Jump to content

Laptop clean


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017
Ran by ASUSPC (administrator) on DESKTOP-G171JDO (15-06-2017 12:51:32)
Running from C:\Users\ASUSPC\Desktop
Loaded Profiles: ASUSPC (Available Profiles: ASUSPC)
Platform: Windows 10 Home Version 1607 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(AVG Netherlands B.V) C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(© 2015 Microsoft Corporation) C:\Users\ASUSPC\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\WLMerger.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-03] (NVIDIA Corporation)
HKLM\...\Run: [Ashampoo Backup PB] => "C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupClient-abpb.exe" --hidden
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-25] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-11-04] (Razer Inc.)
HKU\S-1-5-21-140328530-2921895377-1690607904-1001\...\Run: [BingSvc] => C:\Users\ASUSPC\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{10d9e777-2b95-4667-9429-2aa966ca95a4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a7506989-8a3e-4230-9e91-a4e009183f94}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-140328530-2921895377-1690607904-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-140328530-2921895377-1690607904-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-140328530-2921895377-1690607904-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4747186A-0804-438F-A4A2-B361EE48ABED}&mid=d3aae30710bb47cc8f52f98b9b2c7861-c8b3fd720ac11d60e77549f0837cb50c03c1c6c3&lang=pt&ds=AVG&coid=avgtbavg&cmpid=0616tb&pr=fr&d=2016-05-22 12:01:47&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-140328530-2921895377-1690607904-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-140328530-2921895377-1690607904-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4747186A-0804-438F-A4A2-B361EE48ABED}&mid=d3aae30710bb47cc8f52f98b9b2c7861-c8b3fd720ac11d60e77549f0837cb50c03c1c6c3&lang=pt&ds=AVG&coid=avgtbavg&cmpid=0616tb&pr=fr&d=2016-05-22 12:01:47&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-05-17] (Intel Security)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-05-17] (Intel Security)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-03] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-03] (Microsoft Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-05-17] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-05-17] (Intel Security)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0sxrt9u6.default
FF ProfilePath: C:\Users\ASUSPC\AppData\Roaming\Mozilla\Firefox\Profiles\0sxrt9u6.default [2017-06-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-21] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-03] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-21] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-06-03] (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-pt
CHR Profile: C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default [2017-06-15]
CHR Extension: (Apresentações Google) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-20]
CHR Extension: (Google Docs) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-20]
CHR Extension: (Google Drive) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-20]
CHR Extension: (YouTube) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (Color Switch) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlknokhglhpflfcgodinmdmbfoheecdo [2016-06-15]
CHR Extension: (Apple Shooter) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\efnckpgchpgcaidjncjkcdefoklgojjb [2016-06-15]
CHR Extension: (Google Folhas de Cálculo) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-20]
CHR Extension: (Documentos do Google offline) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-20]
CHR Extension: (Background Changer) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbpabmjecillbmlhmkbibekmbnidhopk [2016-08-01]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Flappy Futebol) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjcfahmlognckbgfkmopablbpoonjenm [2016-06-15]
CHR Extension: (Gmail) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-20]
CHR Extension: (Chrome Media Router) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-03]
CHR HKU\S-1-5-21-140328530-2921895377-1690607904-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Windows (R) Win 7 DDK provider)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887232 2013-12-24] (Intel(R) Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
S3 Soda PDF Desktop; C:\Program Files\Soda PDF Desktop\ws.exe [2581864 2017-01-25] (LULU Software)
S3 Soda PDF Desktop CrashHandler; C:\Program Files\Soda PDF Desktop\crash-handler-ws.exe [931176 2017-01-25] (LULU Software)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [998296 2017-05-10] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16160 2017-05-10] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86776 2017-05-10] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [173824 2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd)
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4317808 2015-07-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [98792 2017-03-08] (ASUS Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] ()
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-03-08] (REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-15] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-15] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-15] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-15] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-15] (Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [32736 2017-03-08] (Intel(R) Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-03-08] (Realtek                                            )
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [41824 2016-11-03] (SteelSeries ApS)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [51400 2016-05-27] (SteelSeries ApS)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2017-06-15] (SlimWare Utilities, Inc.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2017-03-08] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-15 12:51 - 2017-06-15 12:53 - 00018688 _____ C:\Users\ASUSPC\Desktop\FRST.txt
2017-06-15 12:50 - 2017-06-15 12:51 - 00000000 ____D C:\FRST
2017-06-15 12:14 - 2017-06-15 12:48 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-15 12:14 - 2017-06-15 12:48 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-15 12:14 - 2017-06-15 12:48 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-15 12:14 - 2017-06-15 12:48 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-15 12:14 - 2017-06-15 12:15 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-15 12:14 - 2017-06-15 12:14 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-15 12:14 - 2017-06-15 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-15 12:14 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-15 12:13 - 2017-06-15 12:50 - 02438656 _____ (Farbar) C:\Users\ASUSPC\Desktop\FRST64.exe
2017-06-15 12:13 - 2017-06-15 12:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-15 12:13 - 2017-06-15 12:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-15 12:11 - 2017-06-15 12:11 - 64232976 _____ (Malwarebytes ) C:\Users\ASUSPC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092(1).exe
2017-06-15 12:10 - 2017-06-15 12:11 - 64232976 _____ (Malwarebytes ) C:\Users\ASUSPC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-10 15:42 - 2017-06-10 15:42 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-06-03 21:35 - 2017-06-03 21:35 - 00002053 _____ C:\Users\ASUSPC\Documents\Bem-vindo ao Registo de Produto ASUS (2).lnk
2017-06-03 15:17 - 2017-06-03 15:20 - 00000000 ____D C:\Users\ASUSPC\Desktop\Imagens e Videos
2017-06-03 15:04 - 2017-06-15 11:59 - 00000000 ____D C:\Users\ASUSPC\AppData\Local\Ashampoo Backup PB
2017-05-21 19:03 - 2017-06-15 11:50 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-21 19:00 - 2017-05-21 19:00 - 00000000 ____D C:\ProgramData\Ashampoo Backup PB
2017-05-21 18:54 - 2017-05-21 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-05-21 18:53 - 2017-05-21 18:55 - 00000000 ____D C:\Program Files\Notepad++
2017-05-21 18:53 - 2017-05-21 18:54 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Notepad++
2017-05-21 18:51 - 2017-05-21 18:51 - 00000819 _____ C:\Users\Public\Desktop\Soda PDF Desktop.lnk
2017-05-21 18:51 - 2017-05-21 18:51 - 00000000 ____D C:\Users\ASUSPC\Documents\Soda PDF Files
2017-05-21 18:51 - 2017-05-21 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop
2017-05-21 18:51 - 2017-05-21 18:51 - 00000000 ____D C:\Program Files\Soda PDF Desktop
2017-05-21 18:44 - 2017-05-21 18:44 - 00000000 ____D C:\ProgramData\Soda PDF Desktop

