Jump to content

rstew2207

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by rstew2207

  1. Good evening, I hope this finds everyone well. A few hours ago I was browsing online for some info for an essay, and I was dumb enough to click a website that redirected me. I can't really remember to where, but I didn't let it load. I clicked back immediately. Nothing was downloaded. I was using Google chrome. I used virustotal and the website came up as malware. I cleared Google chrome cache, history etc etc, I have malware bytes on my phone so I scanned it nothing came up, scanned with Avast nothing came up, no downloads at all. I downloaded sophos, which identified a .com.google.chrome file as PUA, which i immediately deleted. My phone isn't acting strange or anything, I don't do banking on it as I have a separate device to do so. But sophos also identified another app as PUA, but it's a safe app. Should I be worried? What else can I do? I'm paranoid.
  2. Good evening Kevin, thank you so much. I'm glad this was just me panicking. Thank you for your amazing work and I will soon make a donation. Here's the log: # Run at 02/11/2020 22:52:35 # KpRm (Kernel-panik) version 2.8 # Website https://kernel-panik.me/tool/kprm/ # Run by Rita from C:\Users\Rita\Downloads # Computer Name: CALI # OS: Windows 8.1 X64 (9600) # Number of passes: 1 - Checked options - ~ Registry Backup ~ Delete Tools ~ Restore System Settings ~ UAC Restore ~ Delete Restore Points ~ Create Restore Point ~ Delete Quarantines after 7 days - Create Registry Backup - ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up ~ [OK] Hive C:\Users\Rita\NTUSER.dat backed up [OK] Registry Backup: C:\KPRM\backup\2020-11-02-22-52-35 - Delete Tools - ## AdwCleaner [OK] C:\Users\Rita\Downloads\AdwCleaner (1).exe deleted [OK] C:\Users\Rita\Downloads\AdwCleaner.exe deleted ## FRST [OK] C:\Users\Rita\Downloads\Addition.txt deleted [OK] C:\Users\Rita\Downloads\FRST.txt deleted [OK] C:\Users\Rita\Downloads\FRST64.exe deleted - Other Lines - ## Quarantines that will be deleted in 7 days (2020/11/09) ~ C:\AdwCleaner (AdwCleaner) ~ C:\FRST (FRST) - Restore System Settings - [OK] Reset WinSock [OK] FLUSHDNS [OK] Hide Hidden file. [OK] Show Extensions for known file types [OK] Hide protected operating system files - Restore UAC - [OK] Set EnableLUA with default (1) value [OK] Set ConsentPromptBehaviorAdmin with default (5) value [OK] Set ConsentPromptBehaviorUser with default (3) value [OK] Set EnableInstallerDetection with default (0) value [OK] Set EnableSecureUIAPaths with default (1) value [OK] Set EnableUIADesktopToggle with default (0) value [OK] Set EnableVirtualization with default (1) value [OK] Set FilterAdministratorToken with default (0) value [OK] Set PromptOnSecureDesktop with default (1) value [OK] Set ValidateAdminCodeSignatures with default (0) value - Clear Restore Points - ~ [OK] RP named Ponto de Verificação Agendado created at 10/13/2020 12:33:35 deleted ~ [OK] RP named Ponto de Verificação Agendado created at 10/21/2020 14:03:48 deleted ~ [OK] RP named Windows Update created at 10/26/2020 16:15:11 deleted ~ [OK] RP named Removed DaVinci Resolve Panels created at 11/01/2020 16:35:04 deleted [OK] All system restore points have been successfully deleted - Create Restore Point - [OK] System Restore Point created - Display System Restore Point - ~ RP named KpRm created at 11/02/2020 22:54:58 -- KPRM finished in 256.91s --
  3. Good Morning Kevin, I left Sophos scanning during the night and it states my computer is completely clean and no threats found. Am I safe?
  4. Okay thank you Kevin you were very helpful. I will have the Sopho's running until it scans completely. I was just worried i could have some sort of Trojan or even ransom ware which i want to stay away from. I didn't download anything at all or visit fishy websites, but I'm super paranoid. I just got scared with that google message "Our systems have detected unusual traffic from your computer network". Maybe this is nothing but just to be safe. Thank you!
  5. Alright here it is: --------------------------------------------------------------------------------------- Microsoft Safety Scanner v1.0, (build 1.327.152.0) Started On Sun Nov 01 19:19:49 2020 ->Scan ERROR: resource process://pid:312,ProcessStart:132487277734027368 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:456,ProcessStart:132487277870580025 (code 0x00000Microsoft Safety Scanner Finished On Sun Nov 01 19:20:33 2020 Return code: 0 (0x0) 0x00000005 (5)) ->Scan ERROR: resource process://pid:620,ProcessStart:132487277895510560 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:2572,ProcessStart:132487278326864496 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:4400,ProcessStart:132487278776572662 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:1400,ProcessStart:132487316719393923 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:5252,ProcessStart:132487319906821936 (code 0x0000012B (299)) ->Scan ERROR: resource process://pid:3160,ProcessStart:132487320074858788 (code 0x0000012B (299)) ->Scan ERROR: resource process://pid:4400,ProcessStart:132487278776572662 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:2572,ProcessStart:132487278326864496 (code 0x00000005 (5)) ->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33)) ->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33)) ->Scan ERROR: resource process://pid:2572,ProcessStart:132487278326864496 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:2572,ProcessStart:132487278326864496 (code 0x00000005 (5)) Results Summary: ---------------- No infection found. Microsoft Safety Scanner Finished On Sun Nov 01 19:36:40 2020 Return code: 0 (0x0) Windows defender keeps showing the same message "preliminary scan results show that malicious or potentially unwanted software might exist"
  6. Oops I think I might have pasted too much, I'm now pasting the FRST.txt and attaching the log. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2020 Ran by Rita (administrator) on CALI (TOSHIBA SATELLITE L50-B) (01-11-2020 18:49:55) Running from C:\Users\Rita\Downloads Loaded Profiles: Rita & Rita Work Platform: Windows 8.1 (Update) (X64) Language: Português (Portugal) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V. -> SurfRight B.V.) C:\Users\Rita\Downloads\HitmanPro_x64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Run: [Spotify] => C:\Users\Rita\AppData\Roaming\Spotify\Spotify.exe [22941928 2020-10-25] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\MountPoints2: {5ec93414-da1c-11e9-827e-a088699b1d05} - "D:\autorun.exe" /autorun HKLM\...\Windows x64\Print Processors\Canon MP280 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAA.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MP280 series: C:\Windows\system32\CNMLMAA.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-22] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\86.0.6394.76\Installer\chrmstp.exe [2020-11-01] (Avast Software s.r.o. -> AVAST Software) GroupPolicy: Restriction ? <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {26629E70-3A4C-459E-BD0C-F1E28BF3C6B4} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {2BC71FE0-6F69-4699-BD6B-2A3E8BC31023} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe Task: {3C4CB13B-9859-4EFB-ACC9-AB5F34ABA04F} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software) Task: {5F22B91B-2894-4216-8AB8-BF0E1B7045CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Addition.txt
  7. Hi Kevin, thank you for assisting me. Here is the file. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2020 Ran by Rita (administrator) on CALI (TOSHIBA SATELLITE L50-B) (01-11-2020 18:30:24) Running from C:\Users\Rita\Downloads Loaded Profiles: Rita & Rita Work Platform: Windows 8.1 (Update) (X64) Language: Português (Portugal) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <21> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V. -> SurfRight B.V.) C:\Users\Rita\Downloads\HitmanPro_x64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Run: [Spotify] => C:\Users\Rita\AppData\Roaming\Spotify\Spotify.exe [22941928 2020-10-25] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\MountPoints2: {5ec93414-da1c-11e9-827e-a088699b1d05} - "D:\autorun.exe" /autorun HKLM\...\Windows x64\Print Processors\Canon MP280 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAA.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MP280 series: C:\Windows\system32\CNMLMAA.