Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-07-2015 Ran by asus (administrator) on PC3 (25-07-2015 23:28:02) Running from C:\Users\asus\Desktop Loaded Profiles: asus (Available Profiles: asus) Platform: Windows 8 Single Language (X64) Language: Português (Brasil) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.495.0\McCSPServiceHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_6224eed751126779\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcchhost.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saui.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-04-21] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-25] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation) HKLM-x32\...\Run: [ATLauncher] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1 HKLM-x32\...\Run: [ATUninstallIcon] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1 HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-24] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-24] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-2144182778-2948468438-3455390907-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2144182778-2948468438-3455390907-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-24] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-24] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-07-21] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-07-21] (McAfee, Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-07-21] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-07-21] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 187.122.119.11 187.122.119.111 Tcpip\..\Interfaces\{128E3A1F-F239-4E81-899E-5E4BE58A9FDC}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{2DB07E29-5CF4-4841-A841-E63A862EB609}: [DhcpNameServer] 187.122.119.11 187.122.119.111 FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] () FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-05-29] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-24] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-04-25] Chrome: ======= CHR Profile: C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-24] CHR Extension: (Google Drive) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-24] CHR Extension: (SiteAdvisor) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-24] CHR Extension: (Avast Online Security) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-25] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-24] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-22] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-22] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-24] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-20] (ASUS) S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-24] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-07-24] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-24] (Avast Software) S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-04-21] (Intel Corporation) S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-04-21] (Intel Corporation) S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-04-21] (Intel Corporation) S2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-07-21] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-04-08] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-05-14] (McAfee, Inc.) R2 mfevtp; C:\windows\system32\mfevtps.exe [250672 2015-04-08] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation) S2 KMSEmulator; C:\ProgramData\KMSAuto\KMSES.exe 1688 KillProcessOnPort [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-24] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-07-24] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-24] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454016 2015-07-24] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-24] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-24] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-24] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-24] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-24] (AVAST Software) S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-06-28] (ASUS Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-04-08] (McAfee, Inc.) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2015-03-23] (Windows (R) Win 7 DDK provider) R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-04-21] (Intel Corporation) R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [32968 2013-04-21] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [45880 2013-04-21] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-04-21] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-04-21] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-04-21] (Intel Corporation) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [402888 2015-04-08] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [338272 2015-04-08] (McAfee, Inc.) R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-04-08] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-04-08] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864200 2015-04-08] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335944 2015-04-08] (McAfee, Inc.) R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-24] (AVAST Software) R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [18232 2013-06-20] (ASUSTek Computer Inc.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-24] (Avast Software) U0 msahci; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-25 23:28 - 2015-07-25 23:29 - 00021722 _____ C:\Users\asus\Desktop\FRST.txt 2015-07-25 23:27 - 2015-07-25 23:28 - 00000000 ____D C:\FRST 2015-07-25 23:27 - 2015-07-25 23:27 - 00001208 _____ C:\Users\asus\Desktop\JRT.txt relatorio.txt 2015-07-25 23:25 - 2015-07-25 23:25 - 02146816 _____ (Farbar) C:\Users\asus\Desktop\FRST64.exe 2015-07-25 23:20 - 2015-07-25 23:20 - 00026624 ___SH C:\Users\asus\Desktop\Thumbs.db 2015-07-25 23:20 - 2015-07-25 23:20 - 00001208 _____ C:\Users\asus\Desktop\JRT.txt 2015-07-25 23:05 - 2015-07-25 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-07-25 23:02 - 2015-07-25 23:02 - 01798288 _____ (Malwarebytes Corporation) C:\Users\asus\Desktop\JRT.exe 2015-07-25 22:58 - 2015-07-25 22:58 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\18431BB3.sys 2015-07-24 23:30 - 2015-07-24 23:30 - 00000000 ____D C:\Windows\SysWOW64\vbox 2015-07-24 23:30 - 2015-07-24 23:30 - 00000000 ____D C:\Windows\system32\vbox 2015-07-24 23:30 - 2015-07-24 23:30 - 00000000 ____D C:\Users\asus\AppData\Roaming\AVAST Software 2015-07-24 23:29 - 2015-07-24 23:29 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-07-24 23:29 - 2015-07-24 23:29 - 00454016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2015-07-24 23:29 - 2015-07-24 23:29 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-07-24 23:29 - 2015-07-24 23:29 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-07-24 23:29 - 2015-07-24 23:29 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-07-24 23:29 - 2015-07-24 23:29 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-07-24 23:29 - 2015-07-24 23:29 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys 2015-07-24 23:29 - 2015-07-24 23:29 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-07-24 23:29 - 2015-07-24 23:29 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-07-24 23:29 - 2015-07-24 23:29 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-07-24 23:29 - 2015-07-24 23:29 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-07-24 23:29 - 2015-07-24 23:29 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-07-24 23:29 - 2015-07-24 23:29 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2015-07-24 23:29 - 2015-07-24 23:29 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-07-24 23:29 - 2015-07-24 23:29 - 00001984 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk 2015-07-24 23:29 - 2015-07-24 23:29 - 00001924 _____ C:\Users\Public\Desktop\Avast Premier.lnk 2015-07-24 23:29 - 2015-07-24 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-07-24 23:27 - 2015-07-24 23:27 - 00000000 ____D C:\Program Files\AVAST Software 2015-07-24 23:26 - 2015-07-24 23:26 - 05657224 _____ (AVAST Software) C:\Users\asus\Downloads\avast_premier_antivirus_setup_online.exe 2015-07-24 23:26 - 2015-07-24 23:26 - 00000000 ____D C:\ProgramData\AVAST Software 2015-07-24 21:47 - 2015-07-24 21:47 - 00015064 _____ C:\Users\asus\Desktop\Untitled.vf 2015-07-24 21:18 - 2015-07-24 21:18 - 00000000 ____D C:\ProgramData\Baidu 2015-07-24 21:12 - 2015-07-24 21:12 - 00001204 _____ C:\Users\asus\Desktop\Format Factory.lnk 2015-07-24 21:12 - 2015-07-24 21:12 - 00000000 ____D C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory 2015-07-24 21:12 - 2015-07-24 21:12 - 00000000 ____D C:\Program Files (x86)\FreeTime 2015-07-24 21:12 - 2015-07-24 21:12 - 00000000 ____D C:\Program Files (x86)\55a461e2-f987-46cd-b121-ec0a8402deb5 2015-07-24 21:11 - 2015-07-02 14:14 - 00020248 _____ () C:\Windows\system32\roboot64.exe 2015-07-24 21:11 - 2012-07-26 02:26 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-07-24 21:04 - 2015-07-24 21:04 - 00003312 _____ C:\Windows\System32\Tasks\Format Factory 2015-07-24 21:02 - 2015-07-24 21:02 - 04506047 _____ (Free Time ) C:\Users\asus\Downloads\FormatFactory-3.6.0.5-WebInstaller.exe 2015-07-24 20:57 - 2015-07-24 20:57 - 00000000 ____D C:\Users\asus\AppData\Roaming\Publish Providers 2015-07-24 20:56 - 2015-07-24 20:56 - 00002480 _____ C:\Users\asus\Desktop\Register Vegas Movie Studio HD.htm 2015-07-24 20:46 - 2015-07-24 22:06 - 00000000 ____D C:\Users\asus\Documents\Vegas Movie Studio HD 11.0 Projects 2015-07-24 20:43 - 2015-07-24 20:48 - 00000000 ____D C:\Users\asus\Downloads\Movie studio hd 11 + Keygen 2015-07-24 20:38 - 2015-07-24 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-07-24 20:37 - 2015-07-24 20:46 - 00000000 ____D C:\Users\asus\AppData\Local\Sony 2015-07-24 20:37 - 2015-07-24 20:37 - 00000000 ____D C:\Windows\SysWOW64\spool 2015-07-24 20:37 - 2015-07-24 20:37 - 00000000 ____D C:\ProgramData\Sony 2015-07-24 20:37 - 2015-07-24 20:37 - 00000000 ____D C:\Program Files (x86)\Sony 2015-07-24 20:34 - 2015-07-24 20:34 - 159757415 _____ C:\Users\asus\Downloads\Movie studio hd 11 + Keygen.rar 2015-07-24 20:17 - 2015-07-24 20:57 - 00000000 ____D C:\Users\asus\AppData\Roaming\Sony 2015-07-23 11:09 - 2015-07-23 12:41 - 00000000 ____D C:\Users\asus\Downloads\musicas para domingo 2015-07-23 11:08 - 2015-07-23 11:09 - 00000000 ____D C:\Users\asus\Downloads\Programas 2015-07-21 11:15 - 2015-07-21 11:15 - 00000000 ____D C:\Program Files\Common Files\AV 2015-07-20 11:33 - 2015-07-20 11:33 - 01351728 _____ C:\Users\asus\Desktop\Rec003.avi 2015-07-20 11:20 - 2015-07-20 11:20 - 00001004 _____ C:\Users\Public\Desktop\Screen Recorder.lnk 2015-07-20 11:20 - 2015-07-20 11:20 - 00000000 ____D C:\Users\asus\AppData\Roaming\ZD Soft 2015-07-20 11:20 - 2015-07-20 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZD Soft 2015-07-20 11:20 - 2015-07-20 11:20 - 00000000 ____D C:\Program Files (x86)\ZD Soft 2015-07-20 11:18 - 2015-07-20 11:18 - 02441728 _____ C:\Users\asus\Downloads\ScnRec.msi 2015-07-20 11:01 - 2015-07-20 11:10 - 00000000 ____D C:\Users\asus\Desktop\Beckup Celular 2015-07-20 11:00 - 2015-07-20 22:32 - 00000000 ____D C:\Users\asus\Desktop\My Fotos 2015-07-17 21:59 - 2015-07-24 20:17 - 00000000 ____D C:\Users\asus\Downloads\Músicas 2015-07-17 21:57 - 2015-07-17 21:59 - 00000000 ____D C:\Users\asus\Downloads\Facul 2015-07-16 11:51 - 2015-07-25 23:22 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-16 11:51 - 2015-07-16 12:19 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-07-16 11:51 - 2015-07-16 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-07-16 11:50 - 2015-07-16 12:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-16 11:50 - 2015-07-16 11:50 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-07-16 11:50 - 2015-06-18 09:48 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-07-16 11:50 - 2015-06-18 09:47 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-07-16 11:50 - 2015-06-18 09:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-07-16 11:49 - 2015-07-16 11:49 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\asus\Downloads\mbam-setup-sem-2.1.6.1022.exe 2015-07-15 23:34 - 2015-07-25 09:40 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf6ffa28da95.job 2015-07-15 23:34 - 2015-07-15 23:34 - 00004056 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0bf6ffa28da95 2015-07-10 08:54 - 2015-07-25 09:42 - 01765682 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-05 12:26 - 2015-07-05 12:26 - 00078279 _____ C:\Users\asus\Downloads\Planejamento Brigaderia.xlsx 2015-07-03 13:28 - 2015-07-03 13:28 - 00000000 ____D C:\Users\asus\Documents\Modelos Personalizados do Office 2015-07-02 15:35 - 2015-04-27 08:02 - 00198448 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys 2015-07-02 15:32 - 2015-07-02 15:32 - 00000000 ____D C:\Windows\System32\Tasks\McAfee 2015-06-30 23:11 - 2015-07-24 23:17 - 00000000 ____D C:\Users\asus\Desktop\OZ doces finos 2015-06-25 11:09 - 2015-07-25 23:06 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-25 23:22 - 2015-05-21 16:39 - 01574603 _____ C:\Windows\WindowsUpdate.log 2015-07-25 23:06 - 2015-06-23 13:19 - 00003756 _____ C:\Windows\System32\Tasks\AutoKMS 2015-07-25 23:06 - 2015-05-28 12:09 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2 2015-07-25 23:03 - 2015-05-25 14:03 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2144182778-2948468438-3455390907-1001 2015-07-25 23:02 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\sru 2015-07-25 22:59 - 2015-05-25 15:23 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-25 09:42 - 2012-08-02 11:24 - 00770242 _____ C:\Windows\system32\prfh0416.dat 2015-07-25 09:42 - 2012-08-02 11:24 - 00157552 _____ C:\Windows\system32\prfc0416.dat 2015-07-25 09:39 - 2015-05-25 15:29 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d09718caeea4fb.job 2015-07-25 09:37 - 2012-07-26 04:21 - 00809770 _____ C:\Windows\setupact.log 2015-07-25 00:34 - 2015-05-25 15:23 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-24 23:42 - 2015-05-25 15:24 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-24 23:18 - 2012-07-26 04:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-24 23:17 - 2012-08-02 00:32 - 00029426 _____ C:\Windows\PFRO.log 2015-07-24 22:13 - 2012-07-26 05:12 - 00000000 ___RD C:\Windows\Offline Web Pages 2015-07-24 21:37 - 2012-08-02 00:52 - 00000000 ____D C:\Windows\ASUS 2015-07-24 20:39 - 2013-04-25 19:42 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-07-24 20:38 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-07-24 13:36 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\AUInstallAgent 2015-07-23 11:13 - 2015-05-29 14:28 - 00080896 ___SH C:\Users\asus\Downloads\Thumbs.db 2015-07-23 11:09 - 2015-05-31 00:29 - 00000000 ____D C:\Users\asus\AppData\Roaming\uTorrent 2015-07-21 13:13 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-07-21 11:15 - 2013-04-25 19:42 - 00000000 ____D C:\ProgramData\McAfee 2015-07-20 22:17 - 2012-07-26 04:59 - 00000000 ____D C:\Windows\CbsTemp 2015-07-20 22:11 - 2015-05-21 16:42 - 00000000 ____D C:\Users\asus\AppData\Local\VirtualStore 2015-07-15 23:34 - 2015-05-25 15:29 - 00004056 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d09718caeea4fb 2015-07-15 23:34 - 2015-05-25 15:23 - 00003820 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-05 12:26 - 2015-05-21 16:41 - 00000000 ____D C:\Users\asus\AppData\Local\Packages 2015-07-02 15:34 - 2013-04-25 19:42 - 00000000 ____D C:\Program Files\Common Files\mcafee 2015-07-02 15:33 - 2012-07-26 05:12 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-06-25 12:26 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\rescache 2015-06-25 12:16 - 2015-05-31 01:31 - 00430872 _____ C:\Windows\system32\FNTCACHE.DAT ==================== Files in the root of some directories ======= 2013-04-25 19:39 - 2012-09-07 08:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2013-04-25 19:39 - 2009-07-22 07:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2013-04-25 19:39 - 2012-09-07 08:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Files to move or delete: ==================== C:\ProgramData\SetStretch.VBS Some files in TEMP: ==================== C:\Users\asus\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\asus\AppData\Local\Temp\ose00000.exe C:\Users\asus\AppData\Local\Temp\ResetDevice.exe C:\Users\asus\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-17 13:30 ==================== End of log ============================