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-15 12:51 - 2016-05-18 14:04 - 00000165 _____ C:\Users\ASUSPC\AppData\Roaming\sp_data.sys
2017-06-15 12:50 - 2016-06-30 18:02 - 00000500 _____ C:\WINDOWS\Tasks\AVG Driver Updater Startup.job
2017-06-15 12:49 - 2016-06-30 18:02 - 00025608 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2017-06-15 12:48 - 2016-05-18 14:03 - 00000000 __SHD C:\Users\ASUSPC\IntelGraphicsProfiles
2017-06-15 12:47 - 2016-09-25 16:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-15 12:46 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-15 12:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-15 12:08 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-15 12:06 - 2016-11-19 12:32 - 00000000 ____D C:\Users\ASUSPC\AppData\LocalLow\Mozilla
2017-06-15 12:04 - 2016-11-17 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-15 12:04 - 2016-09-25 16:21 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-06-15 12:04 - 2016-09-25 16:21 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-06-15 12:02 - 2016-05-18 12:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12
2017-06-15 11:59 - 2016-09-25 16:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-06-15 11:59 - 2016-05-21 13:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-15 11:59 - 2016-03-28 12:15 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-06-15 11:57 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-15 11:57 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-15 11:56 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-15 11:56 - 2016-05-18 14:03 - 00000000 ____D C:\Users\ASUSPC\AppData\Local\Packages
2017-06-15 11:55 - 2016-05-21 13:10 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-15 11:50 - 2016-08-14 22:19 - 00000000 ____D C:\Program Files\TrueKey
2017-06-15 11:50 - 2016-08-13 12:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-15 11:50 - 2016-05-22 11:56 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\AVAST Software
2017-06-15 11:50 - 2016-05-18 12:00 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-15 11:45 - 2016-05-20 17:37 - 00000000 ____D C:\Program Files (x86)\AVG
2017-06-15 11:45 - 2016-05-20 17:33 - 00000000 ____D C:\ProgramData\Avg
2017-06-15 11:43 - 2016-05-20 17:32 - 00000000 ____D C:\Users\ASUSPC\AppData\Local\AvgSetupLog
2017-06-15 11:39 - 2016-05-18 12:08 - 00000000 ____D C:\Program Files\CyberLink
2017-06-15 11:39 - 2016-05-18 11:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-15 11:38 - 2016-05-18 12:07 - 00000000 ____D C:\ProgramData\CyberLink
2017-06-15 11:34 - 2017-03-08 21:45 - 00000000 ____D C:\ProgramData\ProductData
2017-06-15 11:27 - 2016-12-14 20:44 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Apple Computer
2017-06-15 11:25 - 2016-05-18 11:47 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2017-06-15 11:21 - 2017-04-03 08:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-15 11:21 - 2016-05-20 16:29 - 00000000 ____D C:\ProgramData\Skype
2017-06-15 11:11 - 2017-03-16 10:03 - 00000000 ____D C:\ProgramData\SteelSeries
2017-06-15 11:11 - 2017-03-16 10:03 - 00000000 ____D C:\Program Files\SteelSeries
2017-06-15 11:10 - 2016-12-14 20:34 - 00000000 ____D C:\ProgramData\Apple
2017-06-15 11:03 - 2016-05-20 16:21 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-15 11:00 - 2017-03-08 21:45 - 00003042 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (ASUSPC)
2017-06-15 10:59 - 2016-05-20 16:29 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Skype
2017-06-11 00:44 - 2016-09-25 15:48 - 00000000 ____D C:\Users\ASUSPC
2017-06-11 00:30 - 2016-09-25 15:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-10 15:43 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-10 15:42 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-10 15:40 - 2016-05-18 12:13 - 00000000 ____D C:\Program Files\Microsoft Office
2017-06-03 20:46 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-03 15:07 - 2017-03-08 21:45 - 00000000 ____D C:\ProgramData\IObit
2017-06-03 15:03 - 2016-08-14 22:46 - 00001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-06-03 15:03 - 2016-08-14 22:46 - 00001230 _____ C:\Users\Public\Desktop\True Key.lnk
2017-05-21 21:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-05-21 20:49 - 2016-07-17 00:08 - 00503104 _____ C:\WINDOWS\system32\prfh0816.dat
2017-05-21 20:49 - 2016-07-17 00:08 - 00157500 _____ C:\WINDOWS\system32\prfc0816.dat
2017-05-21 20:49 - 2016-03-28 11:59 - 01744202 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-21 19:43 - 2016-11-21 19:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc
2017-05-21 19:29 - 2016-05-20 16:04 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-21 19:29 - 2016-05-20 16:04 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-21 18:32 - 2016-05-18 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016
2017-05-21 18:21 - 2016-05-18 12:00 - 00000000 ____D C:\ProgramData\McAfee
2017-05-21 18:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2016-05-18 14:04 - 2017-06-15 12:51 - 0000165 _____ () C:\Users\ASUSPC\AppData\Roaming\sp_data.sys
2016-09-25 15:43 - 2016-09-25 15:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2016-10-28 23:50 - 2016-10-28 23:50 - 50563233 _____ (Popcorn Time                                                ) C:\Users\ASUSPC\AppData\Local\Temp\setup_7F1E.exe
2016-11-04 09:26 - 2016-11-04 09:27 - 43768960 _____ (Skype Technologies S.A.) C:\Users\ASUSPC\AppData\Local\Temp\SkypeSetup.exe
2017-04-03 08:07 - 2017-04-03 08:07 - 14456872 _____ (Microsoft Corporation) C:\Users\ASUSPC\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-21 19:38

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017
Ran by ASUSPC (15-06-2017 12:54:40)
Running from C:\Users\ASUSPC\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-25 15:26:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-140328530-2921895377-1690607904-500 - Administrator - Disabled)
ASUSPC (S-1-5-21-140328530-2921895377-1690607904-1001 - Administrator - Enabled) => C:\Users\ASUSPC
Convidado (S-1-5-21-140328530-2921895377-1690607904-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-140328530-2921895377-1690607904-503 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0041 - ASUS)
AVG Driver Updater (HKLM-x32\...\AVG Driver Updater) (Version: 2.2.2 - AVG Netherlands B.V)
AVG Driver Updater (x32 Version: 2.2.2 - AVG Netherlands B.V) Hidden
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
Foxit PhantomPDF (HKLM-x32\...\{39263796-F296-43AF-909C-FCF99592BAC4}) (Version: 7.2.52.1209 - Foxit Software Inc.)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.17.107.1 - Intel Security)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 604.10125.2655.573 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Malwarebytes versão 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 365 - pt-pt (HKLM\...\O365HomePremRetail - pt-pt) (Version: 16.0.8067.2115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-140328530-2921895377-1690607904-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 pt-PT) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 pt-PT)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA Graphics Driver 353.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.84 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Painel de controlo da NVIDIA 369.09 (Version: 369.09 - NVIDIA Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1104 - Nome de sua empresa:)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.27057 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Soda PDF Desktop (HKLM-x32\...\SodaDesktop) (Version: 9.0.38.31816 - LULU Software)
Soda PDF Desktop View Module (Version: 9.0.38.31757 - LULU Software) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.6.547 - ASUS Cloud Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.5811 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-140328530-2921895377-1690607904-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06273D99-584B-40E7-BDE2-BADB0E4E196E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-19] (ASUSTek Computer Inc.)
Task: {08036EB1-0CC9-452C-A7E5-806C4FD1306B} - System32\Tasks\AVG Driver Updater Startup => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe [2016-05-25] (AVG Netherlands B.V)
Task: {0B1FD6B5-C470-4E5D-8E60-4CE4A860F1AF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-03] ()
Task: {0CF4FE64-40E2-456C-A119-1AB98A893B10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-21] (Adobe Systems Incorporated)
Task: {120EA415-3224-41A6-8181-F489CD950136} - System32\Tasks\WpsKtpcntrQingTask_ASUSPC => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\office6\ktpcntr.exe [2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {173E4B62-9DB8-4D9D-A00D-188E983E68D2} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\ASUSPC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {1841CA92-F55B-425D-AC04-CF4CE2F16E9D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-03] ()
Task: {1E6DC43A-FD1D-41F7-A5B4-03C55D6C191C} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {2B444874-4490-46D7-BB76-9E96B7A60636} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {36099047-B39F-46F6-8B24-C3F6800D908D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {3A7A0F8C-DF78-450D-868D-49CC8FDEFD11} - System32\Tasks\Driver Booster SkipUAC (ASUSPC) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
Task: {481179B0-8BA1-47E8-AB63-0283B2CC43F7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2017-06-15] (Microsoft Corporation)
Task: {5364E274-2623-4169-8B11-43C9E3CAA815} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {68238C86-5A99-45D0-A04A-D311ED332B3C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-03] (Microsoft Corporation)
Task: {70299987-E7E7-4C1C-9393-427CF4D11362} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-08-12] (ASUSTeK Computer Inc.)
Task: {831EB92A-FB86-4C8D-9584-8B8D9EEDACF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {A10762D0-A338-4B58-ACEB-A537856BC384} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {A22A4A19-B210-4F1A-AFDD-B93E10531E23} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-08-12] (ASUSTeK Computer Inc.)
Task: {A2752A2F-25F1-4FE5-8986-15C2B2DDE337} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-08-12] ()
Task: {AD5984C9-06BA-448B-8021-DD7603CFEE6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {B2227AA6-A9F8-4672-8BB8-7A32D5BC0064} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {B66D904B-6FEC-442D-9F2C-B06B6FAAE0A9} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-07-29] (Realtek Semiconductor)
Task: {B6DE6881-D7F2-4622-9EE1-1B48AF91CE6D} - System32\Tasks\WpsExternal_ASUSPC_20170301150941 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {B87D8DFE-49E5-4229-8B7C-9BD0E904840D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {C6405B9B-910C-4F1E-BB02-0CBF05A5A49D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-06-09] (ASUS)
Task: {CBF400DD-89A4-41DC-8D75-EFAFC79A98CF} - System32\Tasks\WpsUpdateTask_ASUSPC => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\wtoolex\wpsupdate.exe [2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {D9651FBA-D512-42F8-9267-5089A31AC46B} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {E958529E-5421-4A43-8285-792E2B57CD14} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {EA688357-FC75-47A9-BEE0-53C347D02A51} - System32\Tasks\AVG Driver Updater Scan => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe [2016-05-25] (AVG Netherlands B.V)
Task: {F3F0F122-3152-4339-A788-AA52CE5E525B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AVG Driver Updater Scan.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\WINDOWS\Tasks\AVG Driver Updater Startup.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\WINDOWS\Tasks\WpsExternal_ASUSPC_20170301150941.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe ~/wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll
Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_ASUSPC.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\office6\ktpcntr.exe Ãqing 10.2.0.5811 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
Task: C:\WINDOWS\Tasks\WpsUpdateTask_ASUSPC.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\wtoolex\wpsupdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\ASUSPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicações do Chrome\Apple Shooter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=efnckpgchpgcaidjncjkcdefoklgojjb

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-15 11:17 - 2017-03-04 08:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-25 15:42 - 2016-08-01 13:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-06-15 12:14 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-08 03:42 - 2017-03-08 03:42 - 00230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2016-09-25 16:28 - 2016-09-25 16:28 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 22:21 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 11:17 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 11:17 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 11:17 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-15 11:17 - 2017-03-04 07:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-15 11:17 - 2017-03-04 07:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-09 20:25 - 2015-06-09 20:25 - 00035376 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-06-09 20:25 - 2015-06-09 20:25 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-05-18 11:40 - 2015-10-03 03:24 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-08-12 19:44 - 2015-08-12 19:44 - 00012288 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2016-12-24 15:04 - 00000832 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-140328530-2921895377-1690607904-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ASUSPC\Pictures\Taty\Saved Pictures\17200840_1275254432556972_1697915836_o.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "WebStorage"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{E2D5CF08-62AB-4994-8D02-2FAFAD6F695E}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{0993943A-FA46-4F97-B2F8-D5787D7BAE4C}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F3079C64-25B3-42A1-AABD-32B7FC0EF47E}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{8EE5FFE8-E44B-4E2C-B13B-49E8B90AB49F}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{0553EBB1-3067-4BB8-9D37-793EDA0A1C3D}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{AD4E7676-6143-4753-BE59-D117EDCB3026}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{7A39BF55-26DC-422E-B0A1-4D3094B31BB5}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{2820720F-BE0C-4988-9BCD-110B4376E7D9}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{E3A01F6E-27C1-4738-A76A-FB39CBF0B5E7}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{4FE97A64-7C01-436F-8FC2-60715F3657CC}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{E79A1125-BF3F-4190-A065-C2189A46A50A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A9D594FF-DAB8-4D38-96EE-8B61A398686D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{9075C242-6629-429B-AEB1-0034E5C88E0E}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [TCP Query User{84540F4F-0774-43D1-A651-2405464276F6}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [UDP Query User{6753567D-F203-4587-B145-95669CB9390D}C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [TCP Query User{0DD0FAE9-C1C4-4047-80D2-0B442D6C4C64}C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{CAD3705B-3F4D-4C2E-8BB1-A353E950047A}C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe
FirewallRules: [TCP Query User{66375690-99EA-4641-A87C-DB654E1537E5}C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe
FirewallRules: [{8514CCBA-CC06-493B-BD38-18EBDB11AB34}] => (Allow) C:\Program Files (x86)\OGPlanet\Tales Runner\trgame.exe
FirewallRules: [{EC58AF9F-44BD-453F-BF34-56F67C368F87}] => (Allow) C:\Program Files (x86)\OGPlanet\Tales Runner\trgame.exe
FirewallRules: [UDP Query User{DA9166A8-6AB8-4282-B811-7495AEAB1BBB}C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [TCP Query User{09A13277-EFC2-4D71-917E-156BAD809CE1}C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{C0780731-EF4D-493D-AB35-572D51DFC23E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6EBFA092-1124-4898-88A2-8F96EA1E6AD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A50080B2-1F7D-46AE-A383-1C5AA8B9EAE6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{B3D9C8A6-5D13-4042-88BC-D54F78F03201}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{1F8B75D6-2B2E-4843-82B6-F0D173055A46}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FF147201-D322-42E6-ACF9-004A15919B37}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D327E065-7BC3-4F39-B3A4-048D75121A34}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2C4F5E73-ECE3-4910-9363-7FC40454A9D9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C0085767-224A-4251-B7BD-4F5B52AD1491}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [TCP Query User{F86FA541-4A5A-468B-97CC-26359B4F3BB7}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D882D4D8-6F27-4A7F-8D11-2333EE48B5C0}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5621FCD2-1135-4819-B38C-34EFFDF61AEB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{2B883A94-3FF6-44A7-B02F-1FA34E8D5DA5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{9A27A58D-9779-4722-842F-0FA90A1049DF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{3F547125-5D05-45AD-8B96-21DDCEB20B70}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{9852E664-FDED-48C0-BA45-148BC04B6F2B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E483F709-00EE-4C98-B5B9-02BCFF5AB343}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{240A50D3-0B7B-46D5-A3FF-6CFE1C9C6C38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{3A4AF575-540D-453F-8CB3-72623984DA5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{F893F4AE-5417-404F-9563-D4E86F739CD0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2D0B764F-96BF-4BF8-889B-F61E016DA9A0}] => (Block) LPort=445
FirewallRules: [{7A8BA7DD-861B-45DE-9C84-97A722E8670B}] => (Block) LPort=445
FirewallRules: [{097AD66A-67FA-42B1-B501-49CB813A662D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe

==================== Restore Points =========================

22-03-2017 10:53:07 Windows Update
21-05-2017 18:50:29 Installed Soda PDF Desktop View Module
15-06-2017 11:04:18 Removed Suporte para Aplicações Apple (64-bits)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2017 12:14:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: mbamtray.exe, versão: 3.0.0.1068, carimbo de data/hora: 0x59125d35
Nome do módulo com falha: Qt5Core.dll, versão: 5.6.2.0, carimbo de data/hora: 0x58ed4d4f
Código de exceção: 0xc0000005
Desvio de falha: 0x0018da93
ID do processo com falha: 0x1884
Hora de início da aplicação com falha: 0x01d2e5c88c7af1fd
Caminho da aplicação com falha: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Caminho do módulo com falha: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID do Relatório: 1d1c87aa-d1de-4c38-a5f4-0eae7a987183
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:

Error: (06/15/2017 12:04:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-G171JDO)
Description: O pacote windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel foi terminado porque a sua suspensão levou demasiado tempo.

Error: (06/15/2017 12:01:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: O procedimento Open para o serviço "BITS" na DLL "C:\Windows\System32\bitsperf.dll" falhou. Os dados de desempenho para este serviço não estarão disponíveis. Os primeiros quatro bytes (DWORD) da secção Data contêm o código de erro.

Error: (06/15/2017 11:48:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-G171JDO)
Description: A ativação da aplicação Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI falhou com o erro: -2144927141. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais.

Error: (06/15/2017 11:47:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-G171JDO)
Description: A ativação da aplicação Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App falhou com o erro: -2147024865. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais.

Error: (06/15/2017 11:47:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-G171JDO)
Description: A ativação da aplicação Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App falhou com o erro: -2144927141. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais.

Error: (06/15/2017 11:47:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-G171JDO)
Description: A ativação da aplicação Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App falhou com o erro: -2144927141. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais.

Error: (06/15/2017 11:37:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha ao gerar o contexto de ativação para "c:\program files\cyberlink\photodirector5\kernel\ces\CES_CacheAgent.exe.Manifest".
Não foi possível localizar a Assemblagem Dependente PDR.X,type="win32",version="1.0.0.0".
Utilize sxstrace.exe para obter um diagnóstico detalhado.

Error: (06/15/2017 11:37:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha ao gerar o contexto de ativação para "c:\program files\cyberlink\photodirector5\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Não foi possível localizar a Assemblagem Dependente PDR.X,type="win32",version="1.0.0.0".
Utilize sxstrace.exe para obter um diagnóstico detalhado.

Error: (06/15/2017 11:29:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha ao gerar o contexto de ativação para "c:\program files\cyberlink\photodirector5\kernel\ces\CES_CacheAgent.exe.Manifest".
Não foi possível localizar a Assemblagem Dependente PDR.X,type="win32",version="1.0.0.0".
Utilize sxstrace.exe para obter um diagnóstico detalhado.


System errors:
=============
Error: (06/15/2017 12:48:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 e APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (06/15/2017 12:48:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Cache de Tipos de Letra do Arquitectura de Apresentação do Windows 3.0.0.0 falhou o arranque devido ao seguinte erro:
O serviço não respondeu ao pedido de início ou controlo atempadamente.

Error: (06/15/2017 12:48:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço FontCache3.0.0.0.

Error: (06/15/2017 12:48:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço TrueKey falhou o arranque devido ao seguinte erro:
O serviço não respondeu ao pedido de início ou controlo atempadamente.

Error: (06/15/2017 12:48:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço TrueKey.

Error: (06/15/2017 12:48:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço ClickToRunSvc falhou o arranque devido ao seguinte erro:
O serviço não respondeu ao pedido de início ou controlo atempadamente.

Error: (06/15/2017 12:48:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço ClickToRunSvc.

Error: (06/15/2017 12:48:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Razer Game Scanner Service falhou o arranque devido ao seguinte erro:
O serviço não respondeu ao pedido de início ou controlo atempadamente.

Error: (06/15/2017 12:48:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço Razer Game Scanner Service.

Error: (06/15/2017 12:48:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço TrueKeyScheduler falhou o arranque devido ao seguinte erro:
O serviço não respondeu ao pedido de início ou controlo atempadamente.


CodeIntegrity:
===================================
  Date: 2017-03-16 20:38:54.250
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-10 19:22:41.330
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 20:03:38.412
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-08 20:09:23.364
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-05 13:42:40.979
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-03 13:25:04.346
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-27 19:47:28.643
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-26 11:30:56.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 18:00:52.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-12 11:45:19.725
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 46%
Total physical RAM: 3982.29 MB
Available physical RAM: 2121.39 MB
Total Virtual: 4942.29 MB
Available Virtual: 3102.56 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:295.84 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:558.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FE5E06D7)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

Link to post
Share on other sites

Sorry Ron you are quite right, i could put more information. 

It's a lapton, that when i run the malwarebytes premium trial detected virus or malware.I run it 3 times and detected all the times, with less and less identified files.

I have run the Farbar Recovery Scan Tool and post the log here. I just want to be sure that the lapton is clean.what do you think ?