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-22] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\86.0.6394.76\Installer\chrmstp.exe [2020-11-01] (Avast Software s.r.o. -> AVAST Software) GroupPolicy: Restriction ? <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {26629E70-3A4C-459E-BD0C-F1E28BF3C6B4} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {2BC71FE0-6F69-4699-BD6B-2A3E8BC31023} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe Task: {3C4CB13B-9859-4EFB-ACC9-AB5F34ABA04F} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software) Task: {5F22B91B-2894-4216-8AB8-BF0E1B7045CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {70318ED9-945C-458D-B98C-1107D601B472} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-02] (Google Inc -> Google Inc.) Task: {7C225AFC-289A-4F2E-86DF-2F966B39BD2C} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe Task: {970C584F-1842-4BCD-9E17-16782872F129} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Rita\Downloads\AdwCleaner.exe [8447152 2020-11-01] (Malwarebytes Inc -> Malwarebytes) Task: {979813F0-ADE7-4AB3-B2A6-4A8751D92847} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2117880 2020-10-13] (Avast Software s.r.o. -> AVAST Software) Task: {A31B6D28-F033-493E-9C58-88F3B5D5AAD8} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software) Task: {E67EAF63-EB0D-438B-8DA3-2E4BFA90631A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2117880 2020-10-13] (Avast Software s.r.o. -> AVAST Software) Task: {EF1621E5-8466-495C-9839-159CEA489FF9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {F1C205C4-1B52-4991-8368-313D3EB7B0AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-02] (Google Inc -> Google Inc.) Task: {F75C9AFA-6E15-4BB3-811C-77206021C2A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {F9ECEA70-B2AC-4163-9C94-567886FB7D8D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{C67FECE2-A0BC-4F05-A8D8-7A3754E0BB0B}: [DhcpNameServer] 192.168.1.1 Edge: ====== Edge DefaultProfile: Default Edge Profile: C:\Users\Rita\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-20] FireFox: ======== FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN) FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-11-01] (Avast Software s.r.o. -> AVAST Software) FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-11-01] (Avast Software s.r.o. -> AVAST Software) FF Plugin HKU\S-1-5-21-1423373995-1004855960-1227593991-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\Rita\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin HKU\S-1-5-21-1423373995-1004855960-1227593991-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\Rita\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default [2020-11-01] CHR Notifications: Default -> hxxps://catracalivre.com.br; hxxps://mail.google.com CHR Extension: (Slides) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-02] CHR Extension: (Docs) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-02] CHR Extension: (Google Drive) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-01] CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-11-01] CHR Extension: (YouTube) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-02] CHR Extension: (Sheets) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-02] CHR Extension: (Google Docs Offline) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-01] CHR Extension: (AdBlock — best ad blocker) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-01] CHR Extension: (Tailwind Publisher) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbhgdhhefdphpikedbinecandoigdel [2020-11-01] CHR Extension: (Pinterest Save Button) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2020-10-06] CHR Extension: (Grammarly for Chrome) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-11-01] CHR Extension: (Iron Man-Material Design) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nekeenfmlfhgoaojceionblcpbbjmnpk [2019-03-27] CHR Extension: (Chrome Web Store Payments) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06] CHR Extension: (Gmail) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-01] CHR Extension: (Chrome Media Router) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-19] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software) S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\86.0.6394.76\elevation_service.exe [1348304 2020-10-13] (Avast Software s.r.o. -> AVAST Software) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [162392 2020-11-01] (SurfRight B.V. -> SurfRight B.V.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7265328 2020-11-01] (Malwarebytes Inc -> Malwarebytes) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2329392 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3203888 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-11-01] (Malwarebytes Corporation -> Malwarebytes) R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [57728 2020-11-01] (SurfRight B.V. -> ) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217600 2020-11-01] (Malwarebytes Inc -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-11-01] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [74936 2020-11-01] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-11-01] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [134304 2020-11-01] (Malwarebytes Inc -> Malwarebytes) R3 MpKsl4798acf0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BFAC00F-5EB1-4437-9C1F-E9EDC5BA1942}\MpKslDrv.sys [47336 2020-11-01] (Microsoft Windows -> Microsoft Corporation) U5 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [126464 2014-11-21] (Microsoft Windows -> Microsoft Corporation) S3 qcfilter; C:\Windows\System32\drivers\qcusbfilter.sys [49208 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated) S3 qcusbnet; C:\Windows\system32\DRIVERS\qcusbnet.sys [428600 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated) R3 QIOMem; C:\Windows\System32\drivers\QIOMem.sys [14000 2013-08-22] (WDKTestCert 1,130202426583431586 -> TOSHIBA) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) S3 tapnordvpn; C:\Windows\system32\DRIVERS\tapnordvpn.sys [35592 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (TOSHIBA CORPORATION -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) U3 aswbdisk; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-11-01 18:30 - 2020-11-01 18:32 - 000016798 _____ C:\Users\Rita\Downloads\FRST.txt 2020-11-01 18:29 - 2020-11-01 18:31 - 000000000 ____D C:\FRST 2020-11-01 18:28 - 2020-11-01 18:28 - 002299904 _____ (Farbar) C:\Users\Rita\Downloads\FRST64.exe 2020-11-01 18:22 - 2020-11-01 18:22 - 011431000 _____ (SurfRight B.V.) C:\Users\Rita\Downloads\HitmanPro_x64.exe 2020-11-01 18:22 - 2020-11-01 18:22 - 000057728 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2020-11-01 18:22 - 2020-11-01 18:22 - 000001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2020-11-01 18:22 - 2020-11-01 18:22 - 000001869 _____ C:\ProgramData\Desktop\HitmanPro.lnk 2020-11-01 18:22 - 2020-11-01 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2020-11-01 18:22 - 2020-11-01 18:22 - 000000000 ____D C:\ProgramData\HitmanPro 2020-11-01 18:22 - 2020-11-01 18:22 - 000000000 ____D C:\Program Files\HitmanPro 2020-11-01 18:12 - 2020-11-01 18:12 - 000074936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2020-11-01 18:11 - 2020-11-01 18:11 - 000217600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2020-11-01 18:11 - 2020-11-01 18:11 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2020-11-01 18:11 - 2020-11-01 18:11 - 000134304 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2020-11-01 18:08 - 2020-11-01 18:08 - 008447152 _____ (Malwarebytes) C:\Users\Rita\Downloads\AdwCleaner (1).exe 2020-11-01 18:07 - 2020-11-01 18:07 - 000003088 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot 2020-11-01 18:04 - 2020-11-01 18:04 - 008447152 _____ (Malwarebytes) C:\Users\Rita\Downloads\AdwCleaner.exe 2020-11-01 17:25 - 2020-11-01 17:35 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2020-11-01 17:20 - 2020-11-01 17:28 - 000422580 _____ C:\Windows\ntbtlog.txt 2020-11-01 16:52 - 2020-11-01 16:52 - 000288440 _____ C:\Windows\Minidump\110120-65156-01.dmp 2020-11-01 16:28 - 2020-11-01 16:29 - 000288520 _____ C:\Windows\Minidump\110120-45500-01.dmp 2020-11-01 16:06 - 2020-11-01 16:06 - 000003732 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) 2020-11-01 16:06 - 2020-11-01 16:06 - 000003150 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon) 2020-11-01 16:06 - 2020-11-01 16:06 - 000002513 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk 2020-11-01 16:06 - 2020-11-01 16:06 - 000002478 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk 2020-11-01 16:06 - 2020-11-01 16:06 - 000002478 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk 2020-11-01 16:06 - 2020-11-01 16:06 - 000000000 ____D C:\Users\Rita\AppData\Local\AVAST Software 2020-11-01 16:05 - 2020-11-01 16:05 - 000003482 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineUA 2020-11-01 16:05 - 2020-11-01 16:05 - 000003354 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineCore 2020-11-01 16:05 - 2020-11-01 16:05 - 000000000 ____D C:\Program Files (x86)\AVAST Software 2020-11-01 15:37 - 2020-11-01 16:51 - 000000000 ____D C:\ProgramData\Avast Software 2020-11-01 15:30 - 2020-11-01 15:30 - 000000000 ____D C:\Windows\system32\Tasks\AVG 2020-11-01 15:29 - 2020-11-01 16:33 - 000004162 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update 2020-11-01 15:24 - 2020-11-01 17:33 - 000000000 ____D C:\ProgramData\AVG 2020-11-01 15:19 - 2020-11-01 15:19 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2020-10-24 21:23 - 2020-10-24 21:23 - 000009746 _____ C:\Users\Rita\AppData\Local\recently-used.xbel 2020-10-14 10:47 - 2020-09-30 07:20 - 000135240 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll 2020-10-14 10:47 - 2020-09-30 03:04 - 003332608 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2020-10-14 10:47 - 2020-09-30 02:56 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2020-10-14 10:47 - 2020-09-30 02:48 - 001118720 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll 2020-10-14 10:47 - 2020-09-30 02:15 - 001381888 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2020-10-14 10:47 - 2020-09-29 05:32 - 000115616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll 2020-10-14 10:47 - 2020-09-29 04:11 - 003642368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2020-10-14 10:47 - 2020-09-29 04:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2020-10-14 10:47 - 2020-09-29 03:54 - 001067520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll 2020-10-14 10:47 - 2020-09-24 06:47 - 000120832 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll 2020-10-14 10:47 - 2020-09-24 06:43 - 002535968 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2020-10-14 10:47 - 2020-09-24 06:36 - 007363320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2020-10-14 10:47 - 2020-09-24 06:36 - 002173392 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll 2020-10-14 10:47 - 2020-09-24 06:01 - 025759232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2020-10-14 10:47 - 2020-09-24 05:01 - 000098104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll 2020-10-14 10:47 - 2020-09-24 05:00 - 001902240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2020-10-14 10:47 - 2020-09-24 04:53 - 001561296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll 2020-10-14 10:47 - 2020-09-24 04:28 - 002914304 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2020-10-14 10:47 - 2020-09-24 04:25 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2020-10-14 10:47 - 2020-09-24 04:25 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2020-10-14 10:47 - 2020-09-24 04:16 - 005500416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2020-10-14 10:47 - 2020-09-24 04:14 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2020-10-14 10:47 - 2020-09-24 04:13 - 020293632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2020-10-14 10:47 - 2020-09-24 04:04 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\cmdial32.dll 2020-10-14 10:47 - 2020-09-24 03:57 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2020-10-14 10:47 - 2020-09-24 03:55 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2020-10-14 10:47 - 2020-09-24 03:54 - 002306048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2020-10-14 10:47 - 2020-09-24 03:53 - 000477696 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2020-10-14 10:47 - 2020-09-24 03:53 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2020-10-14 10:47 - 2020-09-24 03:52 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2020-10-14 10:47 - 2020-09-24 03:51 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2020-10-14 10:47 - 2020-09-24 03:47 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2020-10-14 10:47 - 2020-09-24 03:47 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2020-10-14 10:47 - 2020-09-24 03:41 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2020-10-14 10:47 - 2020-09-24 03:40 - 015494144 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2020-10-14 10:47 - 2020-09-24 03:39 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2020-10-14 10:47 - 2020-09-24 03:39 - 000484352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmdial32.dll 2020-10-14 10:47 - 2020-09-24 03:39 - 000381952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2020-10-14 10:47 - 2020-09-24 03:38 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2020-10-14 10:47 - 2020-09-24 03:37 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2020-10-14 10:47 - 2020-09-24 03:33 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2020-10-14 10:47 - 2020-09-24 03:32 - 000392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2020-10-14 10:47 - 2020-09-24 03:32 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2020-10-14 10:47 - 2020-09-24 03:31 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2020-10-14 10:47 - 2020-09-24 03:30 - 000279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2020-10-14 10:47 - 2020-09-24 03:30 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2020-10-14 10:47 - 2020-09-24 03:29 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2020-10-14 10:47 - 2020-09-24 03:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2020-10-14 10:47 - 2020-09-24 03:27 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2020-10-14 10:47 - 2020-09-24 03:26 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2020-10-14 10:47 - 2020-09-24 03:26 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2020-10-14 10:47 - 2020-09-24 03:26 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll 2020-10-14 10:47 - 2020-09-24 03:25 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2020-10-14 10:47 - 2020-09-24 03:23 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2020-10-14 10:47 - 2020-09-24 03:22 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2020-10-14 10:47 - 2020-09-24 03:22 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2020-10-14 10:47 - 2020-09-24 03:21 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2020-10-14 10:47 - 2020-09-24 03:20 - 013872640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2020-10-14 10:47 - 2020-09-24 03:18 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll 2020-10-14 10:47 - 2020-09-24 03:15 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2020-10-14 10:47 - 2020-09-24 03:13 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdSSDP.dll 2020-10-14 10:47 - 2020-09-24 03:10 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2020-10-14 10:47 - 2020-09-24 03:08 - 000905728 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2020-10-14 10:47 - 2020-09-24 03:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll 2020-10-14 10:47 - 2020-09-24 03:07 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2020-10-14 10:47 - 2020-09-24 03:07 - 001099264 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2020-10-14 10:47 - 2020-09-24 03:06 - 000866304 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2020-10-14 10:47 - 2020-09-24 03:04 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2020-10-14 10:47 - 2020-09-24 03:03 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2020-10-14 10:47 - 2020-09-24 03:01 - 001920512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2020-10-14 10:47 - 2020-09-24 03:00 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2020-10-14 10:47 - 2020-09-24 03:00 - 000711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2020-10-14 10:47 - 2020-09-24 02:59 - 000710656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2020-10-14 10:47 - 2020-09-24 02:55 - 003826176 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2020-10-14 10:47 - 2020-09-24 02:55 - 003551744 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2020-10-14 10:47 - 2020-09-24 02:53 - 001684992 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll 2020-10-14 10:47 - 2020-09-24 02:52 - 003278848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2020-10-14 10:47 - 2020-09-15 07:06 - 001311776 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2020-10-14 10:47 - 2020-09-15 06:57 - 000325320 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2020-10-14 10:47 - 2020-09-15 05:24 - 000245752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2020-10-14 10:47 - 2020-09-15 04:49 - 000281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2020-10-14 10:47 - 2020-09-15 04:15 - 001040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2020-10-14 10:47 - 2020-09-11 16:31 - 000367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\es.dll 2020-10-14 10:47 - 2020-09-11 09:39 - 000288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys 2020-10-14 10:47 - 2020-09-11 08:23 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\es.dll 2020-10-14 10:47 - 2020-09-10 23:49 - 001370680 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2020-10-14 10:47 - 2020-09-10 21:27 - 000564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2020-10-14 10:47 - 2020-09-10 20:51 - 000642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2020-10-14 10:47 - 2020-09-10 20:51 - 000005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2020-10-14 10:47 - 2020-09-10 20:20 - 001757184 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2020-10-14 10:47 - 2020-09-10 20:14 - 002349056 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2020-10-14 10:47 - 2020-09-10 20:11 - 001088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2020-10-14 10:47 - 2020-09-10 20:02 - 001495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2020-10-14 10:47 - 2020-09-10 19:56 - 001551360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2020-10-14 10:47 - 2020-09-10 01:24 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2020-10-06 19:31 - 2020-11-01 17:54 - 000000000 ____D C:\Users\Rita\AppData\Roaming\Zoom ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-11-01 18:28 - 2018-10-02 15:04 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1423373995-1004855960-1227593991-1001 2020-11-01 18:18 - 2018-10-02 15:51 - 000003922 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{C703184D-32CD-4421-ADA6-45EB4E27C911} 2020-11-01 18:10 - 2018-10-08 21:25 - 000000000 __SHD C:\Users\Rita\IntelGraphicsProfiles 2020-11-01 18:10 - 2013-08-22 14:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-11-01 18:07 - 2018-10-02 16:01 - 000000000 ____D C:\AdwCleaner 2020-11-01 17:46 - 2019-10-29 00:29 - 000000000 ____D C:\Users\Rita Work 2020-11-01 17:38 - 2020-07-17 19:12 - 000000000 ____D C:\Users\Rita\AppData\Local\CrashDumps 2020-11-01 17:12 - 2013-08-22 13:36 - 000000000 ____D C:\Windows\Inf 2020-11-01 17:11 - 2018-10-02 14:58 - 000000000 ____D C:\Users\Rita 2020-11-01 16:52 - 2019-02-12 15:38 - 000000000 ____D C:\Windows\Minidump 2020-11-01 16:51 - 2019-02-12 15:38 - 475126123 _____ C:\Windows\MEMORY.DMP 2020-11-01 16:18 - 2014-11-21 03:49 - 001731048 _____ C:\Windows\system32\PerfStringBackup.INI 2020-11-01 16:18 - 2014-11-21 03:05 - 000754718 _____ C:\Windows\system32\prfh0816.dat 2020-11-01 16:18 - 2014-11-21 03:05 - 000156386 _____ C:\Windows\system32\prfc0816.dat 2020-11-01 15:19 - 2019-08-31 00:10 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-11-01 15:19 - 2019-08-31 00:10 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-11-01 15:16 - 2019-08-31 00:10 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2020-10-31 12:58 - 2019-10-03 11:50 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2020-10-31 12:58 - 2019-10-03 11:50 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2020-10-29 22:06 - 2018-10-04 19:22 - 000795000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2020-10-25 22:18 - 2018-12-25 00:46 - 000000000 ____D C:\Users\Rita\AppData\Local\Spotify 2020-10-25 22:16 - 2018-12-25 00:45 - 000000000 ____D C:\Users\Rita\AppData\Roaming\Spotify 2020-10-24 21:31 - 2018-10-23 20:58 - 000000000 ____D C:\Users\Rita\AppData\Local\gtk-2.0 2020-10-24 21:31 - 2018-10-23 20:47 - 000000000 ____D C:\Users\Rita\AppData\Local\babl-0.1 2020-10-22 11:20 - 2018-10-02 15:53 - 000002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-10-22 11:20 - 2018-10-02 15:53 - 000002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-10-22 11:20 - 2018-10-02 15:53 - 000002199 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-10-21 14:08 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\rescache 2020-10-19 20:24 - 2020-05-07 17:43 - 000000000 ____D C:\Users\Rita\AppData\Roaming\vlc 2020-10-19 11:17 - 2013-08-22 13:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2020-10-19 11:15 - 2013-08-22 15:36 - 000000000 ___RD C:\Windows\ToastData 2020-10-15 19:40 - 2018-10-02 15:52 - 000003442 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2020-10-15 19:40 - 2018-10-02 15:52 - 000003314 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2020-10-14 11:09 - 2013-08-22 15:20 - 000000000 ____D C:\Windows\CbsTemp 2020-10-08 21:20 - 2019-10-23 20:41 - 000003450 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0 2020-10-08 19:34 - 2019-10-29 00:39 - 000003600 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1423373995-1004855960-1227593991-1003 2020-10-05 17:58 - 2013-08-22 15:36 - 000000000 ___HD C:\Program Files\WindowsApps 2020-10-05 17:58 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\AppReadiness 2020-10-05 14:48 - 2019-10-29 00:30 - 000000000 __SHD C:\Users\Rita Work\IntelGraphicsProfiles 2020-10-02 20:58 - 2020-06-14 21:01 - 000835472 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe 2020-10-02 20:58 - 2020-06-14 21:01 - 000179608 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======== 2019-09-28 21:25 - 2019-09-28 21:25 - 000000410 _____ () C:\Users\Rita\AppData\Local\oobelibMkey.log 2020-10-24 21:23 - 2020-10-24 21:23 - 000009746 _____ () C:\Users\Rita\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2020 Ran by Rita (administrator) on CALI (TOSHIBA SATELLITE L50-B) (01-11-2020 18:38:15) Running from C:\Users\Rita\Downloads Loaded Profiles: Rita & Rita Work Platform: Windows 8.1 (Update) (X64) Language: Português (Portugal) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V. -> SurfRight B.V.) C:\Users\Rita\Downloads\HitmanPro_x64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Run: [Spotify] => C:\Users\Rita\AppData\Roaming\Spotify\Spotify.exe [22941928 2020-10-25] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\MountPoints2: {5ec93414-da1c-11e9-827e-a088699b1d05} - "D:\autorun.exe" /autorun HKLM\...\Windows x64\Print Processors\Canon MP280 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAA.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MP280 series: C:\Windows\system32\CNMLMAA.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-22] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\86.0.6394.76\Installer\chrmstp.exe [2020-11-01] (Avast Software s.r.o. -> AVAST Software) GroupPolicy: Restriction ? <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {26629E70-3A4C-459E-BD0C-F1E28BF3C6B4} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {2BC71FE0-6F69-4699-BD6B-2A3E8BC31023} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe Task: {3C4CB13B-9859-4EFB-ACC9-AB5F34ABA04F} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software) Task: {5F22B91B-2894-4216-8AB8-BF0E1B7045CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {70318ED9-945C-458D-B98C-1107D601B472} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-02] (Google Inc -> Google Inc.) Task: {7C225AFC-289A-4F2E-86DF-2F966B39BD2C} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe Task: {970C584F-1842-4BCD-9E17-16782872F129} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Rita\Downloads\AdwCleaner.exe [8447152 2020-11-01] (Malwarebytes Inc -> Malwarebytes) Task: {979813F0-ADE7-4AB3-B2A6-4A8751D92847} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2117880 2020-10-13] (Avast Software s.r.o. -> AVAST Software) Task: {A31B6D28-F033-493E-9C58-88F3B5D5AAD8} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software) Task: {E67EAF63-EB0D-438B-8DA3-2E4BFA90631A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2117880 2020-10-13] (Avast Software s.r.o. -> AVAST Software) Task: {EF1621E5-8466-495C-9839-159CEA489FF9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {F1C205C4-1B52-4991-8368-313D3EB7B0AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-02] (Google Inc -> Google Inc.) Task: {F75C9AFA-6E15-4BB3-811C-77206021C2A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {F9ECEA70-B2AC-4163-9C94-567886FB7D8D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{C67FECE2-A0BC-4F05-A8D8-7A3754E0BB0B}: [DhcpNameServer] 192.168.1.1 Edge: ====== Edge DefaultProfile: Default Edge Profile: C:\Users\Rita\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-20] FireFox: ======== FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN) FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-11-01] (Avast Software s.r.o. -> AVAST Software) FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-11-01] (Avast Software s.r.o. -> AVAST Software) FF Plugin HKU\S-1-5-21-1423373995-1004855960-1227593991-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\Rita\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin HKU\S-1-5-21-1423373995-1004855960-1227593991-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\Rita\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default [2020-11-01] CHR Notifications: Default -> hxxps://catracalivre.com.br; hxxps://mail.google.com CHR Extension: (Slides) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-02] CHR Extension: (Docs) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-02] CHR Extension: (Google Drive) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-01] CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-11-01] CHR Extension: (YouTube) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-02] CHR Extension: (Sheets) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-02] CHR Extension: (Google Docs Offline) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-01] CHR Extension: (AdBlock — best ad blocker) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-01] CHR Extension: (Tailwind Publisher) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbhgdhhefdphpikedbinecandoigdel [2020-11-01] CHR Extension: (Pinterest Save Button) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2020-10-06] CHR Extension: (Grammarly for Chrome) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-11-01] CHR Extension: (Iron Man-Material Design) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nekeenfmlfhgoaojceionblcpbbjmnpk [2019-03-27] CHR Extension: (Chrome Web Store Payments) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06] CHR Extension: (Gmail) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-01] CHR Extension: (Chrome Media Router) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-19] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software) S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software) S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\86.0.6394.76\elevation_service.exe [1348304 2020-10-13] (Avast Software s.r.o. -> AVAST Software) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [162392 2020-11-01] (SurfRight B.V. -> SurfRight B.V.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7265328 2020-11-01] (Malwarebytes Inc -> Malwarebytes) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2329392 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3203888 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-11-01] (Malwarebytes Corporation -> Malwarebytes) R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [57728 2020-11-01] (SurfRight B.V. -> ) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217600 2020-11-01] (Malwarebytes Inc -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-11-01] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [74936 2020-11-01] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-11-01] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [134304 2020-11-01] (Malwarebytes Inc -> Malwarebytes) R3 MpKsl4798acf0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BFAC00F-5EB1-4437-9C1F-E9EDC5BA1942}\MpKslDrv.sys [47336 2020-11-01] (Microsoft Windows -> Microsoft Corporation) U5 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [126464 2014-11-21] (Microsoft Windows -> Microsoft Corporation) S3 qcfilter; C:\Windows\System32\drivers\qcusbfilter.sys [49208 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated) S3 qcusbnet; C:\Windows\system32\DRIVERS\qcusbnet.sys [428600 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated) R3 QIOMem; C:\Windows\System32\drivers\QIOMem.sys [14000 2013-08-22] (WDKTestCert 1,130202426583431586 -> TOSHIBA) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) S3 tapnordvpn; C:\Windows\system32\DRIVERS\tapnordvpn.sys [35592 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (TOSHIBA CORPORATION -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) U3 aswbdisk; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-11-01 18:34 - 2020-11-01 18:38 - 000036544 _____ C:\Users\Rita\Downloads\Addition.txt 2020-11-01 18:30 - 2020-11-01 18:39 - 000016720 _____ C:\Users\Rita\Downloads\FRST.txt 2020-11-01 18:29 - 2020-11-01 18:39 - 000000000 ____D C:\FRST 2020-11-01 18:28 - 2020-11-01 18:28 - 002299904 _____ (Farbar) C:\Users\Rita\Downloads\FRST64.exe 2020-11-01 18:22 - 2020-11-01 18:22 - 011431000 _____ (SurfRight B.V.) C:\Users\Rita\Downloads\HitmanPro_x64.exe 2020-11-01 18:22 - 2020-11-01 18:22 - 000057728 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2020-11-01 18:22 - 2020-11-01 18:22 - 000001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2020-11-01 18:22 - 2020-11-01 18:22 - 000001869 _____ C:\ProgramData\Desktop\HitmanPro.lnk 2020-11-01 18:22 - 2020-11-01 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2020-11-01 18:22 - 2020-11-01 18:22 - 000000000 ____D C:\ProgramData\HitmanPro 2020-11-01 18:22 - 2020-11-01 18:22 - 000000000 ____D C:\Program Files\HitmanPro 2020-11-01 18:12 - 2020-11-01 18:12 - 000074936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2020-11-01 18:11 - 2020-11-01 18:11 - 000217600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2020-11-01 18:11 - 2020-11-01 18:11 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2020-11-01 18:11 - 2020-11-01 18:11 - 000134304 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2020-11-01 18:08 - 2020-11-01 18:08 - 008447152 _____ (Malwarebytes) C:\Users\Rita\Downloads\AdwCleaner (1).exe 2020-11-01 18:07 - 2020-11-01 18:07 - 000003088 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot 2020-11-01 18:04 - 2020-11-01 18:04 - 008447152 _____ (Malwarebytes) C:\Users\Rita\Downloads\AdwCleaner.exe 2020-11-01 17:25 - 2020-11-01 17:35 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2020-11-01 17:20 - 2020-11-01 17:28 - 000422580 _____ C:\Windows\ntbtlog.txt 2020-11-01 16:52 - 2020-11-01 16:52 - 000288440 _____ C:\Windows\Minidump\110120-65156-01.dmp 2020-11-01 16:28 - 2020-11-01 16:29 - 000288520 _____ C:\Windows\Minidump\110120-45500-01.dmp 2020-11-01 16:06 - 2020-11-01 16:06 - 000003732 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) 2020-11-01 16:06 - 2020-11-01 16:06 - 000003150 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon) 2020-11-01 16:06 - 2020-11-01 16:06 - 000002513 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk 2020-11-01 16:06 - 2020-11-01 16:06 - 000002478 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk 2020-11-01 16:06 - 2020-11-01 16:06 - 000002478 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk 2020-11-01 16:06 - 2020-11-01 16:06 - 000000000 ____D C:\Users\Rita\AppData\Local\AVAST Software 2020-11-01 16:05 - 2020-11-01 16:05 - 000003482 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineUA 2020-11-01 16:05 - 2020-11-01 16:05 - 000003354 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineCore 2020-11-01 16:05 - 2020-11-01 16:05 - 000000000 ____D C:\Program Files (x86)\AVAST Software 2020-11-01 15:37 - 2020-11-01 16:51 - 000000000 ____D C:\ProgramData\Avast Software 2020-11-01 15:30 - 2020-11-01 15:30 - 000000000 ____D C:\Windows\system32\Tasks\AVG 2020-11-01 15:29 - 2020-11-01 16:33 - 000004162 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update 2020-11-01 15:24 - 2020-11-01 17:33 - 000000000 ____D C:\ProgramData\AVG 2020-11-01 15:19 - 2020-11-01 15:19 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2020-10-24 21:23 - 2020-10-24 21:23 - 000009746 _____ C:\Users\Rita\AppData\Local\recently-used.xbel 2020-10-14 10:47 - 2020-09-30 07:20 - 000135240 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll 2020-10-14 10:47 - 2020-09-30 03:04 - 003332608 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2020-10-14 10:47 - 2020-09-30 02:56 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2020-10-14 10:47 - 2020-09-30 02:48 - 001118720 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll 2020-10-14 10:47 - 2020-09-30 02:15 - 001381888 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2020-10-14 10:47 - 2020-09-29 05:32 - 000115616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll 2020-10-14 10:47 - 2020-09-29 04:11 - 003642368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2020-10-14 10:47 - 2020-09-29 04:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2020-10-14 10:47 - 2020-09-29 03:54 - 001067520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll 2020-10-14 10:47 - 2020-09-24 06:47 - 000120832 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll 2020-10-14 10:47 - 2020-09-24 06:43 - 002535968 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2020-10-14 10:47 - 2020-09-24 06:36 - 007363320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2020-10-14 10:47 - 2020-09-24 06:36 - 002173392 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll 2020-10-14 10:47 - 2020-09-24 06:01 - 025759232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2020-10-14 10:47 - 2020-09-24 05:01 - 000098104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll 2020-10-14 10:47 - 2020-09-24 05:00 - 001902240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2020-10-14 10:47 - 2020-09-24 04:53 - 001561296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll 2020-10-14 10:47 - 2020-09-24 04:28 - 002914304 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2020-10-14 10:47 - 2020-09-24 04:25 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2020-10-14 10:47 - 2020-09-24 04:25 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2020-10-14 10:47 - 2020-09-24 04:16 - 005500416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2020-10-14 10:47 - 2020-09-24 04:14 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2020-10-14 10:47 - 2020-09-24 04:13 - 020293632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2020-10-14 10:47 - 2020-09-24 04:04 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\cmdial32.dll 2020-10-14 10:47 - 2020-09-24 03:57 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2020-10-14 10:47 - 2020-09-24 03:55 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2020-10-14 10:47 - 2020-09-24 03:54 - 002306048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2020-10-14 10:47 - 2020-09-24 03:53 - 000477696 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2020-10-14 10:47 - 2020-09-24 03:53 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2020-10-14 10:47 - 2020-09-24 03:52 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2020-10-14 10:47 - 2020-09-24 03:51 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2020-10-14 10:47 - 2020-09-24 03:47 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2020-10-14 10:47 - 2020-09-24 03:47 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2020-10-14 10:47 - 2020-09-24 03:41 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2020-10-14 10:47 - 2020-09-24 03:40 - 015494144 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2020-10-14 10:47 - 2020-09-24 03:39 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2020-10-14 10:47 - 2020-09-24 03:39 - 000484352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmdial32.dll 2020-10-14 10:47 - 2020-09-24 03:39 - 000381952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2020-10-14 10:47 - 2020-09-24 03:38 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2020-10-14 10:47 - 2020-09-24 03:37 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2020-10-14 10:47 - 2020-09-24 03:33 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2020-10-14 10:47 - 2020-09-24 03:32 - 000392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2020-10-14 10:47 - 2020-09-24 03:32 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2020-10-14 10:47 - 2020-09-24 03:31 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2020-10-14 10:47 - 2020-09-24 03:30 - 000279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2020-10-14 10:47 - 2020-09-24 03:30 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2020-10-14 10:47 - 2020-09-24 03:29 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2020-10-14 10:47 - 2020-09-24 03:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2020-10-14 10:47 - 2020-09-24 03:27 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2020-10-14 10:47 - 2020-09-24 03:26 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2020-10-14 10:47 - 2020-09-24 03:26 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2020-10-14 10:47 - 2020-09-24 03:26 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll 2020-10-14 10:47 - 2020-09-24 03:25 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2020-10-14 10:47 - 2020-09-24 03:23 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2020-10-14 10:47 - 2020-09-24 03:22 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2020-10-14 10:47 - 2020-09-24 03:22 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2020-10-14 10:47 - 2020-09-24 03:21 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2020-10-14 10:47 - 2020-09-24 03:20 - 013872640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2020-10-14 10:47 - 2020-09-24 03:18 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll 2020-10-14 10:47 - 2020-09-24 03:15 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2020-10-14 10:47 - 2020-09-24 03:13 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdSSDP.dll 2020-10-14 10:47 - 2020-09-24 03:10 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2020-10-14 10:47 - 2020-09-24 03:08 - 000905728 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2020-10-14 10:47 - 2020-09-24 03:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll 2020-10-14 10:47 - 2020-09-24 03:07 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2020-10-14 10:47 - 2020-09-24 03:07 - 001099264 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2020-10-14 10:47 - 2020-09-24 03:06 - 000866304 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2020-10-14 10:47 - 2020-09-24 03:04 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2020-10-14 10:47 - 2020-09-24 03:03 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2020-10-14 10:47 - 2020-09-24 03:01 - 001920512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2020-10-14 10:47 - 2020-09-24 03:00 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2020-10-14 10:47 - 2020-09-24 03:00 - 000711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2020-10-14 10:47 - 2020-09-24 02:59 - 000710656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2020-10-14 10:47 - 2020-09-24 02:55 - 003826176 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2020-10-14 10:47 - 2020-09-24 02:55 - 003551744 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2020-10-14 10:47 - 2020-09-24 02:53 - 001684992 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll 2020-10-14 10:47 - 2020-09-24 02:52 - 003278848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2020-10-14 10:47 - 2020-09-15 07:06 - 001311776 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2020-10-14 10:47 - 2020-09-15 06:57 - 000325320 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2020-10-14 10:47 - 2020-09-15 05:24 - 000245752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2020-10-14 10:47 - 2020-09-15 04:49 - 000281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2020-10-14 10:47 - 2020-09-15 04:15 - 001040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2020-10-14 10:47 - 2020-09-11 16:31 - 000367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\es.dll 2020-10-14 10:47 - 2020-09-11 09:39 - 000288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys 2020-10-14 10:47 - 2020-09-11 08:23 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\es.dll 2020-10-14 10:47 - 2020-09-10 23:49 - 001370680 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2020-10-14 10:47 - 2020-09-10 21:27 - 000564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2020-10-14 10:47 - 2020-09-10 20:51 - 000642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2020-10-14 10:47 - 2020-09-10 20:51 - 000005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2020-10-14 10:47 - 2020-09-10 20:20 - 001757184 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2020-10-14 10:47 - 2020-09-10 20:14 - 002349056 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2020-10-14 10:47 - 2020-09-10 20:11 - 001088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2020-10-14 10:47 - 2020-09-10 20:02 - 001495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2020-10-14 10:47 - 2020-09-10 19:56 - 001551360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2020-10-14 10:47 - 2020-09-10 01:24 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2020-10-06 19:31 - 2020-11-01 17:54 - 000000000 ____D C:\Users\Rita\AppData\Roaming\Zoom ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-11-01 18:28 - 2018-10-02 15:04 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1423373995-1004855960-1227593991-1001 2020-11-01 18:18 - 2018-10-02 15:51 - 000003922 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{C703184D-32CD-4421-ADA6-45EB4E27C911} 2020-11-01 18:10 - 2018-10-08 21:25 - 000000000 __SHD C:\Users\Rita\IntelGraphicsProfiles 2020-11-01 18:10 - 2013-08-22 14:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-11-01 18:07 - 2018-10-02 16:01 - 000000000 ____D C:\AdwCleaner 2020-11-01 17:46 - 2019-10-29 00:29 - 000000000 ____D C:\Users\Rita Work 2020-11-01 17:38 - 2020-07-17 19:12 - 000000000 ____D C:\Users\Rita\AppData\Local\CrashDumps 2020-11-01 17:12 - 2013-08-22 13:36 - 000000000 ____D C:\Windows\Inf 2020-11-01 17:11 - 2018-10-02 14:58 - 000000000 ____D C:\Users\Rita 2020-11-01 16:52 - 2019-02-12 15:38 - 000000000 ____D C:\Windows\Minidump 2020-11-01 16:51 - 2019-02-12 15:38 - 475126123 _____ C:\Windows\MEMORY.DMP 2020-11-01 16:18 - 2014-11-21 03:49 - 001731048 _____ C:\Windows\system32\PerfStringBackup.INI 2020-11-01 16:18 - 2014-11-21 03:05 - 000754718 _____ C:\Windows\system32\prfh0816.dat 2020-11-01 16:18 - 2014-11-21 03:05 - 000156386 _____ C:\Windows\system32\prfc0816.dat 2020-11-01 15:19 - 2019-08-31 00:10 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-11-01 15:19 - 2019-08-31 00:10 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-11-01 15:16 - 2019-08-31 00:10 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2020-10-31 12:58 - 2019-10-03 11:50 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2020-10-31 12:58 - 2019-10-03 11:50 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2020-10-29 22:06 - 2018-10-04 19:22 - 000795000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2020-10-25 22:18 - 2018-12-25 00:46 - 000000000 ____D C:\Users\Rita\AppData\Local\Spotify 2020-10-25 22:16 - 2018-12-25 00:45 - 000000000 ____D C:\Users\Rita\AppData\Roaming\Spotify 2020-10-24 21:31 - 2018-10-23 20:58 - 000000000 ____D C:\Users\Rita\AppData\Local\gtk-2.0 2020-10-24 21:31 - 2018-10-23 20:47 - 000000000 ____D C:\Users\Rita\AppData\Local\babl-0.1 2020-10-22 11:20 - 2018-10-02 15:53 - 000002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-10-22 11:20 - 2018-10-02 15:53 - 000002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-10-22 11:20 - 2018-10-02 15:53 - 000002199 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-10-21 14:08 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\rescache 2020-10-19 20:24 - 2020-05-07 17:43 - 000000000 ____D C:\Users\Rita\AppData\Roaming\vlc 2020-10-19 11:17 - 2013-08-22 13:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2020-10-19 11:15 - 2013-08-22 15:36 - 000000000 ___RD C:\Windows\ToastData 2020-10-15 19:40 - 2018-10-02 15:52 - 000003442 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2020-10-15 19:40 - 2018-10-02 15:52 - 000003314 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2020-10-14 11:09 - 2013-08-22 15:20 - 000000000 ____D C:\Windows\CbsTemp 2020-10-08 21:20 - 2019-10-23 20:41 - 000003450 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0 2020-10-08 19:34 - 2019-10-29 00:39 - 000003600 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1423373995-1004855960-1227593991-1003 2020-10-05 17:58 - 2013-08-22 15:36 - 000000000 ___HD C:\Program Files\WindowsApps 2020-10-05 17:58 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\AppReadiness 2020-10-05 14:48 - 2019-10-29 00:30 - 000000000 __SHD C:\Users\Rita Work\IntelGraphicsProfiles 2020-10-02 20:58 - 2020-06-14 21:01 - 000835472 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe 2020-10-02 20:58 - 2020-06-14 21:01 - 000179608 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======== 2019-09-28 21:25 - 2019-09-28 21:25 - 000000410 _____ () C:\Users\Rita\AppData\Local\oobelibMkey.log 2020-10-24 21:23 - 2020-10-24 21:23 - 000009746 _____ () C:\Users\Rita\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2020-10-18 04:15 ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020 Ran by Rita (01-11-2020 18:41:10) Running from C:\Users\Rita\Downloads Windows 8.1 (Update) (X64) (2018-10-02 14:58:26) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1423373995-1004855960-1227593991-500 - Administrator - Disabled) Convidado (S-1-5-21-1423373995-1004855960-1227593991-501 - Limited - Disabled) Rita (S-1-5-21-1423373995-1004855960-1227593991-1001 - Administrator - Enabled) => C:\Users\Rita Rita Work (S-1-5-21-1423373995-1004855960-1227593991-1003 - Limited - Enabled) => C:\Users\Rita Work ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 86.0.6394.76 - AVAST Software) Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - Canon Inc.) GIMP 2.10.8 (HKLM\...\GIMP-2_is1) (Version: 2.10.8 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.20.314 - SurfRight B.V.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4889 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00005040-0210-2070-84C8-B8D95FA3C8C3}) (Version: 21.40.5.1 - Intel Corporation) Malwarebytes version 4.2.2.95 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.2.95 - Malwarebytes) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) Movavi Video Converter 20 Premium (HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Movavi Video Converter 20 Premium) (Version: 20.1.2 - Movavi) Origin (HKLM-x32\...\Origin) (Version: 10.5.41.27263 - Electronic Arts, Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.) Screencast-O-Matic v2 (HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Screencast-O-Matic v2) (Version: - Screencast-O-Matic) Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation) Software de Dispositivos Chipset Intel® (HKLM-x32\...\{262e9c1d-e509-4e2a-86e8-0abb312ac2e9}) (Version: 10.1.17765.8094 - Intel(R) Corporation) Hidden Software Intel® PROSet/Wireless (HKLM-x32\...\{cf961541-ca37-4826-a285-3a9cb22cd5a2}) (Version: 21.40.2 - Intel Corporation) Spotify (HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Spotify) (Version: 1.1.34.694.gac68a2b3 - Spotify AB) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.52.100.1020 - Electronic Arts Inc.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN) Packages: ========= Jogos -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad] MSN Desporto -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad] MSN Finanças -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad] MSN Meteorologia -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad] MSN Notícias -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad] MSN Receitas -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad] MSN Saúde e Bem-Estar -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad] MSN Viagens -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad] Música -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad] Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2018-10-03] (Skype) [MS Ad] Vídeo -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1423373995-1004855960-1227593991-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Rita\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1423373995-1004855960-1227593991-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2019-05-21 19:06 - 2019-06-11 07:21 - 001277440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll 2019-07-14 18:27 - 2019-06-11 07:22 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll 2019-07-14 18:27 - 2019-05-25 08:55 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll 2019-07-14 18:27 - 2019-05-25 08:56 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll 2019-07-14 18:27 - 2019-05-25 08:56 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll 2019-07-14 18:27 - 2019-05-25 08:56 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll 2019-07-14 18:27 - 2019-05-25 08:56 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll 2019-07-14 18:27 - 2019-05-25 08:56 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-pt/?ocid=iehp ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 13:25 - 2013-08-22 13:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rita\Pictures\1982557.jpg HKU\S-1-5-21-1423373995-1004855960-1227593991-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\StartupApproved\Run: => "CCXProcess" HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\StartupApproved\Run: => "NordVPN" HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\StartupApproved\Run: => "Spotify" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D50D11F5-61D9-449A-A2E4-9AC79430C506}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe => No File FirewallRules: [TCP Query User{E31FFDA6-A2FF-4FF6-85F1-F505CC13DA3C}C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe] => (Allow) C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe => No File FirewallRules: [UDP Query User{B5670A1E-52C0-4609-90A1-C3AA0F1D04DB}C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe] => (Allow) C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe => No File FirewallRules: [{ACC63502-1A0E-40AB-BEDA-79318F938729}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File FirewallRules: [{0F5DB705-ABEB-455F-A8D8-49BDABDED1AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File FirewallRules: [{30D1CFC2-5C94-41E8-B99C-A27510D29DB7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{552D1DA9-695B-45F1-ADF7-B2D2C6713BFA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [TCP Query User{4D5A83FD-B53C-4FB7-B2B9-C9F9AC57C0B5}C:\users\rita\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rita\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{0998B184-6CEE-4C5A-A392-A5F9020ACD54}C:\users\rita\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rita\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{EA78AE6B-EFCC-49FF-8E75-4681DAB914A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File FirewallRules: [{19B951AF-4BFC-4ABB-87BC-53442EB3B32E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File FirewallRules: [TCP Query User{042DDFF6-B848-470E-AD15-81F768254975}C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.485\pluginhost.exe] => (Block) C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.485\pluginhost.exe => No File FirewallRules: [UDP Query User{DB1334B4-E5E8-434F-A228-4149E08BA70F}C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.485\pluginhost.exe] => (Block) C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.485\pluginhost.exe => No File FirewallRules: [{1D209DAA-2CD0-455D-9203-5022F6EC62C9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{1AC7C49D-A2C2-4E08-9421-2650795FBD8F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{90C75F44-CC6C-48E9-B652-77A51F5DD5E4}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [{C85861D8-4115-4E08-B020-E9242DFB0690}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) FirewallRules: [TCP Query User{B138B15E-2718-438A-8E06-6A75D4CD3862}C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{DA1FE418-74C0-4EDD-A9B3-D9C3EACA3A1C}C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FEBA8625-C60D-4DFB-B855-B207D267D610}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe => No File FirewallRules: [{27E1C0EA-FA35-4595-BE02-AC7C37ACC2A9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe => No File FirewallRules: [{BD5F99CE-E8F4-4522-86FC-8292B82FFB39}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe => No File FirewallRules: [{0F1E926D-C8AA-481F-8785-A22BD8C6BB89}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe => No File FirewallRules: [{D56CDC8D-5B22-4C83-A462-41F4D888F32D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe => No File FirewallRules: [{C2E2CFFB-E626-47CC-8E12-B046B31CA343}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe => No File FirewallRules: [{F8BC1C1F-4662-4161-ADE3-005D460AC3D6}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File FirewallRules: [{A5C0F5BD-709D-4A8A-866A-B2D26D1894C7}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe => No File FirewallRules: [{ACF7719F-68DE-4CB3-9FC1-5C28095AD8FF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe => No File FirewallRules: [{240710D8-90BA-4892-A55D-9E85EA082A79}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File FirewallRules: [TCP Query User{66D1FB1A-6C54-4C8A-B1D7-8FF092C0AB19}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File FirewallRules: [UDP Query User{F7C84D18-BE19-4765-91F3-BC8CB33B4B29}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File FirewallRules: [TCP Query User{08512C4E-9666-4668-A049-BB536FB540F3}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File FirewallRules: [UDP Query User{878B2F42-0BEC-4D75-99F1-35CA48B5C881}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File FirewallRules: [TCP Query User{625B0BD7-0B87-4DFC-A3E0-0649ABBF56A7}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File FirewallRules: [UDP Query User{BA005C31-E34F-4E1B-ADF5-5453D4CA5229}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File FirewallRules: [{32E0FE21-AD65-4B57-A75A-79D0702F1138}] => (Allow) C:\Users\Rita\AppData\Roaming\Zoom\bin\Zoom.exe => No File FirewallRules: [{89B6E6FE-2CBE-42CA-BE74-40480EEFA76D}] => (Allow) C:\Users\Rita\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{A4078D4A-4B9C-4D90-8693-8CA5FF82AE70}] => (Allow) C:\Users\Rita\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{F957A5AC-972B-476D-89BE-EAE308148587}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{F5B3D39F-88DC-492C-AEF3-37C88DE8F8D4}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{19DDD1B5-6266-4436-9DF3-2034A9536AF3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> ) ==================== Restore Points ========================= 13-10-2020 12:33:35 Ponto de Verificação Agendado 21-10-2020 14:03:48 Ponto de Verificação Agendado 26-10-2020 16:15:11 Windows Update 01-11-2020 16:35:04 Removed DaVinci Resolve Panels ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (11/01/2020 05:38:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome da aplicação com falha: ig.exe, versão: 1.0.1.1, carimbo de data/hora: 0x5f43d0e0 Nome do módulo com falha: KERNELBASE.dll, versão: 6.3.9600.19678, carimbo de data/hora: 0x5e82c0f7 Código de exceção: 0xc0000142 Desvio de falha: 0x0009d452 ID do processo com falha: 0x66c Hora de início da aplicação com falha: 0x01d6b075c2e8a7c4 Caminho da aplicação com falha: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe Caminho do módulo com falha: KERNELBASE.dll ID do Relatório: 034411ae-1c69-11eb-82dc-a088699b1d05 Nome completo do pacote com falha: ID da aplicação relativa ao pacote com falha: Error: (11/01/2020 04:11:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome da aplicação com falha: ZeroConfigService.exe, versão: 21.40.1.0, carimbo de data/hora: 0x5d5ad5c9 Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.19678, carimbo de data/hora: 0x5e82c88a Código de exceção: 0xc0000374 Desvio de falha: 0x00000000000f1ce0 ID do processo com falha: 0x934 Hora de início da aplicação com falha: 0x01d6b069a69163fd Caminho da aplicação com falha: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe Caminho do módulo com falha: C:\Windows\SYSTEM32\ntdll.dll ID do Relatório: ed9e08ce-1c5c-11eb-82d6-a088699b1d05 Nome completo do pacote com falha: ID da aplicação relativa ao pacote com falha: Error: (11/01/2020 04:01:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome da aplicação com falha: mbamtray.exe, versão: 4.0.0.829, carimbo de data/hora: 0x5f936297 Nome do módulo com falha: KERNELBASE.dll, versão: 6.3.9600.19678, carimbo de data/hora: 0x5e82c88a Código de exceção: 0xc0000142 Desvio de falha: 0x00000000000ecf40 ID do processo com falha: 0x1a5c Hora de início da aplicação com falha: 0x01d6b0683c6a4f9e Caminho da aplicação com falha: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Caminho do módulo com falha: KERNELBASE.dll ID do Relatório: 823f59c2-1c5b-11eb-82d5-a088699b1d05 Nome completo do pacote com falha: ID da aplicação relativa ao pacote com falha: Error: (11/01/2020 03:29:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome da aplicação com falha: ig-45.exe, versão: 1.0.1.1, carimbo de data/hora: 0x5f43d0e0 Nome do módulo com falha: KERNELBASE.dll, versão: 6.3.9600.19678, carimbo de data/hora: 0x5e82c0f7 Código de exceção: 0xc0000142 Desvio de falha: 0x0009d452 ID do processo com falha: 0x1ac0 Hora de início da aplicação com falha: 0x01d6b063d716035e Caminho da aplicação com falha: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-45.exe Caminho do módulo com falha: KERNELBASE.dll ID do Relatório: 19a92cad-1c57-11eb-82d4-a088699b1d05 Nome completo do pacote com falha: ID da aplicação relativa ao pacote com falha: Error: (10/31/2020 12:57:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome da aplicação com falha: AGSService.exe, versão: 7.2.0.32, carimbo de data/hora: 0x5f6abe78 Nome do módulo com falha: AGSService.exe, versão: 7.2.0.32, carimbo de data/hora: 0x5f6abe78 Código de exceção: 0xc0000005 Desvio de falha: 0x000fca2d ID do processo com falha: 0x664 Hora de início da aplicação com falha: 0x01d6a609afbf6c02 Caminho da aplicação com falha: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe Caminho do módulo com falha: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe ID do Relatório: a84ee235-1b78-11eb-82d4-a088699b1d05 Nome completo do pacote com falha: ID da aplicação relativa ao pacote com falha: Error: (09/13/2020 11:01:59 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: Um problema impediu que os dados do Programa Para o Melhoramento da Experiência do Cliente fossem enviados para a Microsoft. (Erro 80070005). Error: (09/10/2020 02:28:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objeto Escritor de Sistema. Details: AddLegacyDriverFiles: Unable to back up image of binary MpKslDrv. System Error: O sistema não conseguiu localizar o ficheiro especificado. . Error: (08/17/2020 11:35:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome da aplicação com falha: MBAMService.exe, versão: 3.2.0.890, carimbo de data/hora: 0x5e4bfca6 Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Código de exceção: 0xc0000005 Desvio de falha: 0x0000000000000000 ID do processo com falha: 0xbf4 Hora de início da aplicação com falha: 0x01d66cba126d46df Caminho da aplicação com falha: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Caminho do módulo com falha: unknown ID do Relatório: bfec1fd1-e07d-11ea-82cd-a088699b1d05 Nome completo do pacote com falha: ID da aplicação relativa ao pacote com falha: System errors: ============= Error: (11/01/2020 06:43:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço. Error: (11/01/2020 06:42:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço. Error: (11/01/2020 06:41:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço. Error: (11/01/2020 06:40:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço. Error: (11/01/2020 06:39:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço. Error: (11/01/2020 06:38:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço. Error: (11/01/2020 06:37:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço. Error: (11/01/2020 06:36:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço. Windows Defender: =================================== Date: 2020-11-01 18:07:59.163 Description: A análise de Windows Defender foi parada antes de ser concluída. ID de Análise: {E46CBE54-7BB6-4512-93EE-0AA3BE8D6687} Tipo de Análise: Antimalware Parâmetros de Análise: Análise Completa Utilizador: cali\Rita Date: 2020-11-01 17:54:13.570 Description: A análise de Windows Defender foi parada antes de ser concluída. ID de Análise: {581DC1A9-2A57-4557-9E66-00E6A856FBC2} Tipo de Análise: Antimalware Parâmetros de Análise: Análise Completa Utilizador: cali\Rita Date: 2020-11-01 17:51:24.280 Description: A análise de Windows Defender foi parada antes de ser concluída. ID de Análise: {4885CAD4-A12A-4267-A9E7-3D98021DCCB4} Tipo de Análise: Antimalware Parâmetros de Análise: Análise Personalizada Utilizador: cali\Rita Date: 2020-11-01 15:40:05.818 Description: A análise de Windows Defender foi parada antes de ser concluída. ID de Análise: {0483E053-DE6D-437C-9150-98117D08381C} Tipo de Análise: Antimalware Parâmetros de Análise: Análise Rápida Utilizador: cali\Rita Date: 2020-11-01 15:18:28.886 Description: A análise de Windows Defender foi parada antes de ser concluída. ID de Análise: {4AF8D5CD-CAD9-49B5-9810-6273B616925B} Tipo de Análise: Antimalware Parâmetros de Análise: Análise Completa Utilizador: cali\Rita Date: 2020-10-19 12:17:33.752 Description: A funcionalidade de Proteção em Tempo Real de Windows Defender encontrou um erro e falhou. Funcionalidade: Sistema de Inspeção de Rede Código de Erro: 0x8007042d Descrição do Erro: O serviço não foi iniciado devido a um erro de início de sessão. Razão: Faltam atualizações no sistema que são necessárias à execução do Sistema de Inspeção de Rede. Instale as atualizações necessárias e reinicie o computador. Date: 2020-09-09 00:54:10.738 Description: Windows Defender encontrou um erro ao tentar atualizar assinaturas. Nova Versão de Assinatura: Versão de Assinatura Anterior: 119.0.0.0 Origem de Atualização: Centro Microsoft de Proteção Contra Software Maligno Tipo de Assinatura: Sistema de Inspeção de Rede Tipo de Atualização: Completo Utilizador: NT AUTHORITY\Serviço de rede Versão de Motor Atual: Versão de Motor Anterior: 2.1.14600.4 Código de Erro: 0x80072ee7 Descrição do Erro: Não foi possível processar o nome ou o endereço do servidor Date: 2020-09-09 00:54:10.731 Description: Windows Defender encontrou um erro ao tentar atualizar assinaturas. Nova Versão de Assinatura: Versão de Assinatura Anterior: 1.323.564.0 Origem de Atualização: Centro Microsoft de Proteção Contra Software Maligno Tipo de Assinatura: AntiSpyware Tipo de Atualização: Completo Utilizador: NT AUTHORITY\Serviço de rede Versão de Motor Atual: Versão de Motor Anterior: 1.1.17400.5 Código de Erro: 0x80072ee7 Descrição do Erro: Não foi possível processar o nome ou o endereço do servidor Date: 2020-09-09 00:54:10.731 Description: Windows Defender encontrou um erro ao tentar atualizar assinaturas. Nova Versão de Assinatura: Versão de Assinatura Anterior: 1.323.564.0 Origem de Atualização: Centro Microsoft de Proteção Contra Software Maligno Tipo de Assinatura: Antivírus Tipo de Atualização: Completo Utilizador: NT AUTHORITY\Serviço de rede Versão de Motor Atual: Versão de Motor Anterior: 1.1.17400.5 Código de Erro: 0x80072ee7 Descrição do Erro: Não foi possível processar o nome ou o endereço do servidor Date: 2020-09-09 00:54:10.512 Description: Windows Defender encontrou um erro ao tentar atualizar assinaturas. Nova Versão de Assinatura: Versão de Assinatura Anterior: 1.323.564.0 Origem de Atualização: Servidor Microsoft Update Tipo de Assinatura: Antivírus Tipo de Atualização: Completo Utilizador: NT AUTHORITY\SYSTEM Versão de Motor Atual: Versão de Motor Anterior: 1.1.17400.5 Código de Erro: 0x8024402c Descrição do Erro: Ocorreu um problema inesperado ao procurar atualizações. Para obter informações sobre a instalação ou resolução de problemas de atualizações, consulte a Ajuda e Suporte. CodeIntegrity: =================================== Date: 2020-10-24 12:34:38.361 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-09-14 11:36:14.980 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-09-12 19:30:59.779 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-08-26 13:20:58.345 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-08-18 11:46:22.522 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-08-10 14:50:28.006 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-07-21 10:47:12.429 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2020-07-18 12:10:14.400 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: INSYDE Corp. 2.00 12/11/2014 Motherboard: Type2 - Board Vendor Name1 Type2 - Board Product Name1 Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz Percentage of memory in use: 73% Total physical RAM: 4016.14 MB Available physical RAM: 1064.31 MB Total Virtual: 8112.14 MB Available Virtual: 4776.09 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:452.15 GB) (Free:361.33 GB) NTFS Drive f: () (Removable) (Total:29.5 GB) (Free:10.56 GB) FAT32 \\?\Volume{9b43ce43-c903-11e4-a1d9-a3de36fdeb76}\ () (Fixed) (Total:1 GB) (Free:0.74 GB) NTFS \\?\Volume{9a3a5090-56d2-4e3b-9207-aa02d8ad66e4}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS \\?\Volume{9b43ce57-c903-11e4-a1d9-a3de36fdeb76}\ () (Fixed) (Total:11.95 GB) (Free:11.89 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 29.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ======================= I don't think there's anything else.
  8. Hi everyone! I'm in a bit of a panic here. I have windows 8.1. Windows Defender is running scans everyday and hasn't detected anything (no pop up) and Malwarebytes hasn't either but today I got a redirect when searching something on google stating something like " Our systems have detected unusual traffic from your network" with a captcha. It was my ip address and nothing else. Scared I went to run a Microsoft defender scan only to be met with a " preliminary scan results show that malicious or potentially unwanted software might exist" but there's no quarantined items, nothing comes up. I ran a malwarebytes (free version) scan and absolutely nothing came up, i even included rookits. I haven't installed anything or downloaded anything suspicious. I don't recall visiting any suspicious websites. I've ran multiple MD and Malwarebytes scans and none show anything. What should do? Thanks in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.