Jump to content

Potential Malware?


Recommended Posts

Hi everyone! 

I'm in a bit of a panic here. I have windows 8.1. Windows Defender is running scans everyday and hasn't detected anything (no pop up) and Malwarebytes hasn't either but today I got a redirect when searching something on google stating something like " Our systems have detected unusual traffic from your network" with a captcha. It was my ip address and nothing else. Scared I went to run a Microsoft defender scan only to be met with a " preliminary scan results show that malicious or potentially unwanted software might exist" but there's no quarantined items, nothing comes up. I ran a malwarebytes (free version) scan and absolutely nothing came up, i even included rookits. I haven't installed anything or downloaded anything suspicious. I don't recall visiting any suspicious websites. I've ran multiple MD and Malwarebytes scans and none show anything. What should do? 

Thanks in advance. 

Link to post
Share on other sites

Hello rstew2207 and welcome to Malwarebytes,

Run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin
Link to post
Share on other sites

10 minutes ago, kevinf80 said:
Hello rstew2207 and welcome to Malwarebytes,

Run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin

Hi Kevin, thank you for assisting me. Here is the file. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2020
Ran by Rita (administrator) on CALI (TOSHIBA SATELLITE L50-B) (01-11-2020 18:30:24)
Running from C:\Users\Rita\Downloads
Loaded Profiles: Rita & Rita Work
Platform: Windows 8.1 (Update) (X64) Language: Português (Portugal)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <21>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Users\Rita\Downloads\HitmanPro_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Run: [Spotify] => C:\Users\Rita\AppData\Roaming\Spotify\Spotify.exe [22941928 2020-10-25] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\MountPoints2: {5ec93414-da1c-11e9-827e-a088699b1d05} - "D:\autorun.exe" /autorun
HKLM\...\Windows x64\Print Processors\Canon MP280 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAA.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP280 series: C:\Windows\system32\CNMLMAA.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-22] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\86.0.6394.76\Installer\chrmstp.exe [2020-11-01] (Avast Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26629E70-3A4C-459E-BD0C-F1E28BF3C6B4} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {2BC71FE0-6F69-4699-BD6B-2A3E8BC31023} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
Task: {3C4CB13B-9859-4EFB-ACC9-AB5F34ABA04F} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {5F22B91B-2894-4216-8AB8-BF0E1B7045CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {70318ED9-945C-458D-B98C-1107D601B472} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-02] (Google Inc -> Google Inc.)
Task: {7C225AFC-289A-4F2E-86DF-2F966B39BD2C} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe
Task: {970C584F-1842-4BCD-9E17-16782872F129} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Rita\Downloads\AdwCleaner.exe [8447152 2020-11-01] (Malwarebytes Inc -> Malwarebytes)
Task: {979813F0-ADE7-4AB3-B2A6-4A8751D92847} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2117880 2020-10-13] (Avast Software s.r.o. -> AVAST Software)
Task: {A31B6D28-F033-493E-9C58-88F3B5D5AAD8} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {E67EAF63-EB0D-438B-8DA3-2E4BFA90631A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2117880 2020-10-13] (Avast Software s.r.o. -> AVAST Software)
Task: {EF1621E5-8466-495C-9839-159CEA489FF9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F1C205C4-1B52-4991-8368-313D3EB7B0AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-02] (Google Inc -> Google Inc.)
Task: {F75C9AFA-6E15-4BB3-811C-77206021C2A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F9ECEA70-B2AC-4163-9C94-567886FB7D8D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C67FECE2-A0BC-4F05-A8D8-7A3754E0BB0B}: [DhcpNameServer] 192.168.1.1