 

Thank you 

RStudio

Link to post
Share on other sites

  • Root Admin

Thanks @rstudio

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

 

 

adwcleaner_new.png Fix with AdwCleaner

 

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by ASUSPC (Administrator) on 18/06/2017 at  9:02:35,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 10

Failed to delete: C:\Program Files (x86)\GUTE91D.tmp (File)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\ASUSPC\AppData\Local\slimware utilities inc (Folder)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\WINDOWS\system32\drivers\swdumon.sys (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\AVG Driver Updater Scan (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\AVG Driver Updater Startup (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (ASUSPC) (Task)
Successfully deleted: C:\WINDOWS\Tasks\AVG Driver Updater Scan.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\AVG Driver Updater Startup.job (Task)

 

Registry: 3

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/06/2017 at  9:15:07,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Link to post
Share on other sites

# AdwCleaner v6.047 - Logfile created 18/06/2017 at 09:22:51
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-16.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : ASUSPC - DESKTOP-G171JDO
# Running from : C:\Users\ASUSPC\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

[-] Service deleted: swdumon


***** [ Folders ] *****

 

***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\S-1-5-21-140328530-2921895377-1690607904-1001\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[-] Key deleted: [x64] HKLM\SOFTWARE\AVG Secure Search
[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd


***** [ Web browsers ] *****

[-] [C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: chfdnecihphmhljaaejmgoiahnihplgn
[-] [C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1722 Bytes] - [18/06/2017 09:22:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [2195 Bytes] - [18/06/2017 09:21:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1868 Bytes] ##########

 

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017
Ran by ASUSPC (18-06-2017 20:06:50)
Running from C:\Users\ASUSPC\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-25 15:26:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-140328530-2921895377-1690607904-500 - Administrator - Disabled)
ASUSPC (S-1-5-21-140328530-2921895377-1690607904-1001 - Administrator - Enabled) => C:\Users\ASUSPC
Convidado (S-1-5-21-140328530-2921895377-1690607904-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-140328530-2921895377-1690607904-503 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0041 - ASUS)
AVG Driver Updater (HKLM-x32\...\AVG Driver Updater) (Version: 2.2.2 - AVG Netherlands B.V)
AVG Driver Updater (x32 Version: 2.2.2 - AVG Netherlands B.V) Hidden
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
Foxit PhantomPDF (HKLM-x32\...\{39263796-F296-43AF-909C-FCF99592BAC4}) (Version: 7.2.52.1209 - Foxit Software Inc.)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.17.107.1 - Intel Security)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 604.10125.2655.573 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Malwarebytes versão 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 365 - pt-pt (HKLM\...\O365HomePremRetail - pt-pt) (Version: 16.0.8067.2115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-140328530-2921895377-1690607904-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 pt-PT) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 pt-PT)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA Graphics Driver 353.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.84 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Painel de controlo da NVIDIA 369.09 (Version: 369.09 - NVIDIA Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.27057 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Soda PDF Desktop (HKLM-x32\...\SodaDesktop) (Version: 9.0.38.31816 - LULU Software)
Soda PDF Desktop View Module (Version: 9.0.38.31757 - LULU Software) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.6.547 - ASUS Cloud Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.5811 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-140328530-2921895377-1690607904-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06273D99-584B-40E7-BDE2-BADB0E4E196E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-19] (ASUSTek Computer Inc.)
Task: {0B1FD6B5-C470-4E5D-8E60-4CE4A860F1AF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-03] ()
Task: {0CF4FE64-40E2-456C-A119-1AB98A893B10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-18] (Adobe Systems Incorporated)
Task: {120EA415-3224-41A6-8181-F489CD950136} - System32\Tasks\WpsKtpcntrQingTask_ASUSPC => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\office6\ktpcntr.exe [2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {173E4B62-9DB8-4D9D-A00D-188E983E68D2} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\ASUSPC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {1841CA92-F55B-425D-AC04-CF4CE2F16E9D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-03] ()
Task: {1E6DC43A-FD1D-41F7-A5B4-03C55D6C191C} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {2B444874-4490-46D7-BB76-9E96B7A60636} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {36099047-B39F-46F6-8B24-C3F6800D908D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)
Task: {5364E274-2623-4169-8B11-43C9E3CAA815} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {68238C86-5A99-45D0-A04A-D311ED332B3C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-03] (Microsoft Corporation)
Task: {831EB92A-FB86-4C8D-9584-8B8D9EEDACF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {9E58A68B-631A-4CA4-B78F-CCC8E8F9D893} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-08-12] (ASUSTeK Computer Inc.)
Task: {A10762D0-A338-4B58-ACEB-A537856BC384} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {A2752A2F-25F1-4FE5-8986-15C2B2DDE337} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-08-12] ()
Task: {AD5984C9-06BA-448B-8021-DD7603CFEE6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {B2227AA6-A9F8-4672-8BB8-7A32D5BC0064} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {B66D904B-6FEC-442D-9F2C-B06B6FAAE0A9} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-07-29] (Realtek Semiconductor)
Task: {B6DE6881-D7F2-4622-9EE1-1B48AF91CE6D} - System32\Tasks\WpsExternal_ASUSPC_20170301150941 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {B87D8DFE-49E5-4229-8B7C-9BD0E904840D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {C6405B9B-910C-4F1E-BB02-0CBF05A5A49D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-06-09] (ASUS)
Task: {CBF400DD-89A4-41DC-8D75-EFAFC79A98CF} - System32\Tasks\WpsUpdateTask_ASUSPC => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\wtoolex\wpsupdate.exe [2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {CCC9B5CC-6ED5-4064-8487-1F4B3DBF5613} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-08-12] (ASUSTeK Computer Inc.)
Task: {D9651FBA-D512-42F8-9267-5089A31AC46B} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {E958529E-5421-4A43-8285-792E2B57CD14} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {F3F0F122-3152-4339-A788-AA52CE5E525B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\WpsExternal_ASUSPC_20170301150941.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe ~/wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll
Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_ASUSPC.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\office6\ktpcntr.exe Ãqing 10.2.0.5811 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
Task: C:\WINDOWS\Tasks\WpsUpdateTask_ASUSPC.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\wtoolex\wpsupdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\ASUSPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicações do Chrome\Apple Shooter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=efnckpgchpgcaidjncjkcdefoklgojjb

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-15 11:17 - 2017-03-04 08:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-25 15:42 - 2016-08-01 13:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-06-15 12:14 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-08 03:42 - 2017-03-08 03:42 - 00230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2016-09-25 16:28 - 2016-09-25 16:28 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 22:21 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 11:17 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 11:17 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 11:17 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-15 11:17 - 2017-03-04 07:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-15 11:17 - 2017-03-04 07:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-02 09:09 - 2017-03-02 09:10 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-03-02 09:09 - 2017-03-02 09:09 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-03-02 09:09 - 2017-03-02 09:10 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2016-06-03 16:52 - 2016-06-03 16:54 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-03-02 09:09 - 2017-03-02 09:10 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-03-02 09:09 - 2017-03-02 09:10 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-05-20 16:21 - 2016-05-20 16:33 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-03-09 18:53 - 2017-03-09 18:54 - 10650112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-03-09 18:53 - 2017-03-09 18:54 - 02653184 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-03-09 18:53 - 2017-03-09 18:54 - 00761344 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2015-06-09 20:25 - 2015-06-09 20:25 - 00035376 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-06-09 20:25 - 2015-06-09 20:25 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-05-18 11:40 - 2015-10-03 03:24 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2016-12-24 15:04 - 00000832 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-140328530-2921895377-1690607904-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Ashampoo Backup PB"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKU\S-1-5-21-140328530-2921895377-1690607904-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-140328530-2921895377-1690607904-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{E2D5CF08-62AB-4994-8D02-2FAFAD6F695E}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{0993943A-FA46-4F97-B2F8-D5787D7BAE4C}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F3079C64-25B3-42A1-AABD-32B7FC0EF47E}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{8EE5FFE8-E44B-4E2C-B13B-49E8B90AB49F}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{0553EBB1-3067-4BB8-9D37-793EDA0A1C3D}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{AD4E7676-6143-4753-BE59-D117EDCB3026}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{7A39BF55-26DC-422E-B0A1-4D3094B31BB5}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{2820720F-BE0C-4988-9BCD-110B4376E7D9}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{E3A01F6E-27C1-4738-A76A-FB39CBF0B5E7}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{4FE97A64-7C01-436F-8FC2-60715F3657CC}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{E79A1125-BF3F-4190-A065-C2189A46A50A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A9D594FF-DAB8-4D38-96EE-8B61A398686D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{9075C242-6629-429B-AEB1-0034E5C88E0E}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [TCP Query User{84540F4F-0774-43D1-A651-2405464276F6}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [UDP Query User{6753567D-F203-4587-B145-95669CB9390D}C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [TCP Query User{0DD0FAE9-C1C4-4047-80D2-0B442D6C4C64}C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\nvidia vr funhouse\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{CAD3705B-3F4D-4C2E-8BB1-A353E950047A}C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe
FirewallRules: [TCP Query User{66375690-99EA-4641-A87C-DB654E1537E5}C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vinyl\external\pd\pd\bin\pd.exe
FirewallRules: [{8514CCBA-CC06-493B-BD38-18EBDB11AB34}] => (Allow) C:\Program Files (x86)\OGPlanet\Tales Runner\trgame.exe
FirewallRules: [{EC58AF9F-44BD-453F-BF34-56F67C368F87}] => (Allow) C:\Program Files (x86)\OGPlanet\Tales Runner\trgame.exe
FirewallRules: [UDP Query User{DA9166A8-6AB8-4282-B811-7495AEAB1BBB}C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [TCP Query User{09A13277-EFC2-4D71-917E-156BAD809CE1}C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red trigger\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{C0780731-EF4D-493D-AB35-572D51DFC23E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6EBFA092-1124-4898-88A2-8F96EA1E6AD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A50080B2-1F7D-46AE-A383-1C5AA8B9EAE6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{B3D9C8A6-5D13-4042-88BC-D54F78F03201}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{1F8B75D6-2B2E-4843-82B6-F0D173055A46}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FF147201-D322-42E6-ACF9-004A15919B37}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D327E065-7BC3-4F39-B3A4-048D75121A34}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2C4F5E73-ECE3-4910-9363-7FC40454A9D9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C0085767-224A-4251-B7BD-4F5B52AD1491}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [TCP Query User{F86FA541-4A5A-468B-97CC-26359B4F3BB7}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D882D4D8-6F27-4A7F-8D11-2333EE48B5C0}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5621FCD2-1135-4819-B38C-34EFFDF61AEB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{2B883A94-3FF6-44A7-B02F-1FA34E8D5DA5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{9A27A58D-9779-4722-842F-0FA90A1049DF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{3F547125-5D05-45AD-8B96-21DDCEB20B70}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{9852E664-FDED-48C0-BA45-148BC04B6F2B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E483F709-00EE-4C98-B5B9-02BCFF5AB343}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{240A50D3-0B7B-46D5-A3FF-6CFE1C9C6C38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{3A4AF575-540D-453F-8CB3-72623984DA5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{2D0B764F-96BF-4BF8-889B-F61E016DA9A0}] => (Block) LPort=445
FirewallRules: [{7A8BA7DD-861B-45DE-9C84-97A722E8670B}] => (Block) LPort=445
FirewallRules: [{097AD66A-67FA-42B1-B501-49CB813A662D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{12FBDC12-C021-4BF7-909C-98DB7FD45E2E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-06-2017 11:04:18 Removed Suporte para Aplicações Apple (64-bits)
18-06-2017 09:29:01 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/18/2017 09:29:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objeto Escritor de Sistema.

Details:
AddLegacyDriverFiles: Unable to back up image of binary LLDP (Link-Layer Discovery Protocol) da Microsoft.

System Error:
Acesso negado.
.

Error: (06/18/2017 09:10:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/18/2017 09:06:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: UpdateChecker.exe, versão: 0.0.0.0, carimbo de data/hora: 0x559e27a7
Nome do módulo com falha: ntdll.dll, versão: 10.0.14393.479, carimbo de data/hora: 0x58256ca0
Código de exceção: 0xc0000005
Desvio de falha: 0x0005f185
ID do processo com falha: 0x1e6c
Hora de início da aplicação com falha: 0x01d2e808b758136d
Caminho da aplicação com falha: C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\ntdll.dll
ID do Relatório: 7b583967-6d5d-48a6-a6db-d0b6d081e289
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:

Error: (06/18/2017 09:06:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópia sombra de volumes: Erro inesperado ao chamar a rotina QueryFullProcessImageNameW. hr = 0x80070006, O identificador é inválido.
.


Operação:
   A Executar Operação Assíncrona

Contexto:
   Estado Atual: DoSnapshotSet

Error: (06/18/2017 09:03:19 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objeto Escritor de Sistema.

Details:
AddLegacyDriverFiles: Unable to back up image of binary LLDP (Link-Layer Discovery Protocol) da Microsoft.

System Error:
Acesso negado.
.

Error: (06/16/2017 11:21:25 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/15/2017 12:14:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: mbamtray.exe, versão: 3.0.0.1068, carimbo de data/hora: 0x59125d35
Nome do módulo com falha: Qt5Core.dll, versão: 5.6.2.0, carimbo de data/hora: 0x58ed4d4f
Código de exceção: 0xc0000005
Desvio de falha: 0x0018da93
ID do processo com falha: 0x1884
Hora de início da aplicação com falha: 0x01d2e5c88c7af1fd
Caminho da aplicação com falha: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Caminho do módulo com falha: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID do Relatório: 1d1c87aa-d1de-4c38-a5f4-0eae7a987183
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:

Error: (06/15/2017 12:04:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-G171JDO)
Description: O pacote windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel foi terminado porque a sua suspensão levou demasiado tempo.

Error: (06/15/2017 12:01:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: O procedimento Open para o serviço "BITS" na DLL "C:\Windows\System32\bitsperf.dll" falhou. Os dados de desempenho para este serviço não estarão disponíveis. Os primeiros quatro bytes (DWORD) da secção Data contêm o código de erro.

Error: (06/15/2017 11:48:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-G171JDO)
Description: A ativação da aplicação Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI falhou com o erro: -2144927141. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais.


System errors:
=============
Error: (06/18/2017 11:29:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80070643: Ferramenta de Remoção de Software Malicioso para Windows 8, 8.1, 10 e Windows Server 2012, Edição 2012 R2, 2016 x64 - Jun. 2017 (KB890830).

Error: (06/18/2017 09:24:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 ao SID (S-1-5-19) de utilizador NT AUTHORITY\SERVIÇO LOCAL a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (06/18/2017 09:24:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 ao SID (S-1-5-19) de utilizador NT AUTHORITY\SERVIÇO LOCAL a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (06/18/2017 09:24:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 e APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (06/18/2017 09:24:06 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: A DLL de notificação de palavra-passe "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" não foi carregada com o erro 126. Verifique se o caminho da DLL de notificação definido no registo, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, se refere a um caminho correto e absoluto (<unidade>:\<caminho>\<nomeficheiro>.<ext>), e não a um caminho relativo ou inválido. Se o caminho da DLL estiver correto, confirme se os ficheiros de suporte estão localizados no mesmo diretório e se a conta de sistema tem acesso de leitura para o caminho da DLL e para quaisquer ficheiros de suporte. Contacte o fornecedor da DLL de notificação para obter suporte adicional. Estão disponíveis na Web mais detalhes, em http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (06/18/2017 09:22:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (06/18/2017 09:22:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Instalador de Módulos do Windows terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 120000 milissegundos: Reiniciar o serviço.

Error: (06/18/2017 09:22:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Cache de Tipos de Letra do Arquitectura de Apresentação do Windows 3.0.0.0 terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 0 milissegundos: Reiniciar o serviço.

Error: (06/18/2017 09:22:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Windows Search terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 30000 milissegundos: Reiniciar o serviço.

Error: (06/18/2017 09:22:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Intel Security True Key terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço.


CodeIntegrity:
===================================
  Date: 2017-06-18 11:26:41.317
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-15 14:14:25.014
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-16 20:38:54.250
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-10 19:22:41.330
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 20:03:38.412
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-08 20:09:23.364
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-05 13:42:40.979
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-03 13:25:04.346
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-27 19:47:28.643
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-26 11:30:56.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 56%
Total physical RAM: 3982.29 MB
Available physical RAM: 1745.59 MB
Total Virtual: 4942.29 MB
Available Virtual: 2320.09 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:305.7 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:558.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FE5E06D7)

Partition: GPT.

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017
Ran by ASUSPC (administrator) on DESKTOP-G171JDO (18-06-2017 20:04:19)
Running from C:\Users\ASUSPC\Desktop
Loaded Profiles: ASUSPC (Available Profiles: ASUSPC)
Platform: Windows 10 Home Version 1607 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-03] (NVIDIA Corporation)
HKLM\...\Run: [Ashampoo Backup PB] => "C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupClient-abpb.exe" --hidden
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-25] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] ()
HKU\S-1-5-21-140328530-2921895377-1690607904-1001\...\Run: [BingSvc] => C:\Users\ASUSPC\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{10d9e777-2b95-4667-9429-2aa966ca95a4}: [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{a7506989-8a3e-4230-9e91-a4e009183f94}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-140328530-2921895377-1690607904-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-140328530-2921895377-1690607904-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-140328530-2921895377-1690607904-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-05-17] (Intel Security)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-05-17] (Intel Security)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-03] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-03] (Microsoft Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-05-17] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-05-17] (Intel Security)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0sxrt9u6.default
FF ProfilePath: C:\Users\ASUSPC\AppData\Roaming\Mozilla\Firefox\Profiles\0sxrt9u6.default [2017-06-18]
FF Homepage: Mozilla\Firefox\Profiles\0sxrt9u6.default -> www.sapo.pt
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-18] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-03] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-06-03] (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-18] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default [2017-06-15]
CHR Extension: (Apresentações Google) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-20]
CHR Extension: (Google Docs) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-20]
CHR Extension: (Google Drive) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-20]
CHR Extension: (YouTube) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (Color Switch) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlknokhglhpflfcgodinmdmbfoheecdo [2016-06-15]
CHR Extension: (Apple Shooter) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\efnckpgchpgcaidjncjkcdefoklgojjb [2016-06-15]
CHR Extension: (Google Folhas de Cálculo) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-20]
CHR Extension: (Documentos do Google offline) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-20]
CHR Extension: (Background Changer) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbpabmjecillbmlhmkbibekmbnidhopk [2016-08-01]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Flappy Futebol) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjcfahmlognckbgfkmopablbpoonjenm [2016-06-15]
CHR Extension: (Gmail) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-20]
CHR Extension: (Chrome Media Router) - C:\Users\ASUSPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887232 2013-12-24] (Intel(R) Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 Soda PDF Desktop; C:\Program Files\Soda PDF Desktop\ws.exe [2581864 2017-01-25] (LULU Software)
S3 Soda PDF Desktop CrashHandler; C:\Program Files\Soda PDF Desktop\crash-handler-ws.exe [931176 2017-01-25] (LULU Software)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [998296 2017-05-10] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16160 2017-05-10] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86776 2017-05-10] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [173824 2017-03-01] (Zhuhai Kingsoft Office Software Co.,Ltd)
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4317808 2015-07-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [98792 2017-03-08] (ASUS Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] ()
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-03-08] (REALiX(tm))
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-15] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-18] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-18] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-18] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-18] (Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [32736 2017-03-08] (Intel(R) Corporation)
R1 MpKslb7353c69; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8CACB89-B04E-40DA-9DF9-3D43358272DA}\MpKslb7353c69.sys [44928 2017-06-18] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-03-08] (Realtek                                            )
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [41824 2016-11-03] (SteelSeries ApS)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [51400 2016-05-27] (SteelSeries ApS)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2017-03-08] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-18 09:32 - 2017-06-18 09:32 - 00000000 ____D C:\ProgramData\Sophos
2017-06-18 09:30 - 2017-06-18 09:30 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-06-18 09:30 - 2017-06-18 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-06-18 09:30 - 2017-06-18 09:30 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-06-18 09:17 - 2017-06-18 09:22 - 00000000 ____D C:\AdwCleaner
2017-06-18 09:15 - 2017-06-18 09:15 - 00001665 _____ C:\Users\ASUSPC\Desktop\JRT.txt
2017-06-18 08:57 - 2017-06-18 09:28 - 169668288 _____ (Sophos Limited) C:\Users\ASUSPC\Desktop\Sophos Virus Removal Tool.exe
2017-06-18 08:56 - 2017-06-18 09:17 - 04110280 _____ C:\Users\ASUSPC\Desktop\AdwCleaner.exe
2017-06-18 08:56 - 2017-06-18 09:02 - 01663672 _____ (Malwarebytes) C:\Users\ASUSPC\Desktop\JRT.exe
2017-06-15 12:54 - 2017-06-15 12:56 - 00038840 _____ C:\Users\ASUSPC\Desktop\Addition.txt
2017-06-15 12:51 - 2017-06-18 20:05 - 00017949 _____ C:\Users\ASUSPC\Desktop\FRST.txt
2017-06-15 12:50 - 2017-06-18 20:04 - 00000000 ____D C:\FRST
2017-06-15 12:14 - 2017-06-18 09:38 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-15 12:14 - 2017-06-18 09:24 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-15 12:14 - 2017-06-18 09:24 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-15 12:14 - 2017-06-18 09:24 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-15 12:14 - 2017-06-15 12:15 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-15 12:14 - 2017-06-15 12:14 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-15 12:14 - 2017-06-15 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-15 12:14 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-15 12:13 - 2017-06-15 12:50 - 02438656 _____ (Farbar) C:\Users\ASUSPC\Desktop\FRST64.exe
2017-06-15 12:13 - 2017-06-15 12:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-15 12:13 - 2017-06-15 12:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-15 12:11 - 2017-06-15 12:11 - 64232976 _____ (Malwarebytes ) C:\Users\ASUSPC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092(1).exe
2017-06-15 12:10 - 2017-06-15 12:11 - 64232976 _____ (Malwarebytes ) C:\Users\ASUSPC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-10 15:42 - 2017-06-10 15:42 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-06-03 21:35 - 2017-06-03 21:35 - 00002053 _____ C:\Users\ASUSPC\Documents\Bem-vindo ao Registo de Produto ASUS (2).lnk
2017-06-03 15:17 - 2017-06-03 15:20 - 00000000 ____D C:\Users\ASUSPC\Desktop\Imagens e Videos
2017-06-03 15:04 - 2017-06-15 11:59 - 00000000 ____D C:\Users\ASUSPC\AppData\Local\Ashampoo Backup PB
2017-05-21 19:03 - 2017-06-15 11:50 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-21 19:00 - 2017-05-21 19:00 - 00000000 ____D C:\ProgramData\Ashampoo Backup PB
2017-05-21 18:54 - 2017-05-21 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-05-21 18:53 - 2017-05-21 18:55 - 00000000 ____D C:\Program Files\Notepad++
2017-05-21 18:53 - 2017-05-21 18:54 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Notepad++
2017-05-21 18:51 - 2017-05-21 18:51 - 00000000 ____D C:\Users\ASUSPC\Documents\Soda PDF Files
2017-05-21 18:51 - 2017-05-21 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF Desktop
2017-05-21 18:51 - 2017-05-21 18:51 - 00000000 ____D C:\Program Files\Soda PDF Desktop
2017-05-21 18:44 - 2017-05-21 18:44 - 00000000 ____D C:\ProgramData\Soda PDF Desktop

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-18 20:02 - 2016-09-25 15:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-18 12:09 - 2016-09-25 16:21 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-06-18 12:09 - 2016-09-25 16:21 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-06-18 11:29 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-18 11:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-18 09:26 - 2016-11-19 12:32 - 00000000 ____D C:\Users\ASUSPC\AppData\LocalLow\Mozilla
2017-06-18 09:26 - 2016-05-18 14:04 - 00000165 _____ C:\Users\ASUSPC\AppData\Roaming\sp_data.sys
2017-06-18 09:24 - 2016-09-25 16:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-18 09:24 - 2016-05-18 14:03 - 00000000 __SHD C:\Users\ASUSPC\IntelGraphicsProfiles
2017-06-18 09:23 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-18 09:19 - 2016-05-20 16:04 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-18 09:19 - 2016-05-20 16:04 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-18 09:11 - 2016-09-25 16:21 - 00003526 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-18 09:11 - 2016-09-25 16:21 - 00003402 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-18 09:06 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-18 09:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-18 08:57 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-18 08:57 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-15 13:00 - 2016-12-24 15:45 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-06-15 12:59 - 2016-08-02 20:02 - 00000000 ____D C:\Users\ASUSPC\AppData\Local\Razer
2017-06-15 12:59 - 2016-08-02 19:52 - 00000000 ____D C:\ProgramData\Razer
2017-06-15 12:59 - 2016-08-02 19:52 - 00000000 ____D C:\Program Files (x86)\Razer
2017-06-15 12:59 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-15 12:04 - 2016-11-17 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-15 12:02 - 2016-05-18 12:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12
2017-06-15 11:59 - 2016-09-25 16:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-06-15 11:59 - 2016-05-21 13:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-15 11:59 - 2016-03-28 12:15 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-06-15 11:56 - 2016-05-18 14:03 - 00000000 ____D C:\Users\ASUSPC\AppData\Local\Packages
2017-06-15 11:55 - 2016-05-21 13:10 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-15 11:50 - 2016-08-14 22:19 - 00000000 ____D C:\Program Files\TrueKey
2017-06-15 11:50 - 2016-08-13 12:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-15 11:50 - 2016-05-22 11:56 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\AVAST Software
2017-06-15 11:50 - 2016-05-18 12:00 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-15 11:45 - 2016-05-20 17:37 - 00000000 ____D C:\Program Files (x86)\AVG
2017-06-15 11:45 - 2016-05-20 17:33 - 00000000 ____D C:\ProgramData\Avg
2017-06-15 11:43 - 2016-05-20 17:32 - 00000000 ____D C:\Users\ASUSPC\AppData\Local\AvgSetupLog
2017-06-15 11:39 - 2016-05-18 12:08 - 00000000 ____D C:\Program Files\CyberLink
2017-06-15 11:39 - 2016-05-18 11:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-15 11:38 - 2016-05-18 12:07 - 00000000 ____D C:\ProgramData\CyberLink
2017-06-15 11:27 - 2016-12-14 20:44 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Apple Computer
2017-06-15 11:25 - 2016-05-18 11:47 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2017-06-15 11:21 - 2017-04-03 08:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-15 11:21 - 2016-05-20 16:29 - 00000000 ____D C:\ProgramData\Skype
2017-06-15 11:11 - 2017-03-16 10:03 - 00000000 ____D C:\ProgramData\SteelSeries
2017-06-15 11:11 - 2017-03-16 10:03 - 00000000 ____D C:\Program Files\SteelSeries
2017-06-15 11:10 - 2016-12-14 20:34 - 00000000 ____D C:\ProgramData\Apple
2017-06-15 11:03 - 2016-05-20 16:21 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-15 10:59 - 2016-05-20 16:29 - 00000000 ____D C:\Users\ASUSPC\AppData\Roaming\Skype
2017-06-11 00:44 - 2016-09-25 15:48 - 00000000 ____D C:\Users\ASUSPC
2017-06-10 15:43 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-10 15:42 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-10 15:40 - 2016-05-18 12:13 - 00000000 ____D C:\Program Files\Microsoft Office
2017-06-03 20:46 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-03 15:07 - 2017-03-08 21:45 - 00000000 ____D C:\ProgramData\IObit
2017-06-03 15:03 - 2016-08-14 22:46 - 00001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-06-03 07:36 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 07:36 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-21 21:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-05-21 20:49 - 2016-07-17 00:08 - 00503104 _____ C:\WINDOWS\system32\prfh0816.dat
2017-05-21 20:49 - 2016-07-17 00:08 - 00157500 _____ C:\WINDOWS\system32\prfc0816.dat
2017-05-21 20:49 - 2016-03-28 11:59 - 01744202 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-21 19:43 - 2016-11-21 19:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc
2017-05-21 18:32 - 2016-05-18 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016
2017-05-21 18:21 - 2016-05-18 12:00 - 00000000 ____D C:\ProgramData\McAfee

==================== Files in the root of some directories =======

2016-05-18 14:04 - 2017-06-18 09:26 - 0000165 _____ () C:\Users\ASUSPC\AppData\Roaming\sp_data.sys
2016-09-25 15:43 - 2016-09-25 15:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2016-10-28 23:50 - 2016-10-28 23:50 - 50563233 _____ (Popcorn Time                                                ) C:\Users\ASUSPC\AppData\Local\Temp\setup_7F1E.exe
2016-11-04 09:26 - 2016-11-04 09:27 - 43768960 _____ (Skype Technologies S.A.) C:\Users\ASUSPC\AppData\Local\Temp\SkypeSetup.exe
2017-04-03 08:07 - 2017-04-03 08:07 - 14456872 _____ (Microsoft Corporation) C:\Users\ASUSPC\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-18 11:25

==================== End of FRST.txt ============================

 

 

Link to post
Share on other sites

  • Root Admin

You're quite welcome @rstudio

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot


Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.


 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.