Hello,
Somehow my email account is sending spam and phishing, I am sure about this because I get email from my self with phishing messages and I spoke with my ISP and they told me that there are logins in this email account from all over the world.
I tried to change the email password and stopped receiving/sending this kind of emails. For about two weeks. Now it started all over again.
I don't how they get the password for this email account so I am afraid my computer is somehow infected.
Also this email account is ONLY configured in this computer.
Thanks in Advance for any help I can get
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by RuiPedro (administrator) on RUIPEDRO-PC (27-10-2018 10:01:56)
Running from C:\Users\RuiPedro\Desktop
Loaded Profiles: RuiPedro (Available Profiles: RuiPedro)
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service_ex.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\BackupService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\RMMRSP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\plugin Autenticacao.Gov\runtime\jre\bin\javaw.exe
() C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CteraAgentWD.exe
() C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAAgent.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Pura Lógica, Lda.) C:\Program Files (x86)\Pura Lógica\eConnector\eConnector.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\RMM Agent Service\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\RMM Agent Service\unit.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\RMM Agent Service\unit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_desktop.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [*CA] => C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\launcher.exe [51840 2016-08-12] ()
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [CTERA Agent] => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CteraAgentWD.exe [714816 2017-12-07] ()
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\RMMRSP.exe [2814568 2016-03-09] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\...\RunOnce: [*CA] => C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\launcher.exe [51840 2016-08-12] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3111750166-950763653-1138392380-1006\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2018-10-15] (Glarysoft Ltd)
HKU\S-1-5-21-3111750166-950763653-1138392380-1006\...\Run: [pteid] => C:\Autenticacao.gov\pteidguiV2.exe [2336256 2018-08-21] (Portuguese Government)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-01-26]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autenticacao.gov.pt.lnk [2018-10-17]
ShortcutTarget: Autenticacao.gov.pt.lnk -> C:\Program Files (x86)\plugin Autenticacao.Gov\Autenticacao.gov.pt.exe (Agência para a Modernização Administrativa, IP)
Startup: C:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2016-01-22]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 192.168.1.150 SQLSERVER
Tcpip\..\Interfaces\{587b957f-c966-491e-a8c2-206b4ac665e5}: [NameServer] 62.28.116.41,62.28.40.173
Internet Explorer:
==================
HKU\S-1-5-21-3111750166-950763653-1138392380-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-pt/?ocid=iehp
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-19] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
FireFox:
========
FF DefaultProfile: 02zw29cx.default
FF ProfilePath: C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default [2018-10-27]
FF Homepage: Mozilla\Firefox\Profiles\02zw29cx.default -> www.google.com
FF NewTab: Mozilla\Firefox\Profiles\02zw29cx.default -> about:blank
FF Extension: (Alexa Traffic Rank) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2017-01-31] [Legacy]
FF Extension: (autoplay shield-study extension) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2018-10-25]
FF Extension: (Context Menu Image Saver) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2016-09-23] [Legacy]
FