Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-07-2015
Ran by asus (administrator) on PC3 (25-07-2015 23:28:02)
Running from C:\Users\asus\Desktop
Loaded Profiles: asus (Available Profiles: asus)
Platform: Windows 8 Single Language (X64) Language: Português (Brasil)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.495.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_6224eed751126779\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcchhost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saui.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-04-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ATLauncher] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
HKLM-x32\...\Run: [ATUninstallIcon] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-24] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-24] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2144182778-2948468438-3455390907-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2144182778-2948468438-3455390907-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-24] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-24] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-07-21] (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-07-21] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 187.122.119.11 187.122.119.111
Tcpip\..\Interfaces\{128E3A1F-F239-4E81-899E-5E4BE58A9FDC}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{2DB07E29-5CF4-4841-A841-E63A862EB609}: [DhcpNameServer] 187.122.119.11 187.122.119.111
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-05-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-04-25]
Chrome:
=======
CHR Profile: C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-24]
CHR Extension: (Google Drive) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-24]
CHR Extension: (SiteAdvisor) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-24]
CHR Extension: (Avast Online Security) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-24]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-20] (ASUS)
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-24] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-07-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-24] (Avast Software)
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-04-21] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-04-21] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-04-21] (Intel Corporation)
S2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-07-21] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-04-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-05-14] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [250672 2015-04-08] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S2 KMSEmulator; C:\ProgramData\KMSAuto\KMSES.exe 1688 KillProcessOnPort [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-24] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-07-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-24] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454016 2015-07-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-24] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-24] (AVAST Software)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-06-28] (ASUS Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-04-08] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2015-03-23] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-04-21] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [32968 2013-04-21] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [45880 2013-04-21] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-04-21] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-04-21] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-04-21] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [402888 2015-04-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [338272 2015-04-08] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-04-08] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-04-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864200 2015-04-08] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335944 2015-04-08] (McAfee, Inc.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-24] (AVAST Software)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [18232 2013-06-20] (ASUSTek Computer Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-24] (Avast Software)
U0 msahci; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-25 23:28 - 2015-07-25 23:29 - 00021722 _____ C:\Users\asus\Desktop\FRST.txt
2015-07-25 23:27 - 2015-07-25 23:28 - 00000000 ____D C:\FRST
2015-07-25 23:27 - 2015-07-25 23:27 - 00001208 _____ C:\Users\asus\Desktop\JRT.txt relatorio.txt
2015-07-25 23:25 - 2015-07-25 23:25 - 02146816 _____ (Farbar) C:\Users\asus\Desktop\FRST64.exe
2015-07-25 23:20 - 2015-07-25 23:20 - 00026624 ___SH C:\Users\asus\Desktop\Thumbs.db
2015-07-25 23:20 - 2015-07-25 23:20 - 00001208 _____ C:\Users\asus\Desktop\JRT.txt
2015-07-25 23:05 - 2015-07-25 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-07-25 23:02 - 2015-07-25 23:02 - 01798288 _____ (Malwarebytes Corporation) C:\Users\asus\Desktop\JRT.exe
2015-07-25 22:58 - 2015-07-25 22:58 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\18431BB3.sys
2015-07-24 23:30 - 2015-07-24 23:30 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-07-24 23:30 - 2015-07-24 23:30 - 00000000 ____D C:\Windows\system32\vbox
2015-07-24 23:30 - 2015-07-24 23:30 - 00000000 ____D C:\Users\asus\AppData\Roaming\AVAST Software
2015-07-24 23:29 - 2015-07-24 23:29 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00454016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-24 23:29 - 2015-07-24 23:29 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-24 23:29 - 2015-07-24 23:29 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-24 23:29 - 2015-07-24 23:29 - 00001984 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-07-24 23:29 - 2015-07-24 23:29 - 00001924 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2015-07-24 23:29 - 2015-07-24 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-24 23:27 - 2015-07-24 23:27 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-24 23:26 - 2015-07-24 23:26 - 05657224 _____ (AVAST Software) C:\Users\asus\Downloads\avast_premier_antivirus_setup_online.exe
2015-07-24 23:26 - 2015-07-24 23:26 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-24 21:47 - 2015-07-24 21:47 - 00015064 _____ C:\Users\asus\Desktop\Untitled.vf
2015-07-24 21:18 - 2015-07-24 21:18 - 00000000 ____D C:\ProgramData\Baidu
2015-07-24 21:12 - 2015-07-24 21:12 - 00001204 _____ C:\Users\asus\Desktop\Format Factory.lnk
2015-07-24 21:12 - 2015-07-24 21:12 - 00000000 ____D C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-07-24 21:12 - 2015-07-24 21:12 - 00000000 ____D C:\Program Files (x86)\FreeTime
2015-07-24 21:12 - 2015-07-24 21:12 - 00000000 ____D C:\Program Files (x86)\55a461e2-f987-46cd-b121-ec0a8402deb5
2015-07-24 21:11 - 2015-07-02 14:14 - 00020248 _____ () C:\Windows\system32\roboot64.exe
2015-07-24 21:11 - 2012-07-26 02:26 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-24 21:04 - 2015-07-24 21:04 - 00003312 _____ C:\Windows\System32\Tasks\Format Factory
2015-07-24 21:02 - 2015-07-24 21:02 - 04506047 _____ (Free Time ) C:\Users\asus\Downloads\FormatFactory-3.6.0.5-WebInstaller.exe
2015-07-24 20:57 - 2015-07-24 20:57 - 00000000 ____D C:\Users\asus\AppData\Roaming\Publish Providers
2015-07-24 20:56 - 2015-07-24 20:56 - 00002480 _____ C:\Users\asus\Desktop\Register Vegas Movie Studio HD.htm
2015-07-24 20:46 - 2015-07-24 22:06 - 00000000 ____D C:\Users\asus\Documents\Vegas Movie Studio HD 11.0 Projects
2015-07-24 20:43 - 2015-07-24 20:48 - 00000000 ____D C:\Users\asus\Downloads\Movie studio hd 11 + Keygen
2015-07-24 20:38 - 2015-07-24 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-07-24 20:37 - 2015-07-24 20:46 - 00000000 ____D C:\Users\asus\AppData\Local\Sony
2015-07-24 20:37 - 2015-07-24 20:37 - 00000000 ____D C:\Windows\SysWOW64\spool
2015-07-24 20:37 - 2015-07-24 20:37 - 00000000 ____D C:\ProgramData\Sony
2015-07-24 20:37 - 2015-07-24 20:37 - 00000000 ____D C:\Program Files (x86)\Sony
2015-07-24 20:34 - 2015-07-24 20:34 - 159757415 _____ C:\Users\asus\Downloads\Movie studio hd 11 + Keygen.rar
2015-07-24 20:17 - 2015-07-24 20:57 - 00000000 ____D C:\Users\asus\AppData\Roaming\Sony
2015-07-23 11:09 - 2015-07-23 12:41 - 00000000 ____D C:\Users\asus\Downloads\musicas para domingo
2015-07-23 11:08 - 2015-07-23 11:09 - 00000000 ____D C:\Users\asus\Downloads\Programas
2015-07-21 11:15 - 2015-07-21 11:15 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-20 11:33 - 2015-07-20 11:33 - 01351728 _____ C:\Users\asus\Desktop\Rec003.avi
2015-07-20 11:20 - 2015-07-20 11:20 - 00001004 _____ C:\Users\Public\Desktop\Screen Recorder.lnk
2015-07-20 11:20 - 2015-07-20 11:20 - 00000000 ____D C:\Users\asus\AppData\Roaming\ZD Soft
2015-07-20 11:20 - 2015-07-20 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZD Soft
2015-07-20 11:20 - 2015-07-20 11:20 - 00000000 ____D C:\Program Files (x86)\ZD Soft
2015-07-20 11:18 - 2015-07-20 11:18 - 02441728 _____ C:\Users\asus\Downloads\ScnRec.msi
2015-07-20 11:01 - 2015-07-20 11:10 - 00000000 ____D C:\Users\asus\Desktop\Beckup Celular
2015-07-20 11:00 - 2015-07-20 22:32 - 00000000 ____D C:\Users\asus\Desktop\My Fotos
2015-07-17 21:59 - 2015-07-24 20:17 - 00000000 ____D C:\Users\asus\Downloads\Músicas
2015-07-17 21:57 - 2015-07-17 21:59 - 00000000 ____D C:\Users\asus\Downloads\Facul
2015-07-16 11:51 - 2015-07-25 23:22 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 11:51 - 2015-07-16 12:19 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-16 11:51 - 2015-07-16 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-16 11:50 - 2015-07-16 12:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-16 11:50 - 2015-07-16 11:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-16 11:50 - 2015-06-18 09:48 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-16 11:50 - 2015-06-18 09:47 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-16 11:50 - 2015-06-18 09:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-16 11:49 - 2015-07-16 11:49 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\asus\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-07-15 23:34 - 2015-07-25 09:40 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf6ffa28da95.job
2015-07-15 23:34 - 2015-07-15 23:34 - 00004056 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0bf6ffa28da95
2015-07-10 08:54 - 2015-07-25 09:42 - 01765682 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-05 12:26 - 2015-07-05 12:26 - 00078279 _____ C:\Users\asus\Downloads\Planejamento Brigaderia.xlsx
2015-07-03 13:28 - 2015-07-03 13:28 - 00000000 ____D C:\Users\asus\Documents\Modelos Personalizados do Office
2015-07-02 15:35 - 2015-04-27 08:02 - 00198448 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-07-02 15:32 - 2015-07-02 15:32 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-06-30 23:11 - 2015-07-24 23:17 - 00000000 ____D C:\Users\asus\Desktop\OZ doces finos
2015-06-25 11:09 - 2015-07-25 23:06 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-25 23:22 - 2015-05-21 16:39 - 01574603 _____ C:\Windows\WindowsUpdate.log
2015-07-25 23:06 - 2015-06-23 13:19 - 00003756 _____ C:\Windows\System32\Tasks\AutoKMS
2015-07-25 23:06 - 2015-05-28 12:09 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-07-25 23:03 - 2015-05-25 14:03 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2144182778-2948468438-3455390907-1001
2015-07-25 23:02 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\sru
2015-07-25 22:59 - 2015-05-25 15:23 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 09:42 - 2012-08-02 11:24 - 00770242 _____ C:\Windows\system32\prfh0416.dat
2015-07-25 09:42 - 2012-08-02 11:24 - 00157552 _____ C:\Windows\system32\prfc0416.dat
2015-07-25 09:39 - 2015-05-25 15:29 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d09718caeea4fb.job
2015-07-25 09:37 - 2012-07-26 04:21 - 00809770 _____ C:\Windows\setupact.log
2015-07-25 00:34 - 2015-05-25 15:23 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-24 23:42 - 2015-05-25 15:24 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-24 23:18 - 2012-07-26 04:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-24 23:17 - 2012-08-02 00:32 - 00029426 _____ C:\Windows\PFRO.log
2015-07-24 22:13 - 2012-07-26 05:12 - 00000000 ___RD C:\Windows\Offline Web Pages
2015-07-24 21:37 - 2012-08-02 00:52 - 00000000 ____D C:\Windows\ASUS
2015-07-24 20:39 - 2013-04-25 19:42 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-24 20:38 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-24 13:36 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-07-23 11:13 - 2015-05-29 14:28 - 00080896 ___SH C:\Users\asus\Downloads\Thumbs.db
2015-07-23 11:09 - 2015-05-31 00:29 - 00000000 ____D C:\Users\asus\AppData\Roaming\uTorrent
2015-07-21 13:13 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-21 11:15 - 2013-04-25 19:42 - 00000000 ____D C:\ProgramData\McAfee
2015-07-20 22:17 - 2012-07-26 04:59 - 00000000 ____D C:\Windows\CbsTemp
2015-07-20 22:11 - 2015-05-21 16:42 - 00000000 ____D C:\Users\asus\AppData\Local\VirtualStore
2015-07-15 23:34 - 2015-05-25 15:29 - 00004056 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d09718caeea4fb
2015-07-15 23:34 - 2015-05-25 15:23 - 00003820 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-05 12:26 - 2015-05-21 16:41 - 00000000 ____D C:\Users\asus\AppData\Local\Packages
2015-07-02 15:34 - 2013-04-25 19:42 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-07-02 15:33 - 2012-07-26 05:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-06-25 12:26 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\rescache
2015-06-25 12:16 - 2015-05-31 01:31 - 00430872 _____ C:\Windows\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2013-04-25 19:39 - 2012-09-07 08:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-25 19:39 - 2009-07-22 07:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-25 19:39 - 2012-09-07 08:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS
Some files in TEMP:
====================
C:\Users\asus\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\asus\AppData\Local\Temp\ose00000.exe
C:\Users\asus\AppData\Local\Temp\ResetDevice.exe
C:\Users\asus\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-17 13:30
==================== End of log ============================
Ran by asus (administrator) on PC3 (25-07-2015 23:28:02)
Running from C:\Users\asus\Desktop
Loaded Profiles: asus (Available Profiles: asus)
Platform: Windows 8 Single Language (X64) Language: Português (Brasil)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.495.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_6224eed751126779\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcchhost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saui.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-04-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ATLauncher] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
HKLM-x32\...\Run: [ATUninstallIcon] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-24] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-24] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2144182778-2948468438-3455390907-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2144182778-2948468438-3455390907-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-24] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-24] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-07-21] (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-07-21] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 187.122.119.11 187.122.119.111
Tcpip\..\Interfaces\{128E3A1F-F239-4E81-899E-5E4BE58A9FDC}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{2DB07E29-5CF4-4841-A841-E63A862EB609}: [DhcpNameServer] 187.122.119.11 187.122.119.111
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-05-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-04-25]
Chrome:
=======
CHR Profile: C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-24]
CHR Extension: (Google Drive) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-24]
CHR Extension: (SiteAdvisor) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-24]
CHR Extension: (Avast Online Security) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-24]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-20] (ASUS)
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-24] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-07-24] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-24] (Avast Software)
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-04-21] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-04-21] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-04-21] (Intel Corporation)
S2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-07-21] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-04-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-05-14] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [250672 2015-04-08] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S2 KMSEmulator; C:\ProgramData\KMSAuto\KMSES.exe 1688 KillProcessOnPort [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-24] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-07-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-24] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454016 2015-07-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-24] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-24] (AVAST Software)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-06-28] (ASUS Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-04-08] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2015-03-23] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-04-21] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [32968 2013-04-21] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [45880 2013-04-21] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-04-21] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-04-21] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-04-21] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [402888 2015-04-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [338272 2015-04-08] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-04-08] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-04-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864200 2015-04-08] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335944 2015-04-08] (McAfee, Inc.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-24] (AVAST Software)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [18232 2013-06-20] (ASUSTek Computer Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-24] (Avast Software)
U0 msahci; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-25 23:28 - 2015-07-25 23:29 - 00021722 _____ C:\Users\asus\Desktop\FRST.txt
2015-07-25 23:27 - 2015-07-25 23:28 - 00000000 ____D C:\FRST
2015-07-25 23:27 - 2015-07-25 23:27 - 00001208 _____ C:\Users\asus\Desktop\JRT.txt relatorio.txt
2015-07-25 23:25 - 2015-07-25 23:25 - 02146816 _____ (Farbar) C:\Users\asus\Desktop\FRST64.exe
2015-07-25 23:20 - 2015-07-25 23:20 - 00026624 ___SH C:\Users\asus\Desktop\Thumbs.db
2015-07-25 23:20 - 2015-07-25 23:20 - 00001208 _____ C:\Users\asus\Desktop\JRT.txt
2015-07-25 23:05 - 2015-07-25 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-07-25 23:02 - 2015-07-25 23:02 - 01798288 _____ (Malwarebytes Corporation) C:\Users\asus\Desktop\JRT.exe
2015-07-25 22:58 - 2015-07-25 22:58 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\18431BB3.sys
2015-07-24 23:30 - 2015-07-24 23:30 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-07-24 23:30 - 2015-07-24 23:30 - 00000000 ____D C:\Windows\system32\vbox
2015-07-24 23:30 - 2015-07-24 23:30 - 00000000 ____D C:\Users\asus\AppData\Roaming\AVAST Software
2015-07-24 23:29 - 2015-07-24 23:29 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00454016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-24 23:29 - 2015-07-24 23:29 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-24 23:29 - 2015-07-24 23:29 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-07-24 23:29 - 2015-07-24 23:29 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-24 23:29 - 2015-07-24 23:29 - 00001984 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-07-24 23:29 - 2015-07-24 23:29 - 00001924 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2015-07-24 23:29 - 2015-07-24 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-24 23:27 - 2015-07-24 23:27 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-24 23:26 - 2015-07-24 23:26 - 05657224 _____ (AVAST Software) C:\Users\asus\Downloads\avast_premier_antivirus_setup_online.exe
2015-07-24 23:26 - 2015-07-24 23:26 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-24 21:47 - 2015-07-24 21:47 - 00015064 _____ C:\Users\asus\Desktop\Untitled.vf
2015-07-24 21:18 - 2015-07-24 21:18 - 00000000 ____D C:\ProgramData\Baidu
2015-07-24 21:12 - 2015-07-24 21:12 - 00001204 _____ C:\Users\asus\Desktop\Format Factory.lnk
2015-07-24 21:12 - 2015-07-24 21:12 - 00000000 ____D C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-07-24 21:12 - 2015-07-24 21:12 - 00000000 ____D C:\Program Files (x86)\FreeTime
2015-07-24 21:12 - 2015-07-24 21:12 - 00000000 ____D C:\Program Files (x86)\55a461e2-f987-46cd-b121-ec0a8402deb5
2015-07-24 21:11 - 2015-07-02 14:14 - 00020248 _____ () C:\Windows\system32\roboot64.exe
2015-07-24 21:11 - 2012-07-26 02:26 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-24 21:04 - 2015-07-24 21:04 - 00003312 _____ C:\Windows\System32\Tasks\Format Factory
2015-07-24 21:02 - 2015-07-24 21:02 - 04506047 _____ (Free Time ) C:\Users\asus\Downloads\FormatFactory-3.6.0.5-WebInstaller.exe
2015-07-24 20:57 - 2015-07-24 20:57 - 00000000 ____D C:\Users\asus\AppData\Roaming\Publish Providers
2015-07-24 20:56 - 2015-07-24 20:56 - 00002480 _____ C:\Users\asus\Desktop\Register Vegas Movie Studio HD.htm
2015-07-24 20:46 - 2015-07-24 22:06 - 00000000 ____D C:\Users\asus\Documents\Vegas Movie Studio HD 11.0 Projects
2015-07-24 20:43 - 2015-07-24 20:48 - 00000000 ____D C:\Users\asus\Downloads\Movie studio hd 11 + Keygen
2015-07-24 20:38 - 2015-07-24 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-07-24 20:37 - 2015-07-24 20:46 - 00000000 ____D C:\Users\asus\AppData\Local\Sony
2015-07-24 20:37 - 2015-07-24 20:37 - 00000000 ____D C:\Windows\SysWOW64\spool
2015-07-24 20:37 - 2015-07-24 20:37 - 00000000 ____D C:\ProgramData\Sony
2015-07-24 20:37 - 2015-07-24 20:37 - 00000000 ____D C:\Program Files (x86)\Sony
2015-07-24 20:34 - 2015-07-24 20:34 - 159757415 _____ C:\Users\asus\Downloads\Movie studio hd 11 + Keygen.rar
2015-07-24 20:17 - 2015-07-24 20:57 - 00000000 ____D C:\Users\asus\AppData\Roaming\Sony
2015-07-23 11:09 - 2015-07-23 12:41 - 00000000 ____D C:\Users\asus\Downloads\musicas para domingo
2015-07-23 11:08 - 2015-07-23 11:09 - 00000000 ____D C:\Users\asus\Downloads\Programas
2015-07-21 11:15 - 2015-07-21 11:15 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-20 11:33 - 2015-07-20 11:33 - 01351728 _____ C:\Users\asus\Desktop\Rec003.avi
2015-07-20 11:20 - 2015-07-20 11:20 - 00001004 _____ C:\Users\Public\Desktop\Screen Recorder.lnk
2015-07-20 11:20 - 2015-07-20 11:20 - 00000000 ____D C:\Users\asus\AppData\Roaming\ZD Soft
2015-07-20 11:20 - 2015-07-20 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZD Soft
2015-07-20 11:20 - 2015-07-20 11:20 - 00000000 ____D C:\Program Files (x86)\ZD Soft
2015-07-20 11:18 - 2015-07-20 11:18 - 02441728 _____ C:\Users\asus\Downloads\ScnRec.msi
2015-07-20 11:01 - 2015-07-20 11:10 - 00000000 ____D C:\Users\asus\Desktop\Beckup Celular
2015-07-20 11:00 - 2015-07-20 22:32 - 00000000 ____D C:\Users\asus\Desktop\My Fotos
2015-07-17 21:59 - 2015-07-24 20:17 - 00000000 ____D C:\Users\asus\Downloads\Músicas
2015-07-17 21:57 - 2015-07-17 21:59 - 00000000 ____D C:\Users\asus\Downloads\Facul
2015-07-16 11:51 - 2015-07-25 23:22 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 11:51 - 2015-07-16 12:19 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-16 11:51 - 2015-07-16 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-16 11:50 - 2015-07-16 12:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-16 11:50 - 2015-07-16 11:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-16 11:50 - 2015-06-18 09:48 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-16 11:50 - 2015-06-18 09:47 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-16 11:50 - 2015-06-18 09:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-16 11:49 - 2015-07-16 11:49 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\asus\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-07-15 23:34 - 2015-07-25 09:40 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf6ffa28da95.job
2015-07-15 23:34 - 2015-07-15 23:34 - 00004056 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0bf6ffa28da95
2015-07-10 08:54 - 2015-07-25 09:42 - 01765682 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-05 12:26 - 2015-07-05 12:26 - 00078279 _____ C:\Users\asus\Downloads\Planejamento Brigaderia.xlsx
2015-07-03 13:28 - 2015-07-03 13:28 - 00000000 ____D C:\Users\asus\Documents\Modelos Personalizados do Office
2015-07-02 15:35 - 2015-04-27 08:02 - 00198448 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-07-02 15:32 - 2015-07-02 15:32 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-06-30 23:11 - 2015-07-24 23:17 - 00000000 ____D C:\Users\asus\Desktop\OZ doces finos
2015-06-25 11:09 - 2015-07-25 23:06 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-25 23:22 - 2015-05-21 16:39 - 01574603 _____ C:\Windows\WindowsUpdate.log
2015-07-25 23:06 - 2015-06-23 13:19 - 00003756 _____ C:\Windows\System32\Tasks\AutoKMS
2015-07-25 23:06 - 2015-05-28 12:09 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-07-25 23:03 - 2015-05-25 14:03 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2144182778-2948468438-3455390907-1001
2015-07-25 23:02 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\sru
2015-07-25 22:59 - 2015-05-25 15:23 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 09:42 - 2012-08-02 11:24 - 00770242 _____ C:\Windows\system32\prfh0416.dat
2015-07-25 09:42 - 2012-08-02 11:24 - 00157552 _____ C:\Windows\system32\prfc0416.dat
2015-07-25 09:39 - 2015-05-25 15:29 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d09718caeea4fb.job
2015-07-25 09:37 - 2012-07-26 04:21 - 00809770 _____ C:\Windows\setupact.log
2015-07-25 00:34 - 2015-05-25 15:23 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-24 23:42 - 2015-05-25 15:24 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-24 23:18 - 2012-07-26 04:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-24 23:17 - 2012-08-02 00:32 - 00029426 _____ C:\Windows\PFRO.log
2015-07-24 22:13 - 2012-07-26 05:12 - 00000000 ___RD C:\Windows\Offline Web Pages
2015-07-24 21:37 - 2012-08-02 00:52 - 00000000 ____D C:\Windows\ASUS
2015-07-24 20:39 - 2013-04-25 19:42 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-24 20:38 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-24 13:36 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-07-23 11:13 - 2015-05-29 14:28 - 00080896 ___SH C:\Users\asus\Downloads\Thumbs.db
2015-07-23 11:09 - 2015-05-31 00:29 - 00000000 ____D C:\Users\asus\AppData\Roaming\uTorrent
2015-07-21 13:13 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-21 11:15 - 2013-04-25 19:42 - 00000000 ____D C:\ProgramData\McAfee
2015-07-20 22:17 - 2012-07-26 04:59 - 00000000 ____D C:\Windows\CbsTemp
2015-07-20 22:11 - 2015-05-21 16:42 - 00000000 ____D C:\Users\asus\AppData\Local\VirtualStore
2015-07-15 23:34 - 2015-05-25 15:29 - 00004056 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d09718caeea4fb
2015-07-15 23:34 - 2015-05-25 15:23 - 00003820 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-05 12:26 - 2015-05-21 16:41 - 00000000 ____D C:\Users\asus\AppData\Local\Packages
2015-07-02 15:34 - 2013-04-25 19:42 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-07-02 15:33 - 2012-07-26 05:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-06-25 12:26 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\rescache
2015-06-25 12:16 - 2015-05-31 01:31 - 00430872 _____ C:\Windows\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2013-04-25 19:39 - 2012-09-07 08:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-25 19:39 - 2009-07-22 07:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-25 19:39 - 2012-09-07 08:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS
Some files in TEMP:
====================
C:\Users\asus\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\asus\AppData\Local\Temp\ose00000.exe
C:\Users\asus\AppData\Local\Temp\ResetDevice.exe
C:\Users\asus\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-17 13:30
==================== End of log ============================