfection tools is checked. Click the Run button. Reboot Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete) IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall. If there are any other left over Folders, Files, Logs then you can delete them on your own. Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.How to Delete System Protection Restore Points in Windows 7 and Windows 8 Remove all but the most recent Restore Point on Windows XP As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsersHow do I disable Java in my web browser? - Disable Java A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data. Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor. How Malware Spreads - How did I get infected Best Practices for Safe Computing - Prevention of Malware Infection Avoiding those unwanted free applications A close look at how Oracle installs deceptive software with Java updates IAC / Ask.com toolbars Malwarebytes Unpacked Blog If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection. Link to post Share on other sites More sharing options...
rstudio Posted June 20, 2017 Author ID:1137156 Share Posted June 20, 2017 Once again Thank you for all your help Ron! I'm glad i could be help by this forum! Thank you all Rstudio Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 20, 2017 Root Admin ID:1137161 Share Posted June 20, 2017 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts