Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

eMail Hijacked - Sending SPAM and phishing

emai hijack spam phishing

  • Please log in to reply

#1
RuiPedro

RuiPedro

    Member

  • Member
  • PipPip
  • 43 posts

Hello,

 

Somehow my email account is sending spam and phishing, I am sure about this because I get email from my self with phishing messages and I spoke with my ISP and they told me that there are logins in this email account from all over the world.

 

I tried to change the email password and stopped receiving/sending this kind of emails. For about two weeks. Now it started all over again.

 

I don't how they get the password for this email account so I am afraid my computer is somehow infected.

 

Also this email account is ONLY configured in this computer.

 

Thanks in Advance for any help I can get :)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by RuiPedro (administrator) on RUIPEDRO-PC (27-10-2018 10:01:56)
Running from C:\Users\RuiPedro\Desktop
Loaded Profiles: RuiPedro (Available Profiles: RuiPedro)
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service_ex.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\BackupService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\RMMRSP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\plugin Autenticacao.Gov\runtime\jre\bin\javaw.exe
() C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CteraAgentWD.exe
() C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAAgent.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Pura Lógica, Lda.) C:\Program Files (x86)\Pura Lógica\eConnector\eConnector.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\RMM Agent Service\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\RMM Agent Service\unit.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\RMM Agent Service\unit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_desktop.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [*CA] => C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\launcher.exe [51840 2016-08-12] ()
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [CTERA Agent] => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CteraAgentWD.exe [714816 2017-12-07] ()
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\RMMRSP.exe [2814568 2016-03-09] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\...\RunOnce: [*CA] => C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\launcher.exe [51840 2016-08-12] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3111750166-950763653-1138392380-1006\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2018-10-15] (Glarysoft Ltd)
HKU\S-1-5-21-3111750166-950763653-1138392380-1006\...\Run: [pteid] => C:\Autenticacao.gov\pteidguiV2.exe [2336256 2018-08-21] (Portuguese Government)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-01-26]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autenticacao.gov.pt.lnk [2018-10-17]
ShortcutTarget: Autenticacao.gov.pt.lnk -> C:\Program Files (x86)\plugin Autenticacao.Gov\Autenticacao.gov.pt.exe (Agência para a Modernização Administrativa, IP)
Startup: C:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2016-01-22]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 192.168.1.150 SQLSERVER
Tcpip\..\Interfaces\{587b957f-c966-491e-a8c2-206b4ac665e5}: [NameServer] 62.28.116.41,62.28.40.173

Internet Explorer:
==================
HKU\S-1-5-21-3111750166-950763653-1138392380-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-pt/?ocid=iehp
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-19] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)