Edge: 
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Rita\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-20]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-11-01] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-11-01] (Avast Software s.r.o. -> AVAST Software)
FF Plugin HKU\S-1-5-21-1423373995-1004855960-1227593991-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\Rita\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1423373995-1004855960-1227593991-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\Rita\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default [2020-11-01]
CHR Notifications: Default -> hxxps://catracalivre.com.br; hxxps://mail.google.com
CHR Extension: (Slides) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-02]
CHR Extension: (Docs) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-02]
CHR Extension: (Google Drive) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-01]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-11-01]
CHR Extension: (YouTube) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-02]
CHR Extension: (Sheets) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-02]
CHR Extension: (Google Docs Offline) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-01]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-01]
CHR Extension: (Tailwind Publisher) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbhgdhhefdphpikedbinecandoigdel [2020-11-01]
CHR Extension: (Pinterest Save Button) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2020-10-06]
CHR Extension: (Grammarly for Chrome) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-11-01]
CHR Extension: (Iron Man-Material Design) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nekeenfmlfhgoaojceionblcpbbjmnpk [2019-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-01]
CHR Extension: (Chrome Media Router) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\86.0.6394.76\elevation_service.exe [1348304 2020-10-13] (Avast Software s.r.o. -> AVAST Software)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [162392 2020-11-01] (SurfRight B.V. -> SurfRight B.V.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7265328 2020-11-01] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2329392 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3203888 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-11-01] (Malwarebytes Corporation -> Malwarebytes)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [57728 2020-11-01] (SurfRight B.V. -> )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217600 2020-11-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-11-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [74936 2020-11-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-11-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [134304 2020-11-01] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsl4798acf0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BFAC00F-5EB1-4437-9C1F-E9EDC5BA1942}\MpKslDrv.sys [47336 2020-11-01] (Microsoft Windows -> Microsoft Corporation)
U5 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [126464 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 qcfilter; C:\Windows\System32\drivers\qcusbfilter.sys [49208 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 qcusbnet; C:\Windows\system32\DRIVERS\qcusbnet.sys [428600 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 QIOMem; C:\Windows\System32\drivers\QIOMem.sys [14000 2013-08-22] (WDKTestCert 1,130202426583431586 -> TOSHIBA)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 tapnordvpn; C:\Windows\system32\DRIVERS\tapnordvpn.sys [35592 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (TOSHIBA CORPORATION -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-01 18:30 - 2020-11-01 18:32 - 000016798 _____ C:\Users\Rita\Downloads\FRST.txt
2020-11-01 18:29 - 2020-11-01 18:31 - 000000000 ____D C:\FRST
2020-11-01 18:28 - 2020-11-01 18:28 - 002299904 _____ (Farbar) C:\Users\Rita\Downloads\FRST64.exe
2020-11-01 18:22 - 2020-11-01 18:22 - 011431000 _____ (SurfRight B.V.) C:\Users\Rita\Downloads\HitmanPro_x64.exe
2020-11-01 18:22 - 2020-11-01 18:22 - 000057728 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2020-11-01 18:22 - 2020-11-01 18:22 - 000001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2020-11-01 18:22 - 2020-11-01 18:22 - 000001869 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2020-11-01 18:22 - 2020-11-01 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2020-11-01 18:22 - 2020-11-01 18:22 - 000000000 ____D C:\ProgramData\HitmanPro
2020-11-01 18:22 - 2020-11-01 18:22 - 000000000 ____D C:\Program Files\HitmanPro
2020-11-01 18:12 - 2020-11-01 18:12 - 000074936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-11-01 18:11 - 2020-11-01 18:11 - 000217600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-11-01 18:11 - 2020-11-01 18:11 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-11-01 18:11 - 2020-11-01 18:11 - 000134304 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-11-01 18:08 - 2020-11-01 18:08 - 008447152 _____ (Malwarebytes) C:\Users\Rita\Downloads\AdwCleaner (1).exe
2020-11-01 18:07 - 2020-11-01 18:07 - 000003088 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot
2020-11-01 18:04 - 2020-11-01 18:04 - 008447152 _____ (Malwarebytes) C:\Users\Rita\Downloads\AdwCleaner.exe
2020-11-01 17:25 - 2020-11-01 17:35 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-11-01 17:20 - 2020-11-01 17:28 - 000422580 _____ C:\Windows\ntbtlog.txt
2020-11-01 16:52 - 2020-11-01 16:52 - 000288440 _____ C:\Windows\Minidump\110120-65156-01.dmp
2020-11-01 16:28 - 2020-11-01 16:29 - 000288520 _____ C:\Windows\Minidump\110120-45500-01.dmp
2020-11-01 16:06 - 2020-11-01 16:06 - 000003732 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2020-11-01 16:06 - 2020-11-01 16:06 - 000003150 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2020-11-01 16:06 - 2020-11-01 16:06 - 000002513 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2020-11-01 16:06 - 2020-11-01 16:06 - 000002478 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2020-11-01 16:06 - 2020-11-01 16:06 - 000002478 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2020-11-01 16:06 - 2020-11-01 16:06 - 000000000 ____D C:\Users\Rita\AppData\Local\AVAST Software
2020-11-01 16:05 - 2020-11-01 16:05 - 000003482 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineUA
2020-11-01 16:05 - 2020-11-01 16:05 - 000003354 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineCore
2020-11-01 16:05 - 2020-11-01 16:05 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2020-11-01 15:37 - 2020-11-01 16:51 - 000000000 ____D C:\ProgramData\Avast Software
2020-11-01 15:30 - 2020-11-01 15:30 - 000000000 ____D C:\Windows\system32\Tasks\AVG
2020-11-01 15:29 - 2020-11-01 16:33 - 000004162 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2020-11-01 15:24 - 2020-11-01 17:33 - 000000000 ____D C:\ProgramData\AVG
2020-11-01 15:19 - 2020-11-01 15:19 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-10-24 21:23 - 2020-10-24 21:23 - 000009746 _____ C:\Users\Rita\AppData\Local\recently-used.xbel
2020-10-14 10:47 - 2020-09-30 07:20 - 000135240 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2020-10-14 10:47 - 2020-09-30 03:04 - 003332608 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-10-14 10:47 - 2020-09-30 02:56 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2020-10-14 10:47 - 2020-09-30 02:48 - 001118720 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2020-10-14 10:47 - 2020-09-30 02:15 - 001381888 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2020-10-14 10:47 - 2020-09-29 05:32 - 000115616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2020-10-14 10:47 - 2020-09-29 04:11 - 003642368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-10-14 10:47 - 2020-09-29 04:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2020-10-14 10:47 - 2020-09-29 03:54 - 001067520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2020-10-14 10:47 - 2020-09-24 06:47 - 000120832 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2020-10-14 10:47 - 2020-09-24 06:43 - 002535968 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2020-10-14 10:47 - 2020-09-24 06:36 - 007363320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-10-14 10:47 - 2020-09-24 06:36 - 002173392 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2020-10-14 10:47 - 2020-09-24 06:01 - 025759232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-10-14 10:47 - 2020-09-24 05:01 - 000098104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2020-10-14 10:47 - 2020-09-24 05:00 - 001902240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2020-10-14 10:47 - 2020-09-24 04:53 - 001561296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2020-10-14 10:47 - 2020-09-24 04:28 - 002914304 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2020-10-14 10:47 - 2020-09-24 04:25 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-10-14 10:47 - 2020-09-24 04:25 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2020-10-14 10:47 - 2020-09-24 04:16 - 005500416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-10-14 10:47 - 2020-09-24 04:14 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-10-14 10:47 - 2020-09-24 04:13 - 020293632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-10-14 10:47 - 2020-09-24 04:04 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\cmdial32.dll
2020-10-14 10:47 - 2020-09-24 03:57 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-10-14 10:47 - 2020-09-24 03:55 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2020-10-14 10:47 - 2020-09-24 03:54 - 002306048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2020-10-14 10:47 - 2020-09-24 03:53 - 000477696 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2020-10-14 10:47 - 2020-09-24 03:53 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2020-10-14 10:47 - 2020-09-24 03:52 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2020-10-14 10:47 - 2020-09-24 03:51 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2020-10-14 10:47 - 2020-09-24 03:47 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2020-10-14 10:47 - 2020-09-24 03:47 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-10-14 10:47 - 2020-09-24 03:41 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2020-10-14 10:47 - 2020-09-24 03:40 - 015494144 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-10-14 10:47 - 2020-09-24 03:39 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2020-10-14 10:47 - 2020-09-24 03:39 - 000484352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmdial32.dll
2020-10-14 10:47 - 2020-09-24 03:39 - 000381952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2020-10-14 10:47 - 2020-09-24 03:38 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-10-14 10:47 - 2020-09-24 03:37 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2020-10-14 10:47 - 2020-09-24 03:33 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2020-10-14 10:47 - 2020-09-24 03:32 - 000392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2020-10-14 10:47 - 2020-09-24 03:32 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2020-10-14 10:47 - 2020-09-24 03:31 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2020-10-14 10:47 - 2020-09-24 03:30 - 000279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2020-10-14 10:47 - 2020-09-24 03:30 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2020-10-14 10:47 - 2020-09-24 03:29 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2020-10-14 10:47 - 2020-09-24 03:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2020-10-14 10:47 - 2020-09-24 03:27 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2020-10-14 10:47 - 2020-09-24 03:26 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-10-14 10:47 - 2020-09-24 03:26 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2020-10-14 10:47 - 2020-09-24 03:26 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll
2020-10-14 10:47 - 2020-09-24 03:25 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-10-14 10:47 - 2020-09-24 03:23 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2020-10-14 10:47 - 2020-09-24 03:22 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2020-10-14 10:47 - 2020-09-24 03:22 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2020-10-14 10:47 - 2020-09-24 03:21 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2020-10-14 10:47 - 2020-09-24 03:20 - 013872640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-10-14 10:47 - 2020-09-24 03:18 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll
2020-10-14 10:47 - 2020-09-24 03:15 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-10-14 10:47 - 2020-09-24 03:13 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdSSDP.dll
2020-10-14 10:47 - 2020-09-24 03:10 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2020-10-14 10:47 - 2020-09-24 03:08 - 000905728 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2020-10-14 10:47 - 2020-09-24 03:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll
2020-10-14 10:47 - 2020-09-24 03:07 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2020-10-14 10:47 - 2020-09-24 03:07 - 001099264 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2020-10-14 10:47 - 2020-09-24 03:06 - 000866304 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2020-10-14 10:47 - 2020-09-24 03:04 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-10-14 10:47 - 2020-09-24 03:03 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2020-10-14 10:47 - 2020-09-24 03:01 - 001920512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2020-10-14 10:47 - 2020-09-24 03:00 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2020-10-14 10:47 - 2020-09-24 03:00 - 000711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2020-10-14 10:47 - 2020-09-24 02:59 - 000710656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2020-10-14 10:47 - 2020-09-24 02:55 - 003826176 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2020-10-14 10:47 - 2020-09-24 02:55 - 003551744 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2020-10-14 10:47 - 2020-09-24 02:53 - 001684992 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2020-10-14 10:47 - 2020-09-24 02:52 - 003278848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2020-10-14 10:47 - 2020-09-15 07:06 - 001311776 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-10-14 10:47 - 2020-09-15 06:57 - 000325320 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2020-10-14 10:47 - 2020-09-15 05:24 - 000245752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2020-10-14 10:47 - 2020-09-15 04:49 - 000281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2020-10-14 10:47 - 2020-09-15 04:15 - 001040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2020-10-14 10:47 - 2020-09-11 16:31 - 000367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\es.dll
2020-10-14 10:47 - 2020-09-11 09:39 - 000288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2020-10-14 10:47 - 2020-09-11 08:23 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\es.dll
2020-10-14 10:47 - 2020-09-10 23:49 - 001370680 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2020-10-14 10:47 - 2020-09-10 21:27 - 000564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2020-10-14 10:47 - 2020-09-10 20:51 - 000642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2020-10-14 10:47 - 2020-09-10 20:51 - 000005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2020-10-14 10:47 - 2020-09-10 20:20 - 001757184 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-10-14 10:47 - 2020-09-10 20:14 - 002349056 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2020-10-14 10:47 - 2020-09-10 20:11 - 001088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2020-10-14 10:47 - 2020-09-10 20:02 - 001495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-10-14 10:47 - 2020-09-10 19:56 - 001551360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2020-10-14 10:47 - 2020-09-10 01:24 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2020-10-06 19:31 - 2020-11-01 17:54 - 000000000 ____D C:\Users\Rita\AppData\Roaming\Zoom

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-01 18:28 - 2018-10-02 15:04 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1423373995-1004855960-1227593991-1001
2020-11-01 18:18 - 2018-10-02 15:51 - 000003922 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{C703184D-32CD-4421-ADA6-45EB4E27C911}
2020-11-01 18:10 - 2018-10-08 21:25 - 000000000 __SHD C:\Users\Rita\IntelGraphicsProfiles
2020-11-01 18:10 - 2013-08-22 14:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-01 18:07 - 2018-10-02 16:01 - 000000000 ____D C:\AdwCleaner
2020-11-01 17:46 - 2019-10-29 00:29 - 000000000 ____D C:\Users\Rita Work
2020-11-01 17:38 - 2020-07-17 19:12 - 000000000 ____D C:\Users\Rita\AppData\Local\CrashDumps
2020-11-01 17:12 - 2013-08-22 13:36 - 000000000 ____D C:\Windows\Inf
2020-11-01 17:11 - 2018-10-02 14:58 - 000000000 ____D C:\Users\Rita
2020-11-01 16:52 - 2019-02-12 15:38 - 000000000 ____D C:\Windows\Minidump
2020-11-01 16:51 - 2019-02-12 15:38 - 475126123 _____ C:\Windows\MEMORY.DMP
2020-11-01 16:18 - 2014-11-21 03:49 - 001731048 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-01 16:18 - 2014-11-21 03:05 - 000754718 _____ C:\Windows\system32\prfh0816.dat
2020-11-01 16:18 - 2014-11-21 03:05 - 000156386 _____ C:\Windows\system32\prfc0816.dat
2020-11-01 15:19 - 2019-08-31 00:10 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-01 15:19 - 2019-08-31 00:10 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-11-01 15:16 - 2019-08-31 00:10 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-10-31 12:58 - 2019-10-03 11:50 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-10-31 12:58 - 2019-10-03 11:50 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-10-29 22:06 - 2018-10-04 19:22 - 000795000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-10-25 22:18 - 2018-12-25 00:46 - 000000000 ____D C:\Users\Rita\AppData\Local\Spotify
2020-10-25 22:16 - 2018-12-25 00:45 - 000000000 ____D C:\Users\Rita\AppData\Roaming\Spotify
2020-10-24 21:31 - 2018-10-23 20:58 - 000000000 ____D C:\Users\Rita\AppData\Local\gtk-2.0
2020-10-24 21:31 - 2018-10-23 20:47 - 000000000 ____D C:\Users\Rita\AppData\Local\babl-0.1
2020-10-22 11:20 - 2018-10-02 15:53 - 000002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-22 11:20 - 2018-10-02 15:53 - 000002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-10-22 11:20 - 2018-10-02 15:53 - 000002199 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-10-21 14:08 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\rescache
2020-10-19 20:24 - 2020-05-07 17:43 - 000000000 ____D C:\Users\Rita\AppData\Roaming\vlc
2020-10-19 11:17 - 2013-08-22 13:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2020-10-19 11:15 - 2013-08-22 15:36 - 000000000 ___RD C:\Windows\ToastData
2020-10-15 19:40 - 2018-10-02 15:52 - 000003442 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-15 19:40 - 2018-10-02 15:52 - 000003314 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-10-14 11:09 - 2013-08-22 15:20 - 000000000 ____D C:\Windows\CbsTemp
2020-10-08 21:20 - 2019-10-23 20:41 - 000003450 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2020-10-08 19:34 - 2019-10-29 00:39 - 000003600 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1423373995-1004855960-1227593991-1003
2020-10-05 17:58 - 2013-08-22 15:36 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-05 17:58 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\AppReadiness
2020-10-05 14:48 - 2019-10-29 00:30 - 000000000 __SHD C:\Users\Rita Work\IntelGraphicsProfiles
2020-10-02 20:58 - 2020-06-14 21:01 - 000835472 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-10-02 20:58 - 2020-06-14 21:01 - 000179608 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories ========

2019-09-28 21:25 - 2019-09-28 21:25 - 000000410 _____ () C:\Users\Rita\AppData\Local\oobelibMkey.log
2020-10-24 21:23 - 2020-10-24 21:23 - 000009746 _____ () C:\Users\Rita\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2020
Ran by Rita (administrator) on CALI (TOSHIBA SATELLITE L50-B) (01-11-2020 18:38:15)
Running from C:\Users\Rita\Downloads
Loaded Profiles: Rita & Rita Work
Platform: Windows 8.1 (Update) (X64) Language: Português (Portugal)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Users\Rita\Downloads\HitmanPro_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Run: [Spotify] => C:\Users\Rita\AppData\Roaming\Spotify\Spotify.exe [22941928 2020-10-25] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\MountPoints2: {5ec93414-da1c-11e9-827e-a088699b1d05} - "D:\autorun.exe" /autorun
HKLM\...\Windows x64\Print Processors\Canon MP280 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAA.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP280 series: C:\Windows\system32\CNMLMAA.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-22] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\86.0.6394.76\Installer\chrmstp.exe [2020-11-01] (Avast Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26629E70-3A4C-459E-BD0C-F1E28BF3C6B4} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {2BC71FE0-6F69-4699-BD6B-2A3E8BC31023} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
Task: {3C4CB13B-9859-4EFB-ACC9-AB5F34ABA04F} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {5F22B91B-2894-4216-8AB8-BF0E1B7045CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {70318ED9-945C-458D-B98C-1107D601B472} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-02] (Google Inc -> Google Inc.)
Task: {7C225AFC-289A-4F2E-86DF-2F966B39BD2C} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe
Task: {970C584F-1842-4BCD-9E17-16782872F129} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Rita\Downloads\AdwCleaner.exe [8447152 2020-11-01] (Malwarebytes Inc -> Malwarebytes)
Task: {979813F0-ADE7-4AB3-B2A6-4A8751D92847} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2117880 2020-10-13] (Avast Software s.r.o. -> AVAST Software)
Task: {A31B6D28-F033-493E-9C58-88F3B5D5AAD8} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {E67EAF63-EB0D-438B-8DA3-2E4BFA90631A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2117880 2020-10-13] (Avast Software s.r.o. -> AVAST Software)
Task: {EF1621E5-8466-495C-9839-159CEA489FF9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F1C205C4-1B52-4991-8368-313D3EB7B0AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-02] (Google Inc -> Google Inc.)
Task: {F75C9AFA-6E15-4BB3-811C-77206021C2A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F9ECEA70-B2AC-4163-9C94-567886FB7D8D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C67FECE2-A0BC-4F05-A8D8-7A3754E0BB0B}: [DhcpNameServer] 192.168.1.1

Edge: 
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Rita\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-20]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-11-01] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-11-01] (Avast Software s.r.o. -> AVAST Software)
FF Plugin HKU\S-1-5-21-1423373995-1004855960-1227593991-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\Rita\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1423373995-1004855960-1227593991-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\Rita\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default [2020-11-01]
CHR Notifications: Default -> hxxps://catracalivre.com.br; hxxps://mail.google.com
CHR Extension: (Slides) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-02]
CHR Extension: (Docs) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-02]
CHR Extension: (Google Drive) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-01]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-11-01]
CHR Extension: (YouTube) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-02]
CHR Extension: (Sheets) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-02]
CHR Extension: (Google Docs Offline) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-01]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-01]
CHR Extension: (Tailwind Publisher) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbhgdhhefdphpikedbinecandoigdel [2020-11-01]
CHR Extension: (Pinterest Save Button) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2020-10-06]
CHR Extension: (Grammarly for Chrome) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-11-01]
CHR Extension: (Iron Man-Material Design) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nekeenfmlfhgoaojceionblcpbbjmnpk [2019-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-01]
CHR Extension: (Chrome Media Router) - C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\86.0.6394.76\elevation_service.exe [1348304 2020-10-13] (Avast Software s.r.o. -> AVAST Software)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [162392 2020-11-01] (SurfRight B.V. -> SurfRight B.V.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7265328 2020-11-01] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2329392 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3203888 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-11-01] (Malwarebytes Corporation -> Malwarebytes)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [57728 2020-11-01] (SurfRight B.V. -> )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217600 2020-11-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-11-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [74936 2020-11-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-11-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [134304 2020-11-01] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsl4798acf0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BFAC00F-5EB1-4437-9C1F-E9EDC5BA1942}\MpKslDrv.sys [47336 2020-11-01] (Microsoft Windows -> Microsoft Corporation)
U5 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [126464 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 qcfilter; C:\Windows\System32\drivers\qcusbfilter.sys [49208 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 qcusbnet; C:\Windows\system32\DRIVERS\qcusbnet.sys [428600 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 QIOMem; C:\Windows\System32\drivers\QIOMem.sys [14000 2013-08-22] (WDKTestCert 1,130202426583431586 -> TOSHIBA)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 tapnordvpn; C:\Windows\system32\DRIVERS\tapnordvpn.sys [35592 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (TOSHIBA CORPORATION -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-01 18:34 - 2020-11-01 18:38 - 000036544 _____ C:\Users\Rita\Downloads\Addition.txt
2020-11-01 18:30 - 2020-11-01 18:39 - 000016720 _____ C:\Users\Rita\Downloads\FRST.txt
2020-11-01 18:29 - 2020-11-01 18:39 - 000000000 ____D C:\FRST
2020-11-01 18:28 - 2020-11-01 18:28 - 002299904 _____ (Farbar) C:\Users\Rita\Downloads\FRST64.exe
2020-11-01 18:22 - 2020-11-01 18:22 - 011431000 _____ (SurfRight B.V.) C:\Users\Rita\Downloads\HitmanPro_x64.exe
2020-11-01 18:22 - 2020-11-01 18:22 - 000057728 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2020-11-01 18:22 - 2020-11-01 18:22 - 000001869 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2020-11-01 18:22 - 2020-11-01 18:22 - 000001869 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2020-11-01 18:22 - 2020-11-01 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2020-11-01 18:22 - 2020-11-01 18:22 - 000000000 ____D C:\ProgramData\HitmanPro
2020-11-01 18:22 - 2020-11-01 18:22 - 000000000 ____D C:\Program Files\HitmanPro
2020-11-01 18:12 - 2020-11-01 18:12 - 000074936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-11-01 18:11 - 2020-11-01 18:11 - 000217600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-11-01 18:11 - 2020-11-01 18:11 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-11-01 18:11 - 2020-11-01 18:11 - 000134304 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-11-01 18:08 - 2020-11-01 18:08 - 008447152 _____ (Malwarebytes) C:\Users\Rita\Downloads\AdwCleaner (1).exe
2020-11-01 18:07 - 2020-11-01 18:07 - 000003088 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot
2020-11-01 18:04 - 2020-11-01 18:04 - 008447152 _____ (Malwarebytes) C:\Users\Rita\Downloads\AdwCleaner.exe
2020-11-01 17:25 - 2020-11-01 17:35 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-11-01 17:20 - 2020-11-01 17:28 - 000422580 _____ C:\Windows\ntbtlog.txt
2020-11-01 16:52 - 2020-11-01 16:52 - 000288440 _____ C:\Windows\Minidump\110120-65156-01.dmp
2020-11-01 16:28 - 2020-11-01 16:29 - 000288520 _____ C:\Windows\Minidump\110120-45500-01.dmp
2020-11-01 16:06 - 2020-11-01 16:06 - 000003732 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2020-11-01 16:06 - 2020-11-01 16:06 - 000003150 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2020-11-01 16:06 - 2020-11-01 16:06 - 000002513 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2020-11-01 16:06 - 2020-11-01 16:06 - 000002478 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2020-11-01 16:06 - 2020-11-01 16:06 - 000002478 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2020-11-01 16:06 - 2020-11-01 16:06 - 000000000 ____D C:\Users\Rita\AppData\Local\AVAST Software
2020-11-01 16:05 - 2020-11-01 16:05 - 000003482 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineUA
2020-11-01 16:05 - 2020-11-01 16:05 - 000003354 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineCore
2020-11-01 16:05 - 2020-11-01 16:05 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2020-11-01 15:37 - 2020-11-01 16:51 - 000000000 ____D C:\ProgramData\Avast Software
2020-11-01 15:30 - 2020-11-01 15:30 - 000000000 ____D C:\Windows\system32\Tasks\AVG
2020-11-01 15:29 - 2020-11-01 16:33 - 000004162 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2020-11-01 15:24 - 2020-11-01 17:33 - 000000000 ____D C:\ProgramData\AVG
2020-11-01 15:19 - 2020-11-01 15:19 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-10-24 21:23 - 2020-10-24 21:23 - 000009746 _____ C:\Users\Rita\AppData\Local\recently-used.xbel
2020-10-14 10:47 - 2020-09-30 07:20 - 000135240 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2020-10-14 10:47 - 2020-09-30 03:04 - 003332608 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-10-14 10:47 - 2020-09-30 02:56 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2020-10-14 10:47 - 2020-09-30 02:48 - 001118720 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2020-10-14 10:47 - 2020-09-30 02:15 - 001381888 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2020-10-14 10:47 - 2020-09-29 05:32 - 000115616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2020-10-14 10:47 - 2020-09-29 04:11 - 003642368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-10-14 10:47 - 2020-09-29 04:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2020-10-14 10:47 - 2020-09-29 03:54 - 001067520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2020-10-14 10:47 - 2020-09-24 06:47 - 000120832 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2020-10-14 10:47 - 2020-09-24 06:43 - 002535968 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2020-10-14 10:47 - 2020-09-24 06:36 - 007363320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-10-14 10:47 - 2020-09-24 06:36 - 002173392 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2020-10-14 10:47 - 2020-09-24 06:01 - 025759232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-10-14 10:47 - 2020-09-24 05:01 - 000098104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2020-10-14 10:47 - 2020-09-24 05:00 - 001902240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2020-10-14 10:47 - 2020-09-24 04:53 - 001561296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2020-10-14 10:47 - 2020-09-24 04:28 - 002914304 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2020-10-14 10:47 - 2020-09-24 04:25 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-10-14 10:47 - 2020-09-24 04:25 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2020-10-14 10:47 - 2020-09-24 04:16 - 005500416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-10-14 10:47 - 2020-09-24 04:14 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-10-14 10:47 - 2020-09-24 04:13 - 020293632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-10-14 10:47 - 2020-09-24 04:04 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\cmdial32.dll
2020-10-14 10:47 - 2020-09-24 03:57 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-10-14 10:47 - 2020-09-24 03:55 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2020-10-14 10:47 - 2020-09-24 03:54 - 002306048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2020-10-14 10:47 - 2020-09-24 03:53 - 000477696 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2020-10-14 10:47 - 2020-09-24 03:53 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2020-10-14 10:47 - 2020-09-24 03:52 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2020-10-14 10:47 - 2020-09-24 03:51 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2020-10-14 10:47 - 2020-09-24 03:47 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2020-10-14 10:47 - 2020-09-24 03:47 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-10-14 10:47 - 2020-09-24 03:41 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2020-10-14 10:47 - 2020-09-24 03:40 - 015494144 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-10-14 10:47 - 2020-09-24 03:39 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2020-10-14 10:47 - 2020-09-24 03:39 - 000484352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmdial32.dll
2020-10-14 10:47 - 2020-09-24 03:39 - 000381952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2020-10-14 10:47 - 2020-09-24 03:38 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-10-14 10:47 - 2020-09-24 03:37 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2020-10-14 10:47 - 2020-09-24 03:33 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2020-10-14 10:47 - 2020-09-24 03:32 - 000392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2020-10-14 10:47 - 2020-09-24 03:32 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2020-10-14 10:47 - 2020-09-24 03:31 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2020-10-14 10:47 - 2020-09-24 03:30 - 000279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2020-10-14 10:47 - 2020-09-24 03:30 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2020-10-14 10:47 - 2020-09-24 03:29 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2020-10-14 10:47 - 2020-09-24 03:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2020-10-14 10:47 - 2020-09-24 03:27 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2020-10-14 10:47 - 2020-09-24 03:26 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-10-14 10:47 - 2020-09-24 03:26 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2020-10-14 10:47 - 2020-09-24 03:26 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll
2020-10-14 10:47 - 2020-09-24 03:25 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-10-14 10:47 - 2020-09-24 03:23 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2020-10-14 10:47 - 2020-09-24 03:22 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2020-10-14 10:47 - 2020-09-24 03:22 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2020-10-14 10:47 - 2020-09-24 03:21 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2020-10-14 10:47 - 2020-09-24 03:20 - 013872640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-10-14 10:47 - 2020-09-24 03:18 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll
2020-10-14 10:47 - 2020-09-24 03:15 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-10-14 10:47 - 2020-09-24 03:13 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdSSDP.dll
2020-10-14 10:47 - 2020-09-24 03:10 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2020-10-14 10:47 - 2020-09-24 03:08 - 000905728 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2020-10-14 10:47 - 2020-09-24 03:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll
2020-10-14 10:47 - 2020-09-24 03:07 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2020-10-14 10:47 - 2020-09-24 03:07 - 001099264 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2020-10-14 10:47 - 2020-09-24 03:06 - 000866304 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2020-10-14 10:47 - 2020-09-24 03:04 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-10-14 10:47 - 2020-09-24 03:03 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2020-10-14 10:47 - 2020-09-24 03:01 - 001920512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2020-10-14 10:47 - 2020-09-24 03:00 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2020-10-14 10:47 - 2020-09-24 03:00 - 000711168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2020-10-14 10:47 - 2020-09-24 02:59 - 000710656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2020-10-14 10:47 - 2020-09-24 02:55 - 003826176 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2020-10-14 10:47 - 2020-09-24 02:55 - 003551744 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2020-10-14 10:47 - 2020-09-24 02:53 - 001684992 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2020-10-14 10:47 - 2020-09-24 02:52 - 003278848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2020-10-14 10:47 - 2020-09-15 07:06 - 001311776 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-10-14 10:47 - 2020-09-15 06:57 - 000325320 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2020-10-14 10:47 - 2020-09-15 05:24 - 000245752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2020-10-14 10:47 - 2020-09-15 04:49 - 000281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2020-10-14 10:47 - 2020-09-15 04:15 - 001040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2020-10-14 10:47 - 2020-09-11 16:31 - 000367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\es.dll
2020-10-14 10:47 - 2020-09-11 09:39 - 000288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2020-10-14 10:47 - 2020-09-11 08:23 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\es.dll
2020-10-14 10:47 - 2020-09-10 23:49 - 001370680 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2020-10-14 10:47 - 2020-09-10 21:27 - 000564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2020-10-14 10:47 - 2020-09-10 20:51 - 000642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2020-10-14 10:47 - 2020-09-10 20:51 - 000005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2020-10-14 10:47 - 2020-09-10 20:20 - 001757184 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-10-14 10:47 - 2020-09-10 20:14 - 002349056 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2020-10-14 10:47 - 2020-09-10 20:11 - 001088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2020-10-14 10:47 - 2020-09-10 20:02 - 001495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-10-14 10:47 - 2020-09-10 19:56 - 001551360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2020-10-14 10:47 - 2020-09-10 01:24 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2020-10-06 19:31 - 2020-11-01 17:54 - 000000000 ____D C:\Users\Rita\AppData\Roaming\Zoom

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-01 18:28 - 2018-10-02 15:04 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1423373995-1004855960-1227593991-1001
2020-11-01 18:18 - 2018-10-02 15:51 - 000003922 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{C703184D-32CD-4421-ADA6-45EB4E27C911}
2020-11-01 18:10 - 2018-10-08 21:25 - 000000000 __SHD C:\Users\Rita\IntelGraphicsProfiles
2020-11-01 18:10 - 2013-08-22 14:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-01 18:07 - 2018-10-02 16:01 - 000000000 ____D C:\AdwCleaner
2020-11-01 17:46 - 2019-10-29 00:29 - 000000000 ____D C:\Users\Rita Work
2020-11-01 17:38 - 2020-07-17 19:12 - 000000000 ____D C:\Users\Rita\AppData\Local\CrashDumps
2020-11-01 17:12 - 2013-08-22 13:36 - 000000000 ____D C:\Windows\Inf
2020-11-01 17:11 - 2018-10-02 14:58 - 000000000 ____D C:\Users\Rita
2020-11-01 16:52 - 2019-02-12 15:38 - 000000000 ____D C:\Windows\Minidump
2020-11-01 16:51 - 2019-02-12 15:38 - 475126123 _____ C:\Windows\MEMORY.DMP
2020-11-01 16:18 - 2014-11-21 03:49 - 001731048 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-01 16:18 - 2014-11-21 03:05 - 000754718 _____ C:\Windows\system32\prfh0816.dat
2020-11-01 16:18 - 2014-11-21 03:05 - 000156386 _____ C:\Windows\system32\prfc0816.dat
2020-11-01 15:19 - 2019-08-31 00:10 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-01 15:19 - 2019-08-31 00:10 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-11-01 15:16 - 2019-08-31 00:10 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-10-31 12:58 - 2019-10-03 11:50 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-10-31 12:58 - 2019-10-03 11:50 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-10-29 22:06 - 2018-10-04 19:22 - 000795000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-10-25 22:18 - 2018-12-25 00:46 - 000000000 ____D C:\Users\Rita\AppData\Local\Spotify
2020-10-25 22:16 - 2018-12-25 00:45 - 000000000 ____D C:\Users\Rita\AppData\Roaming\Spotify
2020-10-24 21:31 - 2018-10-23 20:58 - 000000000 ____D C:\Users\Rita\AppData\Local\gtk-2.0
2020-10-24 21:31 - 2018-10-23 20:47 - 000000000 ____D C:\Users\Rita\AppData\Local\babl-0.1
2020-10-22 11:20 - 2018-10-02 15:53 - 000002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-22 11:20 - 2018-10-02 15:53 - 000002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-10-22 11:20 - 2018-10-02 15:53 - 000002199 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-10-21 14:08 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\rescache
2020-10-19 20:24 - 2020-05-07 17:43 - 000000000 ____D C:\Users\Rita\AppData\Roaming\vlc
2020-10-19 11:17 - 2013-08-22 13:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2020-10-19 11:15 - 2013-08-22 15:36 - 000000000 ___RD C:\Windows\ToastData
2020-10-15 19:40 - 2018-10-02 15:52 - 000003442 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-15 19:40 - 2018-10-02 15:52 - 000003314 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-10-14 11:09 - 2013-08-22 15:20 - 000000000 ____D C:\Windows\CbsTemp
2020-10-08 21:20 - 2019-10-23 20:41 - 000003450 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2020-10-08 19:34 - 2019-10-29 00:39 - 000003600 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1423373995-1004855960-1227593991-1003
2020-10-05 17:58 - 2013-08-22 15:36 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-05 17:58 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\AppReadiness
2020-10-05 14:48 - 2019-10-29 00:30 - 000000000 __SHD C:\Users\Rita Work\IntelGraphicsProfiles
2020-10-02 20:58 - 2020-06-14 21:01 - 000835472 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-10-02 20:58 - 2020-06-14 21:01 - 000179608 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories ========

2019-09-28 21:25 - 2019-09-28 21:25 - 000000410 _____ () C:\Users\Rita\AppData\Local\oobelibMkey.log
2020-10-24 21:23 - 2020-10-24 21:23 - 000009746 _____ () C:\Users\Rita\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-10-18 04:15
==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by Rita (01-11-2020 18:41:10)
Running from C:\Users\Rita\Downloads
Windows 8.1 (Update) (X64) (2018-10-02 14:58:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1423373995-1004855960-1227593991-500 - Administrator - Disabled)
Convidado (S-1-5-21-1423373995-1004855960-1227593991-501 - Limited - Disabled)
Rita (S-1-5-21-1423373995-1004855960-1227593991-1001 - Administrator - Enabled) => C:\Users\Rita
Rita Work (S-1-5-21-1423373995-1004855960-1227593991-1003 - Limited - Enabled) => C:\Users\Rita Work

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 86.0.6394.76 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - Canon Inc.)
GIMP 2.10.8 (HKLM\...\GIMP-2_is1) (Version: 2.10.8 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.20.314 - SurfRight B.V.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4889 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00005040-0210-2070-84C8-B8D95FA3C8C3}) (Version: 21.40.5.1 - Intel Corporation)
Malwarebytes version 4.2.2.95 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.2.95 - Malwarebytes)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Movavi Video Converter 20 Premium (HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Movavi Video Converter 20 Premium) (Version: 20.1.2 - Movavi)
Origin (HKLM-x32\...\Origin) (Version: 10.5.41.27263 - Electronic Arts, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Screencast-O-Matic v2 (HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Screencast-O-Matic v2) (Version:  - Screencast-O-Matic)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
Software de Dispositivos Chipset Intel® (HKLM-x32\...\{262e9c1d-e509-4e2a-86e8-0abb312ac2e9}) (Version: 10.1.17765.8094 - Intel(R) Corporation) Hidden
Software Intel® PROSet/Wireless (HKLM-x32\...\{cf961541-ca37-4826-a285-3a9cb22cd5a2}) (Version: 21.40.2 - Intel Corporation)
Spotify (HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Spotify) (Version: 1.1.34.694.gac68a2b3 - Spotify AB)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.52.100.1020 - Electronic Arts Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)

Packages:
=========
Jogos -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad]
MSN Desporto -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad]
MSN Finanças -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad]
MSN Meteorologia -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad]
MSN Notícias -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad]
MSN Receitas -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad]
MSN Saúde e Bem-Estar -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad]
MSN Viagens -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad]
Música -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2018-10-03] (Skype) [MS Ad]
Vídeo -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2018-10-03] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1423373995-1004855960-1227593991-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Rita\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1423373995-1004855960-1227593991-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-05-21 19:06 - 2019-06-11 07:21 - 001277440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2019-07-14 18:27 - 2019-06-11 07:22 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2019-07-14 18:27 - 2019-05-25 08:55 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2019-07-14 18:27 - 2019-05-25 08:56 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2019-07-14 18:27 - 2019-05-25 08:56 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2019-07-14 18:27 - 2019-05-25 08:56 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2019-07-14 18:27 - 2019-05-25 08:56 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2019-07-14 18:27 - 2019-05-25 08:56 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-pt/?ocid=iehp

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rita\Pictures\1982557.jpg
HKU\S-1-5-21-1423373995-1004855960-1227593991-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D50D11F5-61D9-449A-A2E4-9AC79430C506}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe => No File
FirewallRules: [TCP Query User{E31FFDA6-A2FF-4FF6-85F1-F505CC13DA3C}C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe] => (Allow) C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe => No File
FirewallRules: [UDP Query User{B5670A1E-52C0-4609-90A1-C3AA0F1D04DB}C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe] => (Allow) C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe => No File
FirewallRules: [{ACC63502-1A0E-40AB-BEDA-79318F938729}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{0F5DB705-ABEB-455F-A8D8-49BDABDED1AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{30D1CFC2-5C94-41E8-B99C-A27510D29DB7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{552D1DA9-695B-45F1-ADF7-B2D2C6713BFA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{4D5A83FD-B53C-4FB7-B2B9-C9F9AC57C0B5}C:\users\rita\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rita\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0998B184-6CEE-4C5A-A392-A5F9020ACD54}C:\users\rita\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\rita\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EA78AE6B-EFCC-49FF-8E75-4681DAB914A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{19B951AF-4BFC-4ABB-87BC-53442EB3B32E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [TCP Query User{042DDFF6-B848-470E-AD15-81F768254975}C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.485\pluginhost.exe] => (Block) C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.485\pluginhost.exe => No File
FirewallRules: [UDP Query User{DB1334B4-E5E8-434F-A228-4149E08BA70F}C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.485\pluginhost.exe] => (Block) C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.485\pluginhost.exe => No File
FirewallRules: [{1D209DAA-2CD0-455D-9203-5022F6EC62C9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{1AC7C49D-A2C2-4E08-9421-2650795FBD8F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{90C75F44-CC6C-48E9-B652-77A51F5DD5E4}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{C85861D8-4115-4E08-B020-E9242DFB0690}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [TCP Query User{B138B15E-2718-438A-8E06-6A75D4CD3862}C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{DA1FE418-74C0-4EDD-A9B3-D9C3EACA3A1C}C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\rita\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FEBA8625-C60D-4DFB-B855-B207D267D610}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe => No File
FirewallRules: [{27E1C0EA-FA35-4595-BE02-AC7C37ACC2A9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe => No File
FirewallRules: [{BD5F99CE-E8F4-4522-86FC-8292B82FFB39}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe => No File
FirewallRules: [{0F1E926D-C8AA-481F-8785-A22BD8C6BB89}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe => No File
FirewallRules: [{D56CDC8D-5B22-4C83-A462-41F4D888F32D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe => No File
FirewallRules: [{C2E2CFFB-E626-47CC-8E12-B046B31CA343}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe => No File
FirewallRules: [{F8BC1C1F-4662-4161-ADE3-005D460AC3D6}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{A5C0F5BD-709D-4A8A-866A-B2D26D1894C7}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe => No File
FirewallRules: [{ACF7719F-68DE-4CB3-9FC1-5C28095AD8FF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe => No File
FirewallRules: [{240710D8-90BA-4892-A55D-9E85EA082A79}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File
FirewallRules: [TCP Query User{66D1FB1A-6C54-4C8A-B1D7-8FF092C0AB19}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File
FirewallRules: [UDP Query User{F7C84D18-BE19-4765-91F3-BC8CB33B4B29}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File
FirewallRules: [TCP Query User{08512C4E-9666-4668-A049-BB536FB540F3}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [UDP Query User{878B2F42-0BEC-4D75-99F1-35CA48B5C881}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [TCP Query User{625B0BD7-0B87-4DFC-A3E0-0649ABBF56A7}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File
FirewallRules: [UDP Query User{BA005C31-E34F-4E1B-ADF5-5453D4CA5229}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File
FirewallRules: [{32E0FE21-AD65-4B57-A75A-79D0702F1138}] => (Allow) C:\Users\Rita\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{89B6E6FE-2CBE-42CA-BE74-40480EEFA76D}] => (Allow) C:\Users\Rita\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A4078D4A-4B9C-4D90-8693-8CA5FF82AE70}] => (Allow) C:\Users\Rita\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F957A5AC-972B-476D-89BE-EAE308148587}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F5B3D39F-88DC-492C-AEF3-37C88DE8F8D4}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{19DDD1B5-6266-4436-9DF3-2034A9536AF3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )

==================== Restore Points =========================

13-10-2020 12:33:35 Ponto de Verificação Agendado
21-10-2020 14:03:48 Ponto de Verificação Agendado
26-10-2020 16:15:11 Windows Update
01-11-2020 16:35:04 Removed DaVinci Resolve Panels

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/01/2020 05:38:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: ig.exe, versão: 1.0.1.1, carimbo de data/hora: 0x5f43d0e0
Nome do módulo com falha: KERNELBASE.dll, versão: 6.3.9600.19678, carimbo de data/hora: 0x5e82c0f7
Código de exceção: 0xc0000142
Desvio de falha: 0x0009d452
ID do processo com falha: 0x66c
Hora de início da aplicação com falha: 0x01d6b075c2e8a7c4
Caminho da aplicação com falha: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
Caminho do módulo com falha: KERNELBASE.dll
ID do Relatório: 034411ae-1c69-11eb-82dc-a088699b1d05
Nome completo do pacote com falha: 
ID da aplicação relativa ao pacote com falha:

Error: (11/01/2020 04:11:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: ZeroConfigService.exe, versão: 21.40.1.0, carimbo de data/hora: 0x5d5ad5c9
Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.19678, carimbo de data/hora: 0x5e82c88a
Código de exceção: 0xc0000374
Desvio de falha: 0x00000000000f1ce0
ID do processo com falha: 0x934
Hora de início da aplicação com falha: 0x01d6b069a69163fd
Caminho da aplicação com falha: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Caminho do módulo com falha: C:\Windows\SYSTEM32\ntdll.dll
ID do Relatório: ed9e08ce-1c5c-11eb-82d6-a088699b1d05
Nome completo do pacote com falha: 
ID da aplicação relativa ao pacote com falha:

Error: (11/01/2020 04:01:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: mbamtray.exe, versão: 4.0.0.829, carimbo de data/hora: 0x5f936297
Nome do módulo com falha: KERNELBASE.dll, versão: 6.3.9600.19678, carimbo de data/hora: 0x5e82c88a
Código de exceção: 0xc0000142
Desvio de falha: 0x00000000000ecf40
ID do processo com falha: 0x1a5c
Hora de início da aplicação com falha: 0x01d6b0683c6a4f9e
Caminho da aplicação com falha: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Caminho do módulo com falha: KERNELBASE.dll
ID do Relatório: 823f59c2-1c5b-11eb-82d5-a088699b1d05
Nome completo do pacote com falha: 
ID da aplicação relativa ao pacote com falha:

Error: (11/01/2020 03:29:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: ig-45.exe, versão: 1.0.1.1, carimbo de data/hora: 0x5f43d0e0
Nome do módulo com falha: KERNELBASE.dll, versão: 6.3.9600.19678, carimbo de data/hora: 0x5e82c0f7
Código de exceção: 0xc0000142
Desvio de falha: 0x0009d452
ID do processo com falha: 0x1ac0
Hora de início da aplicação com falha: 0x01d6b063d716035e
Caminho da aplicação com falha: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-45.exe
Caminho do módulo com falha: KERNELBASE.dll
ID do Relatório: 19a92cad-1c57-11eb-82d4-a088699b1d05
Nome completo do pacote com falha: 
ID da aplicação relativa ao pacote com falha:

Error: (10/31/2020 12:57:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: AGSService.exe, versão: 7.2.0.32, carimbo de data/hora: 0x5f6abe78
Nome do módulo com falha: AGSService.exe, versão: 7.2.0.32, carimbo de data/hora: 0x5f6abe78
Código de exceção: 0xc0000005
Desvio de falha: 0x000fca2d
ID do processo com falha: 0x664
Hora de início da aplicação com falha: 0x01d6a609afbf6c02
Caminho da aplicação com falha: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
Caminho do módulo com falha: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
ID do Relatório: a84ee235-1b78-11eb-82d4-a088699b1d05
Nome completo do pacote com falha: 
ID da aplicação relativa ao pacote com falha:

Error: (09/13/2020 11:01:59 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Um problema impediu que os dados do Programa Para o Melhoramento da Experiência do Cliente fossem enviados para a Microsoft. (Erro 80070005).

Error: (09/10/2020 02:28:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objeto Escritor de Sistema.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKslDrv.

System Error:
O sistema não conseguiu localizar o ficheiro especificado.
.

Error: (08/17/2020 11:35:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: MBAMService.exe, versão: 3.2.0.890, carimbo de data/hora: 0x5e4bfca6
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000005
Desvio de falha: 0x0000000000000000
ID do processo com falha: 0xbf4
Hora de início da aplicação com falha: 0x01d66cba126d46df
Caminho da aplicação com falha: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Caminho do módulo com falha: unknown
ID do Relatório: bfec1fd1-e07d-11ea-82cd-a088699b1d05
Nome completo do pacote com falha: 
ID da aplicação relativa ao pacote com falha:


System errors:
=============
Error: (11/01/2020 06:43:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço.

Error: (11/01/2020 06:42:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço.

Error: (11/01/2020 06:41:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço.

Error: (11/01/2020 06:40:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço.

Error: (11/01/2020 06:39:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço.

Error: (11/01/2020 06:38:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço.

Error: (11/01/2020 06:37:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço.

Error: (11/01/2020 06:36:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Wireless PAN DHCP Server terminou inesperadamente. Já o fez 1 vez(es). Será efetuada a seguinte ação corretiva em 60000 milissegundos: Reiniciar o serviço.


Windows Defender:
===================================
Date: 2020-11-01 18:07:59.163
Description: 
A análise de Windows Defender foi parada antes de ser concluída.
ID de Análise: {E46CBE54-7BB6-4512-93EE-0AA3BE8D6687}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Completa
Utilizador: cali\Rita

Date: 2020-11-01 17:54:13.570
Description: 
A análise de Windows Defender foi parada antes de ser concluída.
ID de Análise: {581DC1A9-2A57-4557-9E66-00E6A856FBC2}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Completa
Utilizador: cali\Rita

Date: 2020-11-01 17:51:24.280
Description: 
A análise de Windows Defender foi parada antes de ser concluída.
ID de Análise: {4885CAD4-A12A-4267-A9E7-3D98021DCCB4}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Personalizada
Utilizador: cali\Rita

Date: 2020-11-01 15:40:05.818
Description: 
A análise de Windows Defender foi parada antes de ser concluída.
ID de Análise: {0483E053-DE6D-437C-9150-98117D08381C}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: cali\Rita

Date: 2020-11-01 15:18:28.886
Description: 
A análise de Windows Defender foi parada antes de ser concluída.
ID de Análise: {4AF8D5CD-CAD9-49B5-9810-6273B616925B}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Completa
Utilizador: cali\Rita

Date: 2020-10-19 12:17:33.752
Description: 
A funcionalidade de Proteção em Tempo Real de Windows Defender encontrou um erro e falhou.
Funcionalidade: Sistema de Inspeção de Rede
Código de Erro: 0x8007042d
Descrição do Erro: O serviço não foi iniciado devido a um erro de início de sessão. 
Razão: Faltam atualizações no sistema que são necessárias à execução do Sistema de Inspeção de Rede. Instale as atualizações necessárias e reinicie o computador.

Date: 2020-09-09 00:54:10.738
Description: 
Windows Defender encontrou um erro ao tentar atualizar assinaturas.
Nova Versão de Assinatura: 
Versão de Assinatura Anterior: 119.0.0.0
Origem de Atualização: Centro Microsoft de Proteção Contra Software Maligno
Tipo de Assinatura: Sistema de Inspeção de Rede
Tipo de Atualização: Completo
Utilizador: NT AUTHORITY\Serviço de rede
Versão de Motor Atual: 
Versão de Motor Anterior: 2.1.14600.4
Código de Erro: 0x80072ee7
Descrição do Erro: Não foi possível processar o nome ou o endereço do servidor 

Date: 2020-09-09 00:54:10.731
Description: 
Windows Defender encontrou um erro ao tentar atualizar assinaturas.
Nova Versão de Assinatura: 
Versão de Assinatura Anterior: 1.323.564.0
Origem de Atualização: Centro Microsoft de Proteção Contra Software Maligno
Tipo de Assinatura: AntiSpyware
Tipo de Atualização: Completo
Utilizador: NT AUTHORITY\Serviço de rede
Versão de Motor Atual: 
Versão de Motor Anterior: 1.1.17400.5
Código de Erro: 0x80072ee7
Descrição do Erro: Não foi possível processar o nome ou o endereço do servidor 

Date: 2020-09-09 00:54:10.731
Description: 
Windows Defender encontrou um erro ao tentar atualizar assinaturas.
Nova Versão de Assinatura: 
Versão de Assinatura Anterior: 1.323.564.0
Origem de Atualização: Centro Microsoft de Proteção Contra Software Maligno
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completo
Utilizador: NT AUTHORITY\Serviço de rede
Versão de Motor Atual: 
Versão de Motor Anterior: 1.1.17400.5
Código de Erro: 0x80072ee7
Descrição do Erro: Não foi possível processar o nome ou o endereço do servidor 

Date: 2020-09-09 00:54:10.512
Description: 
Windows Defender encontrou um erro ao tentar atualizar assinaturas.
Nova Versão de Assinatura: 
Versão de Assinatura Anterior: 1.323.564.0
Origem de Atualização: Servidor Microsoft Update
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completo
Utilizador: NT AUTHORITY\SYSTEM
Versão de Motor Atual: 
Versão de Motor Anterior: 1.1.17400.5
Código de Erro: 0x8024402c
Descrição do Erro: Ocorreu um problema inesperado ao procurar atualizações. Para obter informações sobre a instalação ou resolução de problemas de atualizações, consulte a Ajuda e Suporte. 

CodeIntegrity:
===================================

Date: 2020-10-24 12:34:38.361
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-09-14 11:36:14.980
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-09-12 19:30:59.779
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-08-26 13:20:58.345
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-08-18 11:46:22.522
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-08-10 14:50:28.006
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-21 10:47:12.429
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-18 12:10:14.400
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

BIOS: INSYDE Corp. 2.00 12/11/2014
Motherboard: Type2 - Board Vendor Name1 Type2 - Board Product Name1
Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 73%
Total physical RAM: 4016.14 MB
Available physical RAM: 1064.31 MB
Total Virtual: 8112.14 MB
Available Virtual: 4776.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:452.15 GB) (Free:361.33 GB) NTFS
Drive f: () (Removable) (Total:29.5 GB) (Free:10.56 GB) FAT32

\\?\Volume{9b43ce43-c903-11e4-a1d9-a3de36fdeb76}\ () (Fixed) (Total:1 GB) (Free:0.74 GB) NTFS
\\?\Volume{9a3a5090-56d2-4e3b-9207-aa02d8ad66e4}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{9b43ce57-c903-11e4-a1d9-a3de36fdeb76}\ () (Fixed) (Total:11.95 GB) (Free:11.89 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 29.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

 

I don't think there's anything else.

Link to post
Share on other sites

28 minutes ago, kevinf80 said:
Hello rstew2207 and welcome to Malwarebytes,

Run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin

Oops I think I might have pasted too much, I'm now pasting the FRST.txt and attaching the log. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2020
Ran by Rita (administrator) on CALI (TOSHIBA SATELLITE L50-B) (01-11-2020 18:49:55)
Running from C:\Users\Rita\Downloads
Loaded Profiles: Rita & Rita Work
Platform: Windows 8.1 (Update) (X64) Language: Português (Portugal)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Users\Rita\Downloads\HitmanPro_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Run: [Spotify] => C:\Users\Rita\AppData\Roaming\Spotify\Spotify.exe [22941928 2020-10-25] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
HKU\S-1-5-21-1423373995-1004855960-1227593991-1001\...\MountPoints2: {5ec93414-da1c-11e9-827e-a088699b1d05} - "D:\autorun.exe" /autorun
HKLM\...\Windows x64\Print Processors\Canon MP280 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAA.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP280 series: C:\Windows\system32\CNMLMAA.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-22] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\86.0.6394.76\Installer\chrmstp.exe [2020-11-01] (Avast Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26629E70-3A4C-459E-BD0C-F1E28BF3C6B4} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {2BC71FE0-6F69-4699-BD6B-2A3E8BC31023} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
Task: {3C4CB13B-9859-4EFB-ACC9-AB5F34ABA04F} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-01] (Avast Software s.r.o. -> AVAST Software)
Task: {5F22B91B-2894-4216-8AB8-BF0E1B7045CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Addition.txt

Link to post
Share on other sites

Hello rstew2207,

I do not see any evidence of Malware or Infection in your logs, run the following:

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....
 
Thank you,
 
Kevin
Link to post
Share on other sites

12 minutes ago, kevinf80 said:

Hello rstew2207,

I do not see any evidence of Malware or Infection in your logs, run the following:

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....
 
Thank you,
 
Kevin

Alright here it is: 


---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.327.152.0)
Started On Sun Nov 01 19:19:49 2020
->Scan ERROR: resource process://pid:312,ProcessStart:132487277734027368 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:456,ProcessStart:132487277870580025 (code 0x00000Microsoft Safety Scanner Finished On Sun Nov 01 19:20:33 2020


Return code: 0 (0x0)
0x00000005 (5))
->Scan ERROR: resource process://pid:620,ProcessStart:132487277895510560 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2572,ProcessStart:132487278326864496 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4400,ProcessStart:132487278776572662 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1400,ProcessStart:132487316719393923 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:5252,ProcessStart:132487319906821936 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:3160,ProcessStart:132487320074858788 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:4400,ProcessStart:132487278776572662 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2572,ProcessStart:132487278326864496 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33))
->Scan ERROR: resource process://pid:2572,ProcessStart:132487278326864496 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2572,ProcessStart:132487278326864496 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Sun Nov 01 19:36:40 2020


Return code: 0 (0x0)

 

Windows defender keeps showing the same message "preliminary scan results show that malicious or potentially unwanted software might exist"

Link to post
Share on other sites

Hello rstew2207,

I believe the keyword "MIGHT" exist does make for a bit of ambiguity, that said just the hint of unwanted software is enough to worry anyone. Looking at the installed Programs does not show any possibilities...

I guess as we are still unsure whether your system is definitely clean we must run an indepth AV scan, this scan may take several hours but is very much worthwhile...

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.



Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Thank you,

Kevin..

Link to post
Share on other sites

20 minutes ago, kevinf80 said:

Hello rstew2207,

I believe the keyword "MIGHT" exist does make for a bit of ambiguity, that said just the hint of unwanted software is enough to worry anyone. Looking at the installed Programs does not show any possibilities...

I guess as we are still unsure whether your system is definitely clean we must run an indepth AV scan, this scan may take several hours but is very much worthwhile...

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.



Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Thank you,

Kevin..

Okay thank you Kevin you were very helpful. I will have the Sopho's running until it scans completely. I was just worried i could have some sort of Trojan or even ransom ware which i want to stay away from. I didn't download anything at all or visit fishy websites, but I'm super paranoid. I just got scared with that google message "Our systems have detected unusual traffic from your computer network". Maybe this is nothing but just to be safe. Thank you! 

Link to post
Share on other sites

Hiya rstew2207,

The Sophos AV scan does indicate a clean system, if no remaining issues or concerns we can clean up:

Uninstall the following program:

Sophos AV

http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Also delete this folder if still present: C:\ProgramData\Sophos

Next,

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • When the tool opens, ensure all boxes are checked, and select Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.


Next,

1. How to create strong Passwords - https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/

2. How to keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download

3. Keep your Operating upto date and current - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2

4. Answers to Security Questions and Best Pratices - https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

5. Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

6. Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites

11 hours ago, kevinf80 said:

Hiya rstew2207,

The Sophos AV scan does indicate a clean system, if no remaining issues or concerns we can clean up:

Uninstall the following program:

Sophos AV

http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Also delete this folder if still present: C:\ProgramData\Sophos

Next,

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • When the tool opens, ensure all boxes are checked, and select Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.


Next,

1. How to create strong Passwords - https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/

2. How to keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download

3. Keep your Operating upto date and current - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2

4. Answers to Security Questions and Best Pratices - https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

5. Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

6. Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

Take care and surf safe

Kevin... user posted image

 

Good evening Kevin, thank you so much. I'm glad this was just me panicking. Thank you for your amazing work and I will soon make a donation. 

 

Here's the log: 

# Run at 02/11/2020 22:52:35
# KpRm (Kernel-panik) version 2.8
# Website https://kernel-panik.me/tool/kprm/
# Run by Rita from C:\Users\Rita\Downloads
# Computer Name: CALI
# OS: Windows 8.1 X64 (9600) 
# Number of passes: 1

- Checked options -

    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines after 7 days

- Create Registry Backup -

   ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\Rita\NTUSER.dat backed up

     [OK] Registry Backup: C:\KPRM\backup\2020-11-02-22-52-35

- Delete Tools -


  ## AdwCleaner
     [OK] C:\Users\Rita\Downloads\AdwCleaner (1).exe deleted
     [OK] C:\Users\Rita\Downloads\AdwCleaner.exe deleted

  ## FRST
     [OK] C:\Users\Rita\Downloads\Addition.txt deleted
     [OK] C:\Users\Rita\Downloads\FRST.txt deleted
     [OK] C:\Users\Rita\Downloads\FRST64.exe deleted

- Other Lines -


  ## Quarantines that will be deleted in 7 days (2020/11/09)
    ~ C:\AdwCleaner (AdwCleaner)
    ~ C:\FRST (FRST)

- Restore System Settings -

     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files

- Restore UAC -

     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

   ~ [OK] RP named Ponto de Verificação Agendado created at 10/13/2020 12:33:35 deleted
   ~ [OK] RP named Ponto de Verificação Agendado created at 10/21/2020 14:03:48 deleted
   ~ [OK] RP named Windows Update created at 10/26/2020 16:15:11 deleted
   ~ [OK] RP named Removed DaVinci Resolve Panels created at 11/01/2020 16:35:04 deleted
     [OK] All system restore points have been successfully deleted

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ RP named KpRm created at 11/02/2020 22:54:58

-- KPRM finished in 256.91s --

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.