FireFox:
========
FF DefaultProfile: 02zw29cx.default
FF ProfilePath: C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default [2018-10-27]
FF Homepage: Mozilla\Firefox\Profiles\02zw29cx.default -> www.google.com
FF NewTab: Mozilla\Firefox\Profiles\02zw29cx.default -> about:blank
FF Extension: (Alexa Traffic Rank) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2017-01-31] [Legacy]
FF Extension: (autoplay shield-study extension) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2018-10-25]
FF Extension: (Context Menu Image Saver) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2016-09-23] [Legacy]
FF Extension: (Exif Viewer) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2018-06-21]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2018-08-23]
FF Extension: (Save Images) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2017-10-14] [Legacy]
FF Extension: (Google Similar Images) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2016-04-28] [Legacy]
FF Extension: (PageRank Client) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2016-04-27] [Legacy]
FF Extension: (Corretor para Português de Portugal) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2018-04-19] [Legacy]
FF Extension: (The Addon Bar (restored)) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2016-05-04] [Legacy]
FF Extension: (Alexa Sparky) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2015-11-13] [Legacy]
FF Extension: (Screengrab!) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-10-13]
FF Extension: (Alexa Rank) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\{833523a7-98c7-44a2-a361-579d2b067d45}.xpi [2018-10-12]
FF Extension: (Abduction!) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi [2016-04-27] [Legacy]
FF Extension: (Contextual Google Image Search) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\{D46504D3-4959-4351-AED6-C7EA276DBB93}.xpi [2018-01-26]
FF SearchPlugin: C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\searchplugins\s-amazon.xml [2013-03-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-01-26] [Legacy] [not signed]
FF HKU\S-1-5-21-3111750166-950763653-1138392380-1006\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Silverlight\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.sapo.pt/
CHR StartupUrls: Default -> "hxxp://www.google.pt/"
CHR Profile: C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default [2018-10-24]
CHR Extension: (Slides) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Docs) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-22]
CHR Extension: (YouTube) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-22]
CHR Extension: (CTERA Edit) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcanilindnkpmffpdadmihenpagcpin [2017-12-05]
CHR Extension: (Google Search) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-22]
CHR Extension: (Adobe Acrobat) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
CHR Extension: (Sheets) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (XKit) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2016-02-12]
CHR Extension: (Chrome Remote Desktop) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-16]
CHR Extension: (Tank Riders) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdmmodjlfegeieihcdcgcalkgmhgmiae [2016-01-22]
CHR Extension: (Google Docs Offline) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-28]
CHR Extension: (Cut the Rope) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2016-01-22]
CHR Extension: (Apps Launcher) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2018-06-15]
CHR Extension: (Google Analytics Debugger) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkmfdileelhofjcijamephohjechhna [2018-09-28]
CHR Extension: (Webcam Toy) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2018-06-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-22]
CHR Extension: (Chrome Media Router) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-28]
CHR Profile: C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-29]
CHR HKLM-x32\...\Chrome\Extension: [clcanilindnkpmffpdadmihenpagcpin] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc.)
R2 CLPSLauncherEx; C:\Program Files (x86)\Common Files\COMODO\launcher_service_ex.exe [97952 2016-08-12] (Comodo Security Solutions, Inc.)
R2 CTERA Agent service; C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\BackupService.exe [5541440 2017-12-07] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [143648 2018-01-08] (Maxthon International ltd.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RMMRSP; C:\Program Files (x86)\Common Files\COMODO\RMMRSP.exe [2814568 2016-03-09] (Comodo Security Solutions, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-23] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [28936 2018-08-03] (Glarysoft Ltd)
R3 IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [58880 2008-07-31] (Infineon Technologies AG)
R3 S3XXx64; C:\WINDOWS\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-23] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-23] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-27 10:01 - 2018-10-27 10:02 - 000022455 _____ C:\Users\RuiPedro\Desktop\FRST.txt
2018-10-27 10:01 - 2018-10-27 10:01 - 000000000 ____D C:\FRST
2018-10-27 10:00 - 2018-10-27 10:00 - 002414592 _____ (Farbar) C:\Users\RuiPedro\Desktop\FRST64.exe
2018-10-24 09:03 - 2018-10-24 09:03 - 000001098 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2018-10-22 18:23 - 2018-10-22 18:26 - 000000000 ____D C:\Users\RuiPedro\Desktop\4501440500
2018-10-17 20:47 - 2018-10-17 20:47 - 017367192 _____ (Glarysoft Ltd) C:\Users\RuiPedro\Downloads\Glary_Utilities_v5.107.0.132.exe
2018-10-17 20:41 - 2018-10-17 20:41 - 007799552 _____ (Tim Kosse) C:\Users\RuiPedro\Downloads\FileZilla_3.37.4_win64-setup.exe
2018-10-17 20:41 - 2018-10-17 20:41 - 000001927 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2018-10-17 12:17 - 2018-10-17 12:17 - 001647567 _____ C:\Users\RuiPedro\Downloads\decimalevolution_1.ai
2018-10-17 12:17 - 2018-10-17 12:17 - 000069228 _____ C:\Users\RuiPedro\Downloads\NEOTECHSTD-REGULAR.OTF
2018-10-17 06:41 - 2018-09-21 10:18 - 021386888 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-17 06:41 - 2018-09-21 09:22 - 020381784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-10-17 06:41 - 2018-09-21 05:09 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-10-17 06:41 - 2018-09-21 05:08 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-10-17 06:41 - 2018-09-21 04:41 - 003396096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-10-17 06:41 - 2018-09-20 10:23 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-10-17 06:41 - 2018-09-20 10:22 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-10-17 06:41 - 2018-09-20 10:18 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-10-17 06:41 - 2018-09-20 09:35 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-10-17 06:41 - 2018-09-20 09:34 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-10-17 06:41 - 2018-09-20 05:29 - 006569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-10-17 06:41 - 2018-09-20 05:29 - 006039368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-10-17 06:41 - 2018-09-20 05:21 - 022013440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-10-17 06:41 - 2018-09-20 05:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-10-17 06:41 - 2018-09-20 05:11 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-10-17 06:41 - 2018-09-20 05:09 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-10-17 06:41 - 2018-09-20 05:09 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-10-17 06:41 - 2018-09-20 05:09 - 007432136 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-10-17 06:41 - 2018-09-20 05:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-10-17 06:41 - 2018-09-20 04:53 - 025851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-10-17 06:41 - 2018-09-20 04:46 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-10-17 06:41 - 2018-09-20 04:44 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-10-17 06:41 - 2018-09-20 04:44 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-10-17 06:41 - 2018-09-20 04:42 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-10-17 06:41 - 2018-09-20 04:41 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-10-17 06:41 - 2018-09-20 04:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-17 06:41 - 2018-09-20 04:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-10-17 06:41 - 2018-09-08 09:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-10-17 06:41 - 2018-09-08 09:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-10-17 06:41 - 2018-09-08 09:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-10-17 06:41 - 2018-09-08 09:03 - 002267136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-10-17 06:41 - 2018-09-08 08:58 - 001520744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-10-17 06:41 - 2018-09-08 08:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-10-17 06:41 - 2018-09-08 08:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-10-17 06:41 - 2018-09-08 08:17 - 001540104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-10-17 06:41 - 2018-09-08 08:14 - 001328056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-10-17 06:41 - 2018-09-08 05:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-10-17 06:41 - 2018-09-08 04:57 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-10-17 06:41 - 2018-09-08 04:44 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-10-17 06:41 - 2018-09-08 04:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2018-10-17 06:41 - 2018-09-08 04:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-10-17 06:41 - 2018-09-08 04:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-10-17 06:41 - 2018-09-08 04:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2018-10-17 06:41 - 2018-09-08 04:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-10-17 06:41 - 2018-09-08 04:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-10-17 06:40 - 2018-09-21 10:23 - 000257848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 001786168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 001422648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000399672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-10-17 06:40 - 2018-09-21 10:21 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2018-10-17 06:40 - 2018-09-21 10:21 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2018-10-17 06:40 - 2018-09-21 10:21 - 000034304 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2018-10-17 06:40 - 2018-09-21 10:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-10-17 06:40 - 2018-09-21 09:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-10-17 06:40 - 2018-09-21 05:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-10-17 06:40 - 2018-09-21 05:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-10-17 06:40 - 2018-09-21 05:12 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-10-17 06:40 - 2018-09-21 05:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-10-17 06:40 - 2018-09-21 05:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-10-17 06:40 - 2018-09-21 05:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-10-17 06:40 - 2018-09-21 05:09 - 001062920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-10-17 06:40 - 2018-09-21 05:09 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-10-17 06:40 - 2018-09-21 05:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-10-17 06:40 - 2018-09-21 05:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-10-17 06:40 - 2018-09-21 05:08 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-10-17 06:40 - 2018-09-21 05:08 - 001257864 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-10-17 06:40 - 2018-09-21 05:08 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-10-17 06:40 - 2018-09-21 05:08 - 000982600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-10-17 06:40 - 2018-09-21 05:08 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-10-17 06:40 - 2018-09-21 05:08 - 000261008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-10-17 06:40 - 2018-09-21 05:08 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-10-17 06:40 - 2018-09-21 05:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-10-17 06:40 - 2018-09-21 04:58 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-10-17 06:40 - 2018-09-21 04:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-10-17 06:40 - 2018-09-21 04:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-10-17 06:40 - 2018-09-21 04:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-10-17 06:40 - 2018-09-21 04:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-10-17 06:40 - 2018-09-21 04:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-10-17 06:40 - 2018-09-21 04:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-10-17 06:40 - 2018-09-21 04:42 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-10-17 06:40 - 2018-09-21 04:40 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-10-17 06:40 - 2018-09-21 04:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-10-17 06:40 - 2018-09-21 04:39 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-10-17 06:40 - 2018-09-21 04:39 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-10-17 06:40 - 2018-09-21 04:39 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-10-17 06:40 - 2018-09-21 04:38 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-10-17 06:40 - 2018-09-21 04:38 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-10-17 06:40 - 2018-09-21 04:37 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-10-17 06:40 - 2018-09-21 04:37 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-10-17 06:40 - 2018-09-21 04:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-10-17 06:40 - 2018-09-21 04:37 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-10-17 06:40 - 2018-09-21 04:36 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-10-17 06:40 - 2018-09-21 04:36 - 001034240 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-10-17 06:40 - 2018-09-21 04:36 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-10-17 06:40 - 2018-09-21 04:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-10-17 06:40 - 2018-09-21 04:36 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-10-17 06:40 - 2018-09-20 10:40 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-10-17 06:40 - 2018-09-20 10:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-17 06:40 - 2018-09-20 10:19 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-10-17 06:40 - 2018-09-20 10:18 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-10-17 06:40 - 2018-09-20 10:18 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-10-17 06:40 - 2018-09-20 10:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-17 06:40 - 2018-09-20 10:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-17 06:40 - 2018-09-20 10:17 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-10-17 06:40 - 2018-09-20 10:17 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-10-17 06:40 - 2018-09-20 10:16 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-17 06:40 - 2018-09-20 09:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-17 06:40 - 2018-09-20 09:30 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-10-17 06:40 - 2018-09-20 09:29 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-10-17 06:40 - 2018-09-20 09:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-17 06:40 - 2018-09-20 09:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-17 06:40 - 2018-09-20 09:28 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2018-10-17 06:40 - 2018-09-20 07:43 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-10-17 06:40 - 2018-09-20 06:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-10-17 06:40 - 2018-09-20 05:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-17 06:40 - 2018-09-20 05:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-17 06:40 - 2018-09-20 05:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-10-17 06:40 - 2018-09-20 05:28 - 001129544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-10-17 06:40 - 2018-09-20 05:28 - 000581792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-10-17 06:40 - 2018-09-20 05:28 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-10-17 06:40 - 2018-09-20 05:17 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-10-17 06:40 - 2018-09-20 05:13 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-10-17 06:40 - 2018-09-20 05:12 - 000272200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-10-17 06:40 - 2018-09-20 05:12 - 000269128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-10-17 06:40 - 2018-09-20 05:11 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-10-17 06:40 - 2018-09-20 05:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-10-17 06:40 - 2018-09-20 05:11 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-10-17 06:40 - 2018-09-20 05:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-10-17 06:40 - 2018-09-20 05:10 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-17 06:40 - 2018-09-20 05:10 - 001221128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-10-17 06:40 - 2018-09-20 05:10 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-10-17 06:40 - 2018-09-20 05:10 - 000566800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-10-17 06:40 - 2018-09-20 05:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-17 06:40 - 2018-09-20 05:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-17 06:40 - 2018-09-20 05:10 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-10-17 06:40 - 2018-09-20 05:10 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-10-17 06:40 - 2018-09-20 05:09 - 002825232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-10-17 06:40 - 2018-09-20 05:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-17 06:40 - 2018-09-20 05:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-17 06:40 - 2018-09-20 05:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-17 06:40 - 2018-09-20 05:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-10-17 06:40 - 2018-09-20 05:09 - 001097744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-10-17 06:40 - 2018-09-20 05:09 - 000885952 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-10-17 06:40 - 2018-09-20 05:09 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-17 06:40 - 2018-09-20 05:09 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-10-17 06:40 - 2018-09-20 05:09 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-17 06:40 - 2018-09-20 05:08 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-10-17 06:40 - 2018-09-20 04:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe
2018-10-17 06:40 - 2018-09-20 04:42 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-10-17 06:40 - 2018-09-20 04:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-10-17 06:40 - 2018-09-20 04:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-10-17 06:40 - 2018-09-20 04:41 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-10-17 06:40 - 2018-09-20 04:41 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-10-17 06:40 - 2018-09-20 04:41 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-10-17 06:40 - 2018-09-20 04:40 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-10-17 06:40 - 2018-09-20 04:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-10-17 06:40 - 2018-09-20 04:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-17 06:40 - 2018-09-20 04:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-17 06:40 - 2018-09-20 04:37 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-17 06:40 - 2018-09-20 04:36 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-10-17 06:40 - 2018-09-20 03:21 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-10-17 06:40 - 2018-09-20 02:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-17 06:40 - 2018-09-08 09:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-10-17 06:40 - 2018-09-08 09:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-10-17 06:40 - 2018-09-08 09:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-10-17 06:40 - 2018-09-08 09:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-10-17 06:40 - 2018-09-08 09:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-10-17 06:40 - 2018-09-08 09:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-10-17 06:40 - 2018-09-08 09:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-10-17 06:40 - 2018-09-08 09:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-10-17 06:40 - 2018-09-08 08:58 - 001639352 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-10-17 06:40 - 2018-09-08 08:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-10-17 06:40 - 2018-09-08 08:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-10-17 06:40 - 2018-09-08 08:43 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-10-17 06:40 - 2018-09-08 08:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
2018-10-17 06:40 - 2018-09-08 08:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-10-17 06:40 - 2018-09-08 08:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-10-17 06:40 - 2018-09-08 08:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-10-17 06:40 - 2018-09-08 08:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
2018-10-17 06:40 - 2018-09-08 08:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-10-17 06:40 - 2018-09-08 08:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-10-17 06:40 - 2018-09-08 08:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-10-17 06:40 - 2018-09-08 08:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2018-10-17 06:40 - 2018-09-08 08:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-10-17 06:40 - 2018-09-08 08:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2018-10-17 06:40 - 2018-09-08 08:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2018-10-17 06:40 - 2018-09-08 08:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-10-17 06:40 - 2018-09-08 08:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-10-17 06:40 - 2018-09-08 08:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-10-17 06:40 - 2018-09-08 08:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-10-17 06:40 - 2018-09-08 08:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-10-17 06:40 - 2018-09-08 08:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-10-17 06:40 - 2018-09-08 08:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-10-17 06:40 - 2018-09-08 08:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-10-17 06:40 - 2018-09-08 08:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-10-17 06:40 - 2018-09-08 08:13 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-10-17 06:40 - 2018-09-08 08:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-10-17 06:40 - 2018-09-08 08:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-10-17 06:40 - 2018-09-08 08:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-10-17 06:40 - 2018-09-08 08:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-10-17 06:40 - 2018-09-08 08:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2018-10-17 06:40 - 2018-09-08 07:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-10-17 06:40 - 2018-09-08 07:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-10-17 06:40 - 2018-09-08 07:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-10-17 06:40 - 2018-09-08 07:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-10-17 06:40 - 2018-09-08 07:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-10-17 06:40 - 2018-09-08 07:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-10-17 06:40 - 2018-09-08 07:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-10-17 06:40 - 2018-09-08 07:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-10-17 06:40 - 2018-09-08 07:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-10-17 06:40 - 2018-09-08 07:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-10-17 06:40 - 2018-09-08 07:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2018-10-17 06:40 - 2018-09-08 07:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-10-17 06:40 - 2018-09-08 04:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-10-17 06:40 - 2018-09-08 04:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-10-17 06:40 - 2018-09-08 04:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-10-17 06:40 - 2018-09-08 04:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-10-17 06:40 - 2018-09-08 04:58 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-10-17 06:40 - 2018-09-08 04:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-10-17 06:40 - 2018-09-08 04:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-10-17 06:40 - 2018-09-08 04:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-10-17 06:40 - 2018-09-08 04:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2018-10-17 06:40 - 2018-09-08 04:57 - 000267576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-10-17 06:40 - 2018-09-08 04:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-10-17 06:40 - 2018-09-08 04:45 - 000295416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-10-17 06:40 - 2018-09-08 04:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-10-17 06:40 - 2018-09-08 04:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-10-17 06:40 - 2018-09-08 04:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-10-17 06:40 - 2018-09-08 04:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2018-10-17 06:40 - 2018-09-08 04:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-10-17 06:40 - 2018-09-08 04:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-10-17 06:40 - 2018-09-08 04:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-10-17 06:40 - 2018-09-08 04:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2018-10-17 06:40 - 2018-09-08 04:30 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-10-17 06:40 - 2018-09-08 04:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2018-10-17 06:40 - 2018-09-08 04:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2018-10-17 06:40 - 2018-09-08 04:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-10-17 06:40 - 2018-09-08 04:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2018-10-17 06:40 - 2018-09-08 04:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-10-17 06:40 - 2018-09-08 04:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-10-17 06:40 - 2018-09-08 04:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-10-17 06:40 - 2018-09-08 04:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-10-17 06:40 - 2018-09-08 04:28 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-10-17 06:40 - 2018-09-08 04:28 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-10-17 06:40 - 2018-09-08 04:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
2018-10-17 06:40 - 2018-09-08 04:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-10-17 06:40 - 2018-09-08 04:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-10-17 06:40 - 2018-09-08 04:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2018-10-17 06:40 - 2018-09-08 04:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2018-10-17 06:40 - 2018-09-08 04:27 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-10-17 06:40 - 2018-09-08 04:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-10-17 06:40 - 2018-09-08 04:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-10-17 06:40 - 2018-09-08 04:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-10-17 06:40 - 2018-09-08 04:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-10-17 06:40 - 2018-09-08 04:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-10-17 06:40 - 2018-09-08 04:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
2018-10-17 06:40 - 2018-09-08 04:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2018-10-17 06:40 - 2018-09-08 04:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-10-17 06:40 - 2018-09-08 04:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2018-10-17 06:40 - 2018-09-08 04:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-10-17 06:40 - 2018-09-08 04:25 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-10-17 06:40 - 2018-09-08 04:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
2018-10-17 06:40 - 2018-09-08 04:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-10-17 06:40 - 2018-09-08 04:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2018-10-17 06:40 - 2018-09-08 04:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2018-10-17 06:40 - 2018-09-08 04:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2018-10-17 06:40 - 2018-09-08 04:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2018-10-17 06:40 - 2018-09-08 04:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2018-10-17 06:40 - 2018-09-08 04:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll
2018-10-17 06:40 - 2018-09-08 04:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-10-15 10:50 - 2018-10-24 00:27 - 000000000 ____D C:\Users\RuiPedro\Documents\Decimal Evolution
2018-10-09 11:20 - 2018-10-09 11:26 - 000287976 _____ C:\TDSSKiller.3.1.0.17_09.10.2018_11.20.27_log.txt
2018-10-09 11:20 - 2018-10-09 11:20 - 004949824 _____ (AO Kaspersky Lab) C:\Users\RuiPedro\Downloads\tdsskiller.exe
2018-10-08 23:11 - 2018-10-08 23:11 - 007592144 _____ (Malwarebytes) C:\Users\RuiPedro\Downloads\adwcleaner_7.2.4.0.exe
2018-10-08 22:56 - 2018-10-08 22:56 - 000000000 ____D C:\Users\RuiPedro\AppData\Local\ESET
2018-10-08 22:55 - 2018-10-08 22:55 - 006981240 _____ (ESET spol. s r.o.) C:\Users\RuiPedro\Downloads\esetonlinescanner_enu.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-27 09:58 - 2016-11-18 16:19 - 000000000 ____D C:\Users\RuiPedro\AppData\LocalLow\Mozilla
2018-10-27 09:49 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-27 09:48 - 2016-01-21 15:33 - 000000000 ____D C:\Users\RuiPedro\Documents\Outlook Files
2018-10-27 09:40 - 2018-05-09 06:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-27 09:01 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-27 09:01 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-27 00:34 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-10-26 17:50 - 2016-01-21 18:01 - 000000000 ____D C:\Users\RuiPedro\Desktop\PROP
2018-10-26 10:32 - 2016-01-22 13:34 - 000000000 ____D C:\Users\RuiPedro\AppData\Local\CutePDF Writer
2018-10-26 09:30 - 2016-02-01 17:28 - 000001662 _____ C:\Users\RuiPedro\Desktop\eConnector.lnk
2018-10-26 03:33 - 2017-10-03 09:37 - 000000000 ____D C:\Users\RuiPedro\AppData\Local\GoToMeeting
2018-10-25 10:50 - 2018-07-30 13:25 - 000001379 _____ C:\Users\Public\Desktop\Skype.lnk
2018-10-25 10:50 - 2018-07-30 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-10-25 10:50 - 2016-01-21 16:26 - 000000000 ____D C:\Users\RuiPedro\AppData\Roaming\Skype
2018-10-25 10:40 - 2016-01-13 18:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-25 10:39 - 2017-06-30 14:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-10-25 10:39 - 2016-01-13 18:21 - 000001257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-10-24 17:33 - 2018-05-09 06:41 - 000003842 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3111750166-950763653-1138392380-1006
2018-10-24 17:33 - 2018-05-09 06:41 - 000003746 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3111750166-950763653-1138392380-1006
2018-10-24 17:33 - 2017-10-03 09:37 - 000000676 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3111750166-950763653-1138392380-1006.job
2018-10-24 17:33 - 2017-10-03 09:37 - 000000580 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3111750166-950763653-1138392380-1006.job
2018-10-24 13:05 - 2016-01-22 18:50 - 000000000 ____D C:\Users\RuiPedro\Documents\Estagios
2018-10-24 09:17 - 2018-05-09 06:41 - 000003272 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRuiPedro
2018-10-24 09:17 - 2018-01-04 11:43 - 000000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRuiPedro.job
2018-10-24 09:03 - 2016-02-17 13:34 - 000001110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2018-10-24 09:03 - 2016-02-17 13:33 - 000000000 ____D C:\Program Files\Paint.NET
2018-10-24 00:18 - 2018-07-05 10:52 - 000000000 ____D C:\Users\RuiPedro\Documents\PixelDestaque
2018-10-23 18:35 - 2018-02-22 01:08 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-10-23 16:57 - 2018-07-10 02:38 - 000000000 ____D C:\ProgramData\Packages
2018-10-22 17:37 - 2016-04-29 17:16 - 000000000 ____D C:\Users\RuiPedro\AppData\Roaming\FileZilla
2018-10-22 12:16 - 2016-01-22 18:21 - 000000000 ____D C:\Users\RuiPedro\.gls
2018-10-22 11:25 - 2016-10-12 09:52 - 000000000 ____D C:\Users\RuiPedro\Desktop\Tabelas Fornecedores
2018-10-19 12:00 - 2018-03-13 14:23 - 000002154 _____ C:\Users\RuiPedro\Desktop\GLS.lnk
2018-10-19 11:36 - 2016-01-22 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-19 11:36 - 2016-01-22 18:14 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-19 11:34 - 2016-01-22 18:14 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-10-17 20:48 - 2018-08-03 13:30 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2018-10-17 20:47 - 2018-08-03 13:30 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2018-10-17 20:46 - 2016-12-30 01:46 - 000000000 ____D C:\Users\RuiPedro\AppData\Roaming\vlc
2018-10-17 20:44 - 2016-06-03 16:28 - 000000000 ____D C:\Users\RuiPedro\AppData\Local\CrashDumps
2018-10-17 20:43 - 2018-05-09 06:29 - 001946294 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-10-17 20:43 - 2018-04-12 17:42 - 000832542 _____ C:\WINDOWS\system32\prfh0816.dat
2018-10-17 20:43 - 2018-04-12 17:42 - 000180212 _____ C:\WINDOWS\system32\prfc0816.dat
2018-10-17 20:43 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-10-17 20:41 - 2017-03-17 18:32 - 000000000 ____D C:\Users\RuiPedro\AppData\Local\FileZilla
2018-10-17 20:41 - 2016-04-29 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-10-17 20:41 - 2016-04-29 17:27 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2018-10-17 20:35 - 2018-09-20 20:41 - 000001677 _____ C:\Users\RuiPedro\Desktop\Disco Virtual.lnk
2018-10-17 20:35 - 2018-08-22 19:04 - 000000000 ____D C:\Users\RuiPedro\AppData\Roaming\plugin Autenticacao.Gov
2018-10-17 20:35 - 2016-01-22 18:11 - 000000000 ____D C:\Users\RuiPedro\AppData\Roaming\stickies
2018-10-17 20:34 - 2018-05-09 06:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-17 20:34 - 2018-05-09 06:27 - 000366632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-17 20:34 - 2017-10-26 08:39 - 000000000 ___RD C:\Users\RuiPedro\3D Objects
2018-10-17 20:34 - 2016-11-22 16:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-10-17 20:34 - 2016-09-16 14:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-17 20:33 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-10-17 20:33 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-10-17 20:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-10-17 20:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-10-17 20:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-10-17 20:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-17 20:33 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-10-17 20:33 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-10-17 06:54 - 2016-01-12 17:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-17 06:52 - 2016-01-12 17:55 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-17 06:50 - 2009-07-14 03:34 - 000000513 _____ C:\WINDOWS\win.ini
2018-10-16 05:05 - 2010-11-21 04:27 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-10-12 16:20 - 2018-07-06 14:31 - 000000000 ___RD C:\Users\RuiPedro\Documents\Scanned Documents
2018-10-12 13:21 - 2016-01-26 12:23 - 000000000 ____D C:\Users\RuiPedro\Documents\Minhas digitalizações
2018-10-09 07:35 - 2016-09-19 12:38 - 000000000 ___RD C:\Users\RuiPedro\Desktop\DT
2018-10-09 03:11 - 2018-05-09 06:41 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3111750166-950763653-1138392380-1006
2018-10-09 03:11 - 2018-05-09 06:34 - 000002467 _____ C:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-09 03:11 - 2016-09-16 15:07 - 000000000 ___RD C:\Users\RuiPedro\OneDrive
2018-10-08 23:13 - 2018-02-01 12:31 - 000000000 ____D C:\AdwCleaner
2018-10-02 21:13 - 2018-04-12 00:41 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-10-02 21:13 - 2018-04-12 00:41 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-27 13:54 - 2016-01-22 18:45 - 000000000 ____D C:\Users\RuiPedro\Documents\bancos

==================== Files in the root of some directories =======

2016-01-25 18:12 - 2016-01-25 18:12 - 000007605 _____ () C:\Users\RuiPedro\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-10-17 20:35 - 2018-10-17 20:35 - 000018008 ____N () C:\Users\RuiPedro\AppData\Local\Temp\detectReader326460370468397998873.dll
2018-10-24 00:07 - 2018-10-24 00:07 - 007858216 _____ () C:\Users\RuiPedro\AppData\Local\Temp\paint.net.4.1.2.install.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-09 06:27

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by RuiPedro (27-10-2018 10:03:30)
Running from C:\Users\RuiPedro\Desktop
Windows 10 Pro Version 1803 17134.345 (X64) (2018-05-09 05:42:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3111750166-950763653-1138392380-500 - Administrator - Disabled)
Caos (S-1-5-21-3111750166-950763653-1138392380-1004 - Limited - Enabled)
Convidado (S-1-5-21-3111750166-950763653-1138392380-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-3111750166-950763653-1138392380-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3111750166-950763653-1138392380-1002 - Limited - Enabled)
RuiPedro (S-1-5-21-3111750166-950763653-1138392380-1006 - Administrator - Enabled) => C:\Users\RuiPedro
Sysop (S-1-5-21-3111750166-950763653-1138392380-1003 - Administrator - Enabled)
WDAGUtilityAccount (S-1-5-21-3111750166-950763653-1138392380-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Analizador y SDK de MSXML 4.0 SP2 (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assistente de Atualização do Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Autenticação.Gov 3.0.14 (build 5561) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F205561}) (Version: 3.0.5561 - Portuguese Government)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Chilkat Crypt ActiveX (HKLM-x32\...\{E796DF56-2808-424E-8E73-833C046B8BB0}) (Version: 4.4.8 - Chilkat Software Inc)
Chilkat HTTP ActiveX (HKLM-x32\...\{EE0523D7-7268-4587-A4EF-8682B41D2ABC}) (Version: 9.4.0 - Chilkat Software Inc)
Chrome Remote Desktop Host (HKLM-x32\...\{F51A03C4-2DD0-43B0-900F-EAD1C45DC542}) (Version: 71.0.3578.15 - Google Inc.)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Disco Virtual 360 (HKLM-x32\...\{38bda00c-347a-4f25-b312-d5f7a0ff39d7}) (Version: 5.6.3131 - PT-Empresas)
DJ_AIO_03_F4200_Software_Min (HKLM-x32\...\{363CEA5C-C9D0-45DD-9511-A461DBDEE94B}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
F4200 (HKLM-x32\...\{C2524280-A5CF-4458-B809-167F13FAB56D}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
FastStone Image Viewer 5.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.7 - FastStone Soft)
FileZilla Client 3.37.4 (HKLM-x32\...\FileZilla Client) (Version: 3.37.4 - Tim Kosse)
Glary Utilities 5.107 (HKLM-x32\...\Glary Utilities 5) (Version: 5.107.0.132 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 8.36.1.10903 (HKU\S-1-5-21-3111750166-950763653-1138392380-1006\...\GoToMeeting) (Version: 8.36.1.10903 - LogMeIn, Inc.)
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{7463C61B-A36C-47BC-8E16-701EBC34C26F}) (Version: 12.9.24.3 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.8 - Intel)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Malwarebytes versão 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3111750166-950763653-1138392380-1006\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM-x32\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 63.0 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0 (x64 en-US)) (Version: 63.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.0.6865 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 pt-PT) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 pt-PT)) (Version: 52.8.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.1.5.2000 - Maxthon International Limited)
Pacote de controladores do Windows - Estado Português SmartCard  (07/26/2016 4.0.0.3) (HKLM\...\FE243E41772876B005E5C788B4B7DF2E9914C241) (Version: 07/26/2016 4.0.0.3 - Estado Português)
paint.net (HKLM\...\{FC1BF7F0-A83E-464A-8D59-FCEB5FA582AB}) (Version: 4.1.2 - dotPDN LLC)
PHC 18 (HKLM-x32\...\{C9028CA5-DB59-4903-BD43-023A1D3939F0}_is1) (Version: 18 - PHC)
PHC Controls for CS (HKLM-x32\...\{C574973A-0FCC-4559-8606-E6664B141F8D}) (Version: 17.0 - PHC)
PHC CS 19 (HKLM-x32\...\{2888D0AD-4C14-409C-AAB5-090F555DB7C0}_is1) (Version: 19 - PHC)
PHC CS 20 (HKLM-x32\...\{8A1A3280-DDE2-4035-BC21-8ADA6E0F774D}_is1) (Version: 20 - PHC)
plugin Autenticação.Gov (HKLM-x32\...\{78D56187-E252-44F5-A344-5172A04350A3}) (Version: 2.0.31 - Agência para a Modernização Administrativa)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
RMM Agent Service (HKLM\...\{378B301A-477D-4303-8846-15224892C2B2}) (Version: 6.1.524 - Comodo Security Solutions Inc)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Sentinel Protection Installer 7.6.5 (HKLM-x32\...\{DE09967A-E9E2-4562-A58D-989CA70FA65E}) (Version: 7.6.5 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype versão 8.33 (HKLM-x32\...\Skype_is1) (Version: 8.33 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SSDlife Pro (HKLM-x32\...\{6F104B6D-535A-4D27-9A11-8525368AEB1F}) (Version: 2.5.82 - BinarySense Inc.)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
Suporte para Aplicações Apple (32-bits) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Suporte para Aplicações Apple (64-bits) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [    CTERA_Backup] -> {42782684-F29F-4425-ADFF-39050E37105E} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ShellIconOverlayIdentifiers: [    CTERA_error] -> {2541846f-31fd-4811-91db-6d78bf3e43b9} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ShellIconOverlayIdentifiers: [    CTERA_IncludeBackup] -> {07E032ED-45F7-424A-86B9-DF916F1245CD} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ShellIconOverlayIdentifiers: [    CTERA_NotSynced] -> {2074142E-089E-4CA3-9842-4B0C5220D466} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ShellIconOverlayIdentifiers: [    CTERA_Synced] -> {B2B81867-2E6F-402A-8962-EF878D403262} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ContextMenuHandlers1: [CTERA] -> {42782684-F29F-4425-ADFF-39050E37105E} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers2: [CTERA] -> {42782684-F29F-4425-ADFF-39050E37105E} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [CTERA] -> {42782684-F29F-4425-ADFF-39050E37105E} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ContextMenuHandlers5: [CTERA] -> {42782684-F29F-4425-ADFF-39050E37105E} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0491F1FD-D2BA-4778-9811-01913BDC12AA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {08E1E6E0-0EEE-445F-B9A8-ADC5AA2FA2A5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {090D6130-09FA-4A2F-B20C-E9F34FA7B1DD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {0DB855C9-0632-43CD-B004-E177E72D39E1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {11FA80E1-25E4-45EA-8838-2F185FCA2FF6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1726FA22-A049-4BF7-8B9A-6E2DC07C45AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {320E55ED-43C3-42BB-943F-B5BA4E469069} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {37362195-C187-42C0-8C88-5E28FE49737C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)
Task: {39669084-0EAA-46A8-BA05-4720561C5648} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {3973ED8C-F238-46D5-8C5D-7F1F8A7D6DC0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-22] ()
Task: {3A44238D-EA5B-49B6-9CDC-78A7050CCF34} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3E05D855-D3E6-47E0-8878-21F4C6C47E62} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {44BDDC9C-40F3-49C5-9A51-0D91A476F78F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {4653BEE4-DF91-48CC-BB7A-5DA8F6FF185C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {48320C61-299B-4680-92A0-267ACD8C62A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
Task: {4852EA3B-0BD6-41EE-90AB-6E51FC8CCD69} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {551BFD8D-3BDD-43DF-B618-8266681F2222} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)
Task: {58C5874A-A67C-4F40-AEDC-73D36E940523} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {5D2EA505-0002-40B2-A38F-8703A99F9529} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5E7845B7-596B-4132-A0CD-7E80E41CB1CF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {63AB110A-48F3-4470-B186-7B99F1E735E5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {65FFC615-5F27-492C-8AF5-962A26EDE743} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {6B465911-6A5C-418B-99F2-259A83A7F06B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {6BB446A9-AA47-43F2-A001-6AB15250AE3E} - System32\Tasks\G2MUploadTask-S-1-5-21-3111750166-950763653-1138392380-1006 => C:\Users\RuiPedro\AppData\Local\GoToMeeting\10903\g2mupload.exe [2018-10-24] (LogMeIn, Inc.)
Task: {71F12D8D-2152-4D5E-A288-D1BDB09EBC36} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {82B4EF1D-EFD4-4599-820B-E82D4BE21EFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {8BBACD97-7304-42EA-B7D4-CDFBCEBC722B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {971F8149-7718-40AA-A848-599A7B31F7A5} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {98B1FA75-CF1D-41FD-BB8E-657F03722836} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {98D39798-5223-427B-A907-4DAC39C4162D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9F82687A-A2C8-4EB7-B201-4C200AFDDC32} - System32\Tasks\COMODO RMM SERVICE => net [Argument = START CLPSLauncherEx]
Task: {A03C3C6D-E786-4C79-80C8-62631F00974E} - System32\Tasks\HPCeeScheduleForRuiPedro => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {A2F18595-F97C-4BF6-8C79-BC001346DA52} - System32\Tasks\G2MUpdateTask-S-1-5-21-3111750166-950763653-1138392380-1006 => C:\Users\RuiPedro\AppData\Local\GoToMeeting\10903\g2mupdate.exe [2018-10-24] (LogMeIn, Inc.)
Task: {B39DF0E1-4B8F-4ADC-89A1-B2280B71B416} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BB86EE18-AF63-4BF4-86E0-90D80BEAEA3F} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [2018-01-08] (Maxthon International ltd.)
Task: {BC170FC0-DD24-483D-8B0C-132A749AB6C0} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BC76CFC8-8AEF-4639-B35F-E408964A9A78} - System32\Tasks\{312C8181-607E-47D7-B6A0-C999EE1805E6} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {C5AF56CD-1428-4898-861E-0B950036ADB7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C930B00E-6E6E-456B-B291-A09548C33C81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D7148084-0382-4692-87F6-5A921F136D2B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D8D903E0-9C7C-458F-AF85-1D4E0C491F1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {DB6682D5-EAF2-4DFA-B4C0-C7856130390D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DE21DC8A-1196-479C-91A5-877905E78A5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {E14D6595-A7BD-4754-BF4E-BCE959CCB6DB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {E6C0637B-95A8-4E35-83D3-E6F922A68038} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {E845471C-AF4C-4550-9202-843C8780EB70} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EAB5F695-9E2C-45C2-8F19-C0E1C72DA8B4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EB4E2464-F202-49FF-80B7-363DC85635EA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {EF615657-4DD0-45FD-8E8A-E714328461D9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F2B4D8F3-DCCB-43D6-B826-251EB3E7FB21} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {FC5C950A-1DAA-4E73-B8DE-B849B09772FA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FD959ED3-8620-4CEC-BE61-4D95AE294B35} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3111750166-950763653-1138392380-1006.job => C:\Users\RuiPedro\AppData\Local\GoToMeeting\10903\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3111750166-950763653-1138392380-1006.job => C:\Users\RuiPedro\AppData\Local\GoToMeeting\10903\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRuiPedro.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\RuiPedro\Desktop\GLS.lnk -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://unique.gls-holding.net/UniStart/uniconnectaccess/jnlp/uniconnectaccess.jnlp "C:\Users\RuiPedro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\209951e94-181be
ShortcutWithArgument: C:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Tank Riders.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gdmmodjlfegeieihcdcgcalkgmhgmiae

==================== Loaded Modules (Whitelisted) ==============

2016-01-22 13:33 - 2016-01-19 21:27 - 000088496 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-02-15 22:01 - 2016-02-15 22:01 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-07 12:45 - 2017-12-07 12:45 - 005541440 _____ () C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\BackupService.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-12-07 12:45 - 2017-12-07 12:45 - 002335808 _____ () C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-04 15:50 - 2018-10-04 15:50 - 000054440 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2018-10-17 06:40 - 2018-09-20 04:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-07 12:45 - 2017-12-07 12:45 - 000714816 _____ () C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CteraAgentWD.exe
2017-12-07 12:45 - 2017-12-07 12:45 - 001155136 _____ () C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CteraAgent.exe
2018-10-23 16:56 - 2018-10-23 16:57 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-10-23 16:56 - 2018-10-23 16:57 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-10-23 16:56 - 2018-10-23 16:57 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-23 16:56 - 2018-10-23 16:57 - 010978304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-10-23 16:56 - 2018-10-23 16:57 - 002810368 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\skypert.dll
2018-10-23 16:56 - 2018-10-23 16:57 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-10-23 16:56 - 2018-10-23 16:57 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-09-22 10:41 - 2018-09-22 10:41 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-09-22 10:41 - 2018-09-22 10:41 - 069128192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-04 11:03 - 2017-10-04 11:04 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-09-22 10:41 - 2018-09-22 10:41 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-08-29 18:55 - 2018-08-29 18:56 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-04 11:32 - 2018-05-04 11:32 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-08-29 18:55 - 2018-08-29 18:56 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-05 08:20 - 2018-04-05 08:21 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-08-16 20:28 - 2018-08-16 20:28 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-08-16 20:28 - 2018-08-16 20:28 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-09-22 10:41 - 2018-09-22 10:41 - 014171648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-08-29 18:55 - 2018-08-29 18:56 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-09-22 10:41 - 2018-09-22 10:41 - 002866176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-29 18:55 - 2018-08-29 18:56 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 18:20 - 2018-07-26 18:20 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-16 17:31 - 2018-10-16 17:31 - 004183040 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-09-26 03:03 - 2018-09-26 03:03 - 004472952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2011-05-20 14:31 - 2011-05-20 14:31 - 002869248 _____ () C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\QtCore4.dll
2011-05-20 14:34 - 2011-05-20 14:34 - 001277440 _____ () C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\QtNetwork4.dll
2011-05-20 14:52 - 2011-05-20 14:52 - 010445312 _____ () C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\QtGui4.dll
2016-08-12 14:12 - 2016-08-12 14:12 - 000195048 _____ () C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\LibNtlm.dll
2016-08-12 14:11 - 2016-08-12 14:11 - 000045160 _____ () C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\imageformats\qgif4.dll
2018-10-17 20:35 - 2018-10-17 20:35 - 000018008 ____N () C:\Users\RuiPedro\AppData\Local\Temp\detectReader326460370468397998873.dll
2018-07-30 13:25 - 2018-10-19 18:09 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-10-25 10:50 - 2018-10-19 18:09 - 002363960 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2018-10-25 10:50 - 2018-10-19 18:09 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-10-25 10:50 - 2018-10-19 18:09 - 000094152 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\skype-coexistence\build\Release\coexistence.node
2018-10-25 10:50 - 2018-10-19 18:09 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-10-25 10:50 - 2018-10-19 18:09 - 000081864 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
2018-07-30 13:25 - 2018-10-19 18:09 - 002723872 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-07-30 13:25 - 2018-10-19 18:09 - 000031776 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-10-25 10:50 - 2018-10-19 18:09 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-10-25 10:50 - 2018-10-19 18:09 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\RuiPedro\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\RuiPedro\Desktop\pdat.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\RuiPedro\Desktop\pdat.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\RuiPedro\Downloads\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\RuiPedro\Documents\Tribunal-LENOVO:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3111750166-950763653-1138392380-1006\...\skype.com -> hxxps://apps.skype.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-30 00:12 - 2016-12-30 00:12 - 000000849 _____ C:\WINDOWS\system32\Drivers\etc\hosts

192.168.1.150 SQLSERVER

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3111750166-950763653-1138392380-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{35decd5c-8622-456e-890d-6f0a175ac32a}.jpg
DNS Servers: 62.28.116.41 - 62.28.40.173
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{0AB56CFE-1DEF-4A86-91E5-EC48DA9A541E}C:\users\ruipedro\desktop\anydesk.exe] => (Allow) C:\users\ruipedro\desktop\anydesk.exe
FirewallRules: [TCP Query User{6656E34A-426D-4FA5-B6B2-CE49D8A1B30F}C:\users\ruipedro\desktop\anydesk.exe] => (Allow) C:\users\ruipedro\desktop\anydesk.exe
FirewallRules: [UDP Query User{8A18FE40-2F7F-49DB-B5EF-95B4D1E21CCA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{1D5F06F9-FEB8-4D1D-BE76-B48963B567C6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{CA56C7BC-975F-425A-98F0-8B97B76559BF}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{04FF5C3A-768C-4DC3-9895-359784117AE7}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{20BA6EE3-1544-4E7B-BCB6-074B741F9DD9}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{06B71A07-9A22-4F60-BD57-2E324DF745FD}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [UDP Query User{8CE20380-655A-482A-80AB-F5BB3B710936}C:\users\ruipedro\desktop\anydesk.exe] => (Allow) C:\users\ruipedro\desktop\anydesk.exe
FirewallRules: [TCP Query User{763AD000-C21C-46ED-A7B8-F2535F728510}C:\users\ruipedro\desktop\anydesk.exe] => (Allow) C:\users\ruipedro\desktop\anydesk.exe
FirewallRules: [UDP Query User{5E2AF437-CF6A-4E1B-94BE-D67DE6F735E0}C:\program files (x86)\stickies\stickies.exe] => (Allow) C:\program files (x86)\stickies\stickies.exe
FirewallRules: [TCP Query User{62492946-7846-49AA-959C-71662D09422B}C:\program files (x86)\stickies\stickies.exe] => (Allow) C:\program files (x86)\stickies\stickies.exe
FirewallRules: [{CA8EA60C-2B89-483B-AF7C-A82464E5E14A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B333779A-6DBA-42CF-9CF3-4D4B70156C2D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{61D5A923-61A7-4815-A9B1-61BA289F2FFC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34046A40-2146-426E-BBD1-54E23CFC3AB8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D44E2499-B8FF-4A4E-BC4C-76CAE6281E08}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1855531E-652A-4394-909C-CABBE50A32B5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE49EEE5-F614-4B42-A871-9B5AFE43A379}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{18C12486-1CCC-49C7-B8F4-A55F3C0EF925}C:\program files (x86)\stickies\stickies.exe] => (Allow) C:\program files (x86)\stickies\stickies.exe
FirewallRules: [UDP Query User{5876C0DC-B7D4-412F-9AB7-C6B70461E419}C:\program files (x86)\stickies\stickies.exe] => (Allow) C:\program files (x86)\stickies\stickies.exe
FirewallRules: [{A14D47AF-E7BA-43D0-9FDE-8395F206C9BA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C0E4B8A0-871F-4EBA-9928-29C44457FB7F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{7D1DC600-C606-4863-B9B7-6F63F81586C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{AC8714D4-9398-485C-A54E-EC43268C8247}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FC2102DF-01B3-4B87-9A35-89FAE47035EB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{76B8D304-A6E7-4FBC-B04B-591794C3EEB4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9F593E56-524D-402F-9CCE-254A9E3D83C5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{0DE4F1DD-DA45-42A1-BFD9-173BF3B2C11B}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{3BAE9E65-BF13-41AD-A577-8AB35A7DB396}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{2BD5FF2C-3859-4809-8C99-43FCA75E81A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{38704E68-658B-47E6-A95F-FCB7E1B1EE98}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{C4EED3B8-ABEF-427E-9668-D89923F914E4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{BF1C7C02-98F0-4A78-9613-1F9284077BAA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{EA075539-30E0-4BC6-B89C-0D32A73C68A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3AAEA0BC-9B5B-447C-8AC3-842FA24BBB9F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{670990EB-2950-4668-A81C-A5441687A722}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{4B5F8C88-381B-4F35-8EA2-9B1C777D213D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{C2E9AB37-FC4E-44D0-9692-E7A259223925}C:\users\ruipedro\downloads\anydesk.exe] => (Allow) C:\users\ruipedro\downloads\anydesk.exe
FirewallRules: [UDP Query User{46B3FF1E-D3D8-4F9E-AB40-C14286C90B8A}C:\users\ruipedro\downloads\anydesk.exe] => (Allow) C:\users\ruipedro\downloads\anydesk.exe
FirewallRules: [{35445675-6AEA-4395-80CD-30084E6ED6FA}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{66E4BDC2-24CF-459F-88C5-C4EEFA592972}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{878D7C91-905D-4956-B724-4103092EFBA5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{2A73B192-E6C1-410F-A1F7-1601580D14C6}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{CB52C344-5155-4ABE-B377-C21EA83DD151}] => (Allow) C:\Program Files\COMODO\RMM Agent Service\unit.exe
FirewallRules: [TCP Query User{73C6578D-FD2B-40B1-956C-601B05D24D16}E:\program files\mirc\mirc.exe] => (Allow) E:\program files\mirc\mirc.exe
FirewallRules: [UDP Query User{3C4BB2F7-EA31-48A2-AC85-395D10E33939}E:\program files\mirc\mirc.exe] => (Allow) E:\program files\mirc\mirc.exe
FirewallRules: [{A3B3B4D9-79FB-4427-9303-A11BA2F4062F}] => (Allow) C:\Program Files\COMODO\RMM Agent Service\unit.exe
FirewallRules: [{8FEF46C2-0C01-44C0-9808-7C964E9113FA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{93FB2506-C6BD-470A-89EE-D2528CCE0DA5}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{CD14733B-A5C5-4650-8C79-3F18FDB85C77}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{678428AC-350C-4855-A278-92773D1385A7}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe

==================== Restore Points =========================

17-10-2018 09:22:47 Instalador de Módulos do Windows
18-10-2018 10:34:39 Instalador de Módulos do Windows
19-10-2018 12:34:39 Instalador de Módulos do Windows
20-10-2018 14:34:39 Instalador de Módulos do Windows
21-10-2018 16:34:39 Instalador de Módulos do Windows
22-10-2018 18:34:39 Instalador de Módulos do Windows
24-10-2018 20:34:46 Instalador de Módulos do Windows
25-10-2018 22:34:44 Instalador de Módulos do Windows
27-10-2018 00:34:44 Instalador de Módulos do Windows

==================== Faulty Device Manager Devices =============

Name: Rato Compatível com PS/2
Description: Rato Compatível com PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/24/2018 09:03:06 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópia sombra de volumes: Erro inesperado ao chamar a rotina QueryFullProcessImageNameW. hr = 0x80070006, O identificador é inválido.
.


Operação:
   A Executar Operação [bleep]íncrona

Contexto:
   Estado Atual: DoSnapshotSet

Error: (10/17/2018 08:44:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: vlc.exe, versão: 2.2.4.0, carimbo de data/hora: 0x00000004
Nome do módulo com falha: msvcrt.dll, versão: 7.0.17134.1, carimbo de data/hora: 0xc5dd3631
Código de exceção: 0xc0000005
Desvio de falha: 0x00067c97
ID do processo com falha: 0x224c
Hora de início da aplicação com falha: 0x01d46651ae35917e
Caminho da aplicação com falha: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Caminho do módulo com falha: C:\WINDOWS\System32\msvcrt.dll
ID do Relatório: 73902831-4ada-4fe9-a8c7-7c64e15ae8ab
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:

Error: (10/08/2018 10:56:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: vlc.exe, versão: 2.2.4.0, carimbo de data/hora: 0x00000004
Nome do módulo com falha: msvcrt.dll, versão: 7.0.17134.1, carimbo de data/hora: 0xc5dd3631
Código de exceção: 0xc0000005
Desvio de falha: 0x00067c97
ID do processo com falha: 0x4bc
Hora de início da aplicação com falha: 0x01d45f51c4424a46
Caminho da aplicação com falha: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Caminho do módulo com falha: C:\WINDOWS\System32\msvcrt.dll
ID do Relatório: da4ed9b3-39e6-474b-8dff-44aa812456df
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:

Error: (09/20/2018 08:39:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: phccorporate.exe, versão: 23.0.358.0, carimbo de data/hora: 0x47139f24
Nome do módulo com falha: MFC42.DLL, versão: 6.6.8063.0, carimbo de data/hora: 0x77d7520f
Código de exceção: 0xc000041d
Desvio de falha: 0x00029152
ID do processo com falha: 0xec8
Hora de início da aplicação com falha: 0x01d450398b0e40cd
Caminho da aplicação com falha: C:\PHC\PHCPRG\phccorporate.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\MFC42.DLL
ID do Relatório: 3c580b89-3a72-4e6e-892c-20946ceb4393
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:

Error: (09/20/2018 08:39:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: phccorporate.exe, versão: 23.0.358.0, carimbo de data/hora: 0x47139f24
Nome do módulo com falha: MFC42.DLL, versão: 6.6.8063.0, carimbo de data/hora: 0x77d7520f
Código de exceção: 0xc0000005
Desvio de falha: 0x00029152
ID do processo com falha: 0xec8
Hora de início da aplicação com falha: 0x01d450398b0e40cd
Caminho da aplicação com falha: C:\PHC\PHCPRG\phccorporate.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\MFC42.DLL
ID do Relatório: a4e0d504-fc9d-4e93-a2d0-d48f43fd0a85
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:

Error: (09/12/2018 12:06:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa phccorporate.exe versão 23.0.358.0 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo de Segurança e Manutenção.

ID do Processo: 2414

Hora de Início: 01d448ef7a3607b8

Hora de Cessação: 217

Caminho da Aplicação: C:\PHC\PHCPRG\phccorporate.exe

ID do Relatório: 504e292a-3716-4f16-b794-9e13dd26fdfc

Nome completo do pacote com falha:

ID da aplicação relativa ao pacote com falha:

Error: (08/24/2018 03:58:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa hpqkygrp.exe versão 13.0.0.131 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo de Segurança e Manutenção.

ID do Processo: 31a4

Hora de Início: 01d43bafa15e2973

Hora de Cessação: 10

Caminho da Aplicação: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe

ID do Relatório: eafe9cff-1974-4552-a6e1-417e612ba690

Nome completo do pacote com falha:

ID da aplicação relativa ao pacote com falha:

Error: (08/24/2018 03:58:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: CteraAgent.exe, versão: 0.0.0.0, carimbo de data/hora: 0x5a020d23
Nome do módulo com falha: ntdll.dll, versão: 10.0.17134.228, carimbo de data/hora: 0x2c71c7b8
Código de exceção: 0xc0000005
Desvio de falha: 0x00061d89
ID do processo com falha: 0x3650
Hora de início da aplicação com falha: 0x01d43bbaf11ed16a
Caminho da aplicação com falha: C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CteraAgent.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\ntdll.dll
ID do Relatório: ba28d807-1812-4444-8044-ef2bfb948e99
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:


System errors:
=============
Error: (10/27/2018 09:53:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço eapihdrv falhou o arranque devido ao seguinte erro:
O carregamento deste controlador foi bloqueado

Error: (10/27/2018 09:53:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\RuiPedro\AppData\Local\Temp\ehdrv.sys

Error: (10/27/2018 09:53:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço eapihdrv falhou o arranque devido ao seguinte erro:
O carregamento deste controlador foi bloqueado

Error: (10/27/2018 09:53:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\RuiPedro\AppData\Local\Temp\ehdrv.sys

Error: (10/27/2018 09:53:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço eapihdrv falhou o arranque devido ao seguinte erro:
O carregamento deste controlador foi bloqueado

Error: (10/27/2018 09:53:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\RuiPedro\AppData\Local\Temp\ehdrv.sys

Error: (10/27/2018 09:53:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço eapihdrv falhou o arranque devido ao seguinte erro:
O carregamento deste controlador foi bloqueado

Error: (10/27/2018 09:53:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\RuiPedro\AppData\Local\Temp\ehdrv.sys


Windows Defender:
===================================
Date: 2018-10-19 13:04:07.088
Description:
Antivírus do Windows Defender detetou um comportamento suspeito.
Nome: Informational:Behavior/ModifiedKernel
ID: 34308026
Gravidade: Baixa
Categoria: Comportamento Suspeito
Caminho Encontrado: process:_0
Início de Deteção: Desconhecido
Tipo de Deteção: Suspeito
Origem de Deteção: Proteção em Tempo Real
Estado: A executar
Utilizador: Unknown\Unknown
Nome do Processo: Unknown
ID da Assinatura: 717259538435
Versão da Assinatura: AV: 1.279.62.0, AS: 1.279.62.0
Versão do Motor: 1.1.15400.4
Etiqueta de Fidelidade:  Baixo
Nome do Ficheiro de Destino:  

Date: 2018-10-18 10:38:19.753
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {1CE8E3C2-8EF7-4249-AFA9-2E59E2DC4513}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2018-10-17 09:39:38.447
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {23A60BC7-BAC4-4335-955A-1C2C3BEB60EA}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2018-10-17 09:24:55.697
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {9B708B6F-4289-4D85-861D-99BFC28512EF}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2018-10-08 19:08:15.673
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {C853D5B8-C752-4661-B67E-98A149C7199C}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2018-10-18 02:44:47.513
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-18 02:44:47.480
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-18 02:44:47.447
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-18 02:44:47.383
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-18 02:44:47.371
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-18 02:44:47.359
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-18 02:44:46.369
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-18 02:44:46.238
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 71%
Total physical RAM: 3991.24 MB
Available physical RAM: 1133.27 MB
Total Virtual: 8087.24 MB
Available Virtual: 4200.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.03 GB) (Free:103.24 GB) NTFS
Drive e: (OLD C) (Fixed) (Total:134.94 GB) (Free:52.66 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_RECOVERY) (Fixed) (Total:12.05 GB) (Free:6.63 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (OS_TOOLS) (Fixed) (Total:1.95 GB) (Free:1.74 GB) NTFS

\\?\Volume{6aae7c3a-ad9b-11e5-bceb-806e6f6e6963}\ (Sistema Reservado) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{2bd2c32a-0000-0000-0000-50c837000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 3833069C)
Partition 1: (Active) - (Size=134.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=72)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

The following items appear suspicious to me:

 

HKLM\...\Run: [*CA] => C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\launcher.exe [51840 2016-08-12] ()

HKLM-x32\...\Run: [CTERA Agent] => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CteraAgentWD.exe [714816 2017-12-07] ()
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\RMMRSP.exe [2814568 2016-03-09] (Comodo Security Solutions, Inc.)
HKLM\...\RunOnce: [*CA] => C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\launcher.exe [51840 2016-08-12] ()

HKU\S-1-5-21-3111750166-950763653-1138392380-1006\...\Run: [pteid] => C:\Autenticacao.gov\pteidguiV2.exe [2336256 2018-08-21] (Portuguese Government)
Startup: C:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autenticacao.gov.pt.lnk [2018-10-17]
ShortcutTarget: Autenticacao.gov.pt.lnk -> C:\Program Files (x86)\plugin Autenticacao.Gov\Autenticacao.gov.pt.exe (Agência para a Modernização Administrativa, IP)

 

 

The top line is legitimate software from Comodo that allows you to remotely control the PC but I do not see it in your installed software list.  The Portuguese software is also not in your installed software list and I have no idea what it does.  I can give you a fixlist to remove all of it or just the Comodo or the Portuguese.  Let me know what you want.


  • 0

#3
RuiPedro

RuiPedro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Hello,

 

First I would like to thank you for helping me out :)

 

The First one (CTERA Agent) is legit software provided by "Altice Portugal" to manage our cloud storage. Something like Dropbox, for instance!

 

The Comodo Software is installed in this computer, to be remotely accessed by the company that provides our biling/CRM software. I know this is a professional (beta) tool from comodo that allows them to update the software.

 

The last one "Autenticacao.gov" is needed to access some Portuguese Government sites, to read my "Citizen Card" that has a smart card chip, also used to remotely sign documents.

 

I Understand that none of this are familiar to you, but I THINK... they are all legit... I think...


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

OK.  Can you get the billing company to change the password for the Comodo just in case it's been compromised?

 

I'm not seeing anything evil but let's try Rogue Killer and see if it finds anything:

 

Let's run Rogue Killer

http://www.adlice.co...iller/#download
Portable 32 bits
Portable 64 bits

Download and Save.



Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin

Start Scan
Start Scan

Will take about 20 minutes to complete.

Open Report
Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) if you can so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.
 


  • 0

#5
RuiPedro

RuiPedro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Hello Again,

 

Just a fast note, the first one (eConnector) is to sync data between our mysql site database and our local database, I believe it's not dangerous...

 

here is the TXT:

 

RogueKiller V12.13.6.0 (x64) [Oct 22 2018] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.co...ad/roguekiller/
Blog : http://www.adlice.com

Sistema Operativo : Windows 10 (10.0.17134) 64 bits version
Iniciou : Modo normal
Utilizador : RuiPedro [Administrador]
Começado de : C:\Users\RuiPedro\Desktop\RogueKiller_portable64.exe
Modo : Examinar -- Data : 10/28/2018 22:28:11 (Duration : 00:53:17)

¤¤¤ Processos : 1 ¤¤¤
[VT.Unknown] eConnector.exe(6560) -- C:\Program Files (x86)\Pura Lógica\eConnector\eConnector.exe[-] -> Encontrado

¤¤¤ Registo : 24 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Description -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Myfree Codec -> Encontrado
[PUP.RegCurePro|PUP.Gen1] (X64) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\ParetoLogic -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Torch -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Myfree Codec -> Encontrado
[PUP.RegCurePro|PUP.Gen1] (X86) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\ParetoLogic -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Torch -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Torch -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Torch -> Encontrado
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_F_00BF\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Encontrado
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_F_00BF\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Encontrado
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_55EC\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Encontrado
[PUM.HomePage] (X64) HKEY_USERS\RK_Default_ON_E_54A6\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com/country/pt/pt/welcome.html -> Encontrado
[PUM.HomePage] (X86) HKEY_USERS\RK_Default_ON_E_54A6\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com/country/pt/pt/welcome.html -> Encontrado
[PUM.HomePage] (X64) HKEY_USERS\RK_Default_ON_E_54A6\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.hp.com -> Encontrado
[PUM.HomePage] (X86) HKEY_USERS\RK_Default_ON_E_54A6\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.hp.com -> Encontrado
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3111750166-950763653-1138392380-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3111750166-950763653-1138392380-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 2 ¤¤¤
[PUP.Gen2][Firefox:Addon] 02zw29cx.default : Alexa Sparky [[email protected]] -> Encontrado
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.sapo.pt/]-> Encontrado

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ATA CT240BX200SSD1 SCSI Disk Device +++++
--- User ---
[MBR] caadb47eec427412d2ee7525df667ce3
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228383 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 467937280 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ATA ST3160815AS SCSI Disk Device +++++
--- User ---
[MBR] 3a4081f3e7947f6c00d045aeeebfa1e5
[BSP] 2a3c8f988b067800fd35c920e0969883 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 138176 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 282984975 | Size: 12339 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 308256768 | Size: 1999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] UNKNOWN (0x72) [VISIBLE] Offset (sectors): 312351795 | Size: 101 MB
User = LL1 ... OK
User = LL2 ... OK

 


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Nothing serious but I would let it delete the pups
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

You might want to run MBAR:

 

https://www.malwareb...om/antirootkit/

 

See if it finds something.


  • 0

#8
RuiPedro

RuiPedro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

PUPs deleted as well as Hj.RegVal, Hope I didn't mess anything ! :D

 

Going for MBAR now, posting soon!

 

 

 

RogueKiller V12.13.6.0 (x64) [Oct 22 2018] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.co...ad/roguekiller/
Blog : http://www.adlice.com

Sistema Operativo : Windows 10 (10.0.17134) 64 bits version
Iniciou : Modo normal
Utilizador : RuiPedro [Administrador]
Começado de : C:\Users\RuiPedro\Desktop\RogueKiller_portable64.exe
Modo : Apagar -- Data : 10/28/2018 22:28:11 (Duration : 00:53:17)

¤¤¤ Processos : 1 ¤¤¤
[VT.Unknown] eConnector.exe(6560) -- C:\Program Files (x86)\Pura Lógica\eConnector\eConnector.exe[-] -> Encontrado

¤¤¤ Registo : 24 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Description -> Apagado
[PUP.Gen1] (X64) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Myfree Codec -> Apagado
[PUP.RegCurePro|PUP.Gen1] (X64) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\ParetoLogic -> Apagado
[PUP.Gen1] (X64) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Torch -> Apagado
[PUP.Gen1] (X86) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Myfree Codec -> Apagado
[PUP.RegCurePro|PUP.Gen1] (X86) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\ParetoLogic -> Apagado
[PUP.Gen1] (X86) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Torch -> Apagado
[PUP.Gen1] (X64) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec -> Apagado
[PUP.Gen1] (X64) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch -> Apagado
[PUP.Gen1] (X86) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec -> Apagado
[PUP.Gen1] (X86) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch -> Apagado
[PUP.Gen1] (X64) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec -> Apagado
[PUP.Gen1] (X64) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Torch -> Apagado
[PUP.Gen1] (X86) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec -> Apagado
[PUP.Gen1] (X86) HKEY_USERS\RK_Rui Pedro_ON_E_3F2E\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Torch -> Apagado
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_F_00BF\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Substituído (explorer.exe)
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_F_00BF\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Substituído (explorer.exe)
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_55EC\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Não selecionado
[PUM.HomePage] (X64) HKEY_USERS\RK_Default_ON_E_54A6\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com/country/pt/pt/welcome.html -> Não selecionado
[PUM.HomePage] (X86) HKEY_USERS\RK_Default_ON_E_54A6\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com/country/pt/pt/welcome.html -> Não selecionado
[PUM.HomePage] (X64) HKEY_USERS\RK_Default_ON_E_54A6\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.hp.com -> Não selecionado
[PUM.HomePage] (X86) HKEY_USERS\RK_Default_ON_E_54A6\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.hp.com -> Não selecionado
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3111750166-950763653-1138392380-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Não selecionado
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3111750166-950763653-1138392380-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Não selecionado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 2 ¤¤¤
[PUP.Gen2][Firefox:Addon] 02zw29cx.default : Alexa Sparky [[email protected]] -> Apagado
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.sapo.pt/]-> Não selecionado

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ATA CT240BX200SSD1 SCSI Disk Device +++++
--- User ---
[MBR] caadb47eec427412d2ee7525df667ce3
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228383 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 467937280 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ATA ST3160815AS SCSI Disk Device +++++
--- User ---
[MBR] 3a4081f3e7947f6c00d045aeeebfa1e5
[BSP] 2a3c8f988b067800fd35c920e0969883 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 138176 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 282984975 | Size: 12339 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 308256768 | Size: 1999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] UNKNOWN (0x72) [VISIBLE] Offset (sectors): 312351795 | Size: 101 MB
User = LL1 ... OK
User = LL2 ... OK

 


  • 0

#9
RuiPedro

RuiPedro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

MBAR found nothing!

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.345.17134.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 2.992000 GHz
Memory total: 4185120768, free: 1176563712

Downloaded database version: v2018.10.29.02
Downloaded database version: v2018.10.29.02
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     10/29/2018 07:47:23
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\WppRecorder.sys
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\system32\drivers\mssecflt.sys
\SystemRoot\system32\drivers\SgrmAgent.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afunix.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\WINDOWS\System32\drivers\GUBootStartup.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\bam.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\System32\drivers\usbuhci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\parport.sys
\SystemRoot\system32\DRIVERS\IFXTPM.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\System32\drivers\Dot4Prt.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\S3XXx64.sys
\SystemRoot\system32\DRIVERS\SMCLIB.SYS
\SystemRoot\System32\DRIVERS\scfilter.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\cldflt.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\drivers\wd\WdFilter.sys
\SystemRoot\system32\drivers\wd\WdNisDrv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\1B76A6B2.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2018.10.29.02
  rootkit: v2018.10.29.02

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff860ca78cd610, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffff860ca78cc040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff860ca78cd610, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffff860ca63c4e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff860ca63d6060, DeviceName: \Device\00000027\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2BD2C32A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 467729584
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 467937280  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 240057409536 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffff860ca78cc710, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffff860ca78cb040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff860ca78cc710, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffff860ca5aa7e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff860ca63c1060, DeviceName: \Device\00000029\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3833069C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 282984912
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 282984975  Numsec = 25270820
    Partition is bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 308256768  Numsec = 4093952
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Other (0x72)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 312351795  Numsec = 208845
    Partition is not bootable

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8AC6285D85C6EBA11B54D5E8945035D2BC8E9413.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8AC6285D85C6EBA11B54D5E8945035D2BC8E9413.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8AC6285D85C6EBA11B54D5E8945035D2BC8E9413.bin.83" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Network\Downloader\qmgr.db" is sparse (flags = 32768)
File "C:\Users\RuiPedro\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-467937280-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-282984975-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-2-308256768-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-3-312351795-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

We can check the system files for problems:

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth


 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 

sfc  /scannow




This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::
 

notepad %UserProfile%\desktop\junk.txt


Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

 

Also

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.

 

You might try putting on Tiny Firewall:

https://tinywall.pados.hu/

 

That should block any remote access if you don't allow the Comodo stuff to get through.  You can turn off the firewall when they need to access.

 

Make sure that the new password for your email is at least 10 characters and contains a mixture of small and large letters, numbers and if allowed punctuation marks.

 


 


  • 0

Advertisements


#11
RuiPedro

RuiPedro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Hello,

 

Not everything went has expected.

 

1) From the SFC I got this message:

Windows Resource Protection did not find any integrity violations.

 

2) Can't Run VEW.exe because:

VEW has not been coded for your language (Portuguese)

 

3) The link to Process Explorer is not working!

 

4) Tinywall is a good ideia, I will install it ASAP. (RIght now I am on a remote connection)

 

5) Yes, the password is strong as you sugested!


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

You can get Process Explorer from the link on this page:

https://docs.microso...rocess-explorer

 

The "Download Process Explorer (1.8 MB)" on the page is a zip file.  You need to save it then right click and Extract All, Extract.  Then run it by right click and Run As Admin

 

The "Run now from Sysinternals Live." link is the one I gave you.  It seems to be broken which is a shame because the file was not zipped up.

 

Sorry about VEW.  Try:

 

Full Event Log View

http://www.nirsoft.n...t_log_view.html

The download is near the bottom of the page.  Choose the one appropriate for your system.

Download FullEventLogView (32-bit version)
Download FullEventLogView (64-bit version)


Right click on the downloaded file and Extract All, Extract.  Doubleclick on FullEventLogView.exe

Once the program starts:  Options, Advanced Options and in the new window uncheck Informational verbose and Undefined.

Show only events from the last 1 Days

OK

Now Edit, Select All

File, Save Selected Items, to your desktop, call it events,  Save.

Close the program.  You should have a file called events.txt on your desktop.  Open it, Edit, Select All, Ctrl + c to copy and then move to a Reply and Ctrl +v to paste it into the reply.







 


  • 0

#13
RuiPedro

RuiPedro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Thanks again for your patience :)

 

Fast note: It's me accessing the computer with Chrome Remote Desktop.

 

Process Explorer:

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    63.96    52 K    8 K    0            
procexp64.exe    10.50    29.984 K    62.780 K    6152    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
remoting_host.exe    9.49    53.880 K    69.320 K    4288    Processo do Anfitrião    Google Inc.    (Verified) Google Inc
dwm.exe    4.25    85.052 K    56.012 K    380    Gestor de Janelas do Ambiente do Trabalho    Microsoft Corporation    (Verified) Microsoft Windows
remoting_desktop.exe    3.25    14.720 K    46.176 K    6920    Processo de Integração do Ambiente de Trabalho    Google Inc.    (Verified) Google Inc
MsMpEng.exe    1.98    141.352 K    118.032 K    3768    Antimalware Service Executable    Microsoft Corporation    (Verified) Microsoft Corporation
System    1.49    216 K    1.228 K    4            
Interrupts    1.24    0 K    0 K    n/a    Hardware Interrupts and DPCs        
lsass.exe    0.72    7.040 K    14.228 K    728    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
csrss.exe    0.67    2.460 K    4.684 K    572    Processo de Tempo de Execução de Servidor Cliente    Microsoft Corporation    (Verified) Microsoft Windows Publisher
BackupService.exe    0.66    12.028 K    15.252 K    3448    CTERA Agent Service        (Verified) CTERA Networks inc
firefox.exe    0.55    85.896 K    157.652 K    5728    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
CTERAAgent.exe    0.38    14.136 K    16.780 K    10444    CTERA Agent        (Verified) CTERA Networks inc
unit.exe    0.19    12.824 K    19.292 K    4752    Remote Management and Monitoring Component    Comodo Security Solutions, Inc.    (Verified) Comodo Security Solutions
stickies.exe    0.15    9.900 K    23.116 K    9968    Stickies 7.1e    Zhorn Software    (Nenhuma assinatura estava presente no sujeito) Zhorn Software
explorer.exe    0.14    60.548 K    91.412 K    6132    Explorador do Windows    Microsoft Corporation    (Verified) Microsoft Windows
unit_manager.exe    0.12    3.852 K    11.704 K    2104    Remote Management and Monitoring Component    Comodo Security Solutions, Inc.    (Verified) Comodo Security Solutions
RMMRSP.exe    0.04    2.400 K    6.812 K    3676    RMM Remote Screen Protocol Server    Comodo Security Solutions, Inc.    (Verified) Comodo Security Solutions
javaw.exe    0.03    36.384 K    15.388 K    10180    Java™ Platform SE binary    Oracle Corporation    (Verified) Agência para a Modernização Administrativa
csrss.exe    0.03    1.780 K    4.440 K    492    Processo de Tempo de Execução de Servidor Cliente    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.02    8.008 K    14.952 K    972    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
iPodService.exe    0.02    2.244 K    7.296 K    5208    iPodService Module (64-bit)    Apple Inc.    (Verified) Apple Inc.
unit.exe    0.02    8.088 K    20.492 K    2412    Remote Management and Monitoring Component    Comodo Security Solutions, Inc.    (Verified) Comodo Security Solutions
hpqtra08.exe    0.02    8.900 K    15.416 K    9816    HP Digital Imaging Monitor    Hewlett-Packard Co.    (Nenhuma assinatura estava presente no sujeito) Hewlett-Packard Co.
svchost.exe    0.01    2.604 K    8.328 K    2076    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.01    2.044 K    6.600 K    1488    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.01    5.236 K    7.112 K    1380    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe    0.01    3.520 K    7.512 K    3268    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
svchost.exe    < 0.01    6.148 K    13.300 K    3296    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    3.304 K    9.760 K    3396    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchProtocolHost.exe    < 0.01    3.060 K    8.436 K    7076    Microsoft Windows Search Protocol Host    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    3.480 K    9.664 K    5276    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    12.584 K    25.224 K    892    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
TouchpointAnalyticsClientService.exe    < 0.01    41.852 K    25.916 K    5480    HP Touchpoint Analytics Client Service    HP Inc.    (Verified) HP Inc.
jusched.exe    < 0.01    3.080 K    11.948 K    10372    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
iTunesHelper.exe    < 0.01    4.228 K    10.040 K    10036    iTunesHelper    Apple Inc.    (Verified) Apple Inc.
spoolsv.exe    < 0.01    11.432 K    20.792 K    2964    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
wmpnetwk.exe        7.284 K    2.468 K    5944    Serviço de Partilha de Rede do Windows Media Player    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        12.028 K    24.428 K    6800    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        2.644 K    8.220 K    6220    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        2.468 K    8.724 K    11000    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        2.528 K    8.260 K    672    Aplicação de Início de Sessão do Windows    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1.300 K    5.256 K    584    Aplicação de Arranque do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
Video.UI.exe    Suspended    20.508 K    532 K    9008            (Nenhuma assinatura estava presente no sujeito)
taskhostw.exe        9.640 K    18.400 K    3892    Processo Anfitrião para Tarefas do Windows    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4.160 K    10.736 K    3660    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        10.888 K    19.440 K    2692    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.680 K    6.928 K    4588    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4.092 K    11.664 K    10548    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3.244 K    11.548 K    2480    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.940 K    9.608 K    2772    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3.812 K    9.092 K    1700    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        11.980 K    13.628 K    1068    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6.720 K    25.152 K    3188    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6.232 K    14.048 K    2664    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.676 K    7.116 K    1020    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        14.920 K    12.200 K    1220    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.048 K    7.504 K    2096    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        19.324 K    23.068 K    9636    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.864 K    7.680 K    2460    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.176 K    9.284 K    8656    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.564 K    8.516 K    1496    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.876 K    10.212 K    7060    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.216 K    7.664 K    2088    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        27.720 K    34.712 K    3312    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.984 K    6.096 K    3632    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3.836 K    7.804 K    3548    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3.224 K    7.804 K    2016    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.040 K    11.036 K    1148    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        8.144 K    19.088 K    3332    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.976 K    6.964 K    2068    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.576 K    9.848 K    1300    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4.308 K    17.816 K    3792    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.352 K    5.396 K    2112    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.272 K    8.264 K    2060    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.812 K    7.920 K    1868    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5.852 K    14.692 K    3096    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5.060 K    8.544 K    3320    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6.444 K    13.420 K    1228    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.132 K    6.564 K    2720    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3.572 K    11.176 K    7912    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.692 K    10.756 K    6720    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.820 K    8.156 K    2284    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.248 K    8.528 K    10260    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.708 K    5.460 K    2712    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3.952 K    7.836 K    6264    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        992 K    3.532 K    828    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.944 K    6.272 K    1076    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.100 K    8.156 K    1132    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.848 K    6.316 K    1284    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.776 K    5.452 K    1316    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.948 K    7.560 K    1392    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.040 K    8.240 K    1828    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.376 K    10.636 K    1964    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.836 K    7.240 K    2240    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.936 K    6.868 K    2292    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.200 K    8.300 K    2332    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.248 K    10.292 K    2812    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.720 K    5.536 K    3112    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3.752 K    9.956 K    3304    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.308 K    4.692 K    3492    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.452 K    5.456 K    3600    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.328 K    5.084 K    3716    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.616 K    5.812 K    4264    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.340 K    4.912 K    4360    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.780 K    6.964 K    4656    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4.380 K    10.524 K    5720    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.444 K    5.800 K    2820    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.804 K    10.012 K    10996    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2.084 K    7.980 K    10892    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1.496 K    5.692 K    9228    Processo Anfitrião dos Serviços do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SMSvcHost.exe        25.188 K    11.220 K    3576    SMSvcHost.exe    Microsoft Corporation    (Verified) Microsoft Corporation
SMSvcHost.exe        22.592 K    14.160 K    5848    SMSvcHost.exe    Microsoft Corporation    (Verified) Microsoft Corporation
smss.exe        496 K    1.016 K    348    Gestor de Sessões do Windows    Microsoft Corporation    (Verified) Microsoft Windows Publisher
smartscreen.exe        13.544 K    27.160 K    8616    Windows Defender SmartScreen    Microsoft Corporation    (Verified) Microsoft Windows
SkypeBackgroundHost.exe    Suspended    2.008 K    10.488 K    8720    Microsoft Skype    Microsoft Corporation    (Nenhuma assinatura estava presente no sujeito) Microsoft Corporation
SkypeApp.exe    Suspended    15.312 K    648 K    8780    SkypeApp    Microsoft Corporation    (Nenhuma assinatura estava presente no sujeito) Microsoft Corporation
sihost.exe        8.888 K    34.284 K    3076    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
ShellExperienceHost.exe    Suspended    28.820 K    43.796 K    8080    Windows Shell Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
SgrmBroker.exe        2.548 K    4.764 K    11156    Serviço de Mediador de Monitor de Tempo de Execução do System Guard    Microsoft Corporation    (Verified) Microsoft Windows Publisher
services.exe        5.360 K    7.816 K    712    Aplicação de serviços e controlo    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SecurityHealthService.exe        3.988 K    12.532 K    3684    Windows Security Health Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchUI.exe    Suspended    83.664 K    13.716 K    7180    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe        48.968 K    58.656 K    3776    Indexador do Microsoft Windows Search    Microsoft Corporation    (Verified) Microsoft Windows
SearchFilterHost.exe        1.560 K    6.232 K    10652    Microsoft Windows Search Filter Host    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        6.504 K    23.788 K    9264    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        3.756 K    18.084 K    6508    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        8.728 K    19.128 K    7372    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        2.404 K    13.780 K    9540    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        1.884 K    7.504 K    9708    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        6.516 K    12.024 K    8648    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        5.880 K    21.944 K    6388    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RTKAUDIOSERVICE64.EXE        1.644 K    6.024 K    2656    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
remoting_host.exe        4.700 K    9.432 K    3280    Processo do Anfitrião    Google Inc.    (Verified) Google Inc
Registry        3.752 K    20.748 K    88            
OSPPSVC.EXE        3.424 K    11.788 K    2808    Microsoft Office Software Protection Platform Service    Microsoft Corporation    (Verified) Microsoft Corporation
OneDrive.exe        25.744 K    16.572 K    10116    Microsoft OneDrive    Microsoft Corporation    (Verified) Microsoft Corporation
NisSrv.exe        6.664 K    9.372 K    7536    Microsoft Network Realtime Inspection Service    Microsoft Corporation    (Verified) Microsoft Corporation
MSASCuiL.exe        1.956 K    8.016 K    9868    Windows Defender notification icon    Microsoft Corporation    (Verified) Microsoft Windows
mqsvc.exe        4.992 K    10.436 K    3528    Message Queuing Service    Microsoft Corporation    (Verified) Microsoft Windows
Memory Compression        672 K    42.104 K    2216            
mDNSResponder.exe        1.656 K    5.372 K    3288    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
LockApp.exe    Suspended    11.676 K    9.076 K    8572    LockApp.exe    Microsoft Corporation    (Verified) Microsoft Windows
launcher_service_ex.exe        4.496 K    7.132 K    1732    Remote Management and Monitoring Component    Comodo Security Solutions, Inc.    (Verified) Comodo Security Solutions
hpwuschd2.exe        1.228 K    5.676 K    6068    hpwuSchd Application    Hewlett-Packard    (Verified) Hewlett-Packard Company
HPSupportSolutionsFrameworkService.exe        47.480 K    16.952 K    2308    HP Support Solutions Framework Service    HP Inc.    (Verified) HP Inc.
hpqwmiex.exe        1.756 K    8.384 K    9236    HP Software Framework WMI Service    Hewlett-Packard Company    (Verified) Hewlett-Packard Company
hpqste08.exe        4.348 K    12.456 K    10664    HP CUE Status Root    Hewlett-Packard Co.    (Nenhuma assinatura estava presente no sujeito) Hewlett-Packard Co.
hpqgpc01.exe        3.004 K    12.316 K    11060    GPCore COM object    Hewlett-Packard    (Nenhuma assinatura estava presente no sujeito) Hewlett-Packard
hpqbam08.exe        1.596 K    7.092 K    10708    HP CUE Alert Popup Window Objects    Hewlett-Packard Co.    (Nenhuma assinatura estava presente no sujeito) Hewlett-Packard Co.
fontdrvhost.exe        5.432 K    11.176 K    836    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
fontdrvhost.exe        4.872 K    6.552 K    844    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe        136.268 K    213.476 K    8744    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        36.900 K    78.956 K    1484    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        46.100 K    73.800 K    6056    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        19.220 K    48.300 K    7908    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dllhost.exe        1.900 K    8.728 K    10948    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dasHost.exe        6.032 K    11.572 K    3204    Device Association Framework Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
ctfmon.exe        13.432 K    15.628 K    5184    Carregador do CTF    Microsoft Corporation    (Verified) Microsoft Windows
CteraAgentWD.exe        964 K    4.184 K    10264            (Verified) CTERA Networks inc
Calculator.exe    Suspended    15.300 K    10.264 K    8868            (Nenhuma assinatura estava presente no sujeito)
backgroundTaskHost.exe    Suspended    26.116 K    60.316 K    3928    Background Task Host    Microsoft Corporation    (Verified) Microsoft Windows
audiodg.exe        7.332 K    12.332 K    10192    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
armsvc.exe        1.336 K    5.672 K    3260    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
ApplicationFrameHost.exe        13.392 K    29.192 K    9080    Application Frame Host    Microsoft Corporation    (Verified) Microsoft Windows

 

 

 

 

Full Event Log View:

Too big to fit in the reply, I have attached the txt, hope it's ok
 

 

Attached Files


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Chrome Remote is another possible method of getting on your PC so hopefully you have a very strong password for that too.

 

Process Explorer doesn't show anything that shouldn't be there tho Interrupts is a bit high indicating you may have a poorly written driver.  Next time you are at the machine it would be nice to have a Process Explorer log without the remote stuff.  Make sure you give it a full minute to settle before making the log. 

 

Your errors show a lot of WMI errors so let's see if there is anything that needs to be done there:

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type

winmgmt  /verifyrepository

hit Enter.  If it doesn't say:

 

WMI repository is consistent

 

then type

Winmgmt  /salvagerepository

hit Enter.  When it finishes rerun the first command.  If it is still not happy then:

Winmgmt  /resetrepository

  • 0

#15
RuiPedro

RuiPedro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

C:\WINDOWS\system32>winmgmt /verifyrepository
WMI repository is consistent

 

Tomorrow morning (It's 9 pm here now) I'll do another LOCAL process explorer!

 

Thanks


  • 0






Similar Topics


Also tagged with one or more of these keywords: emai, hijack, spam, phishing

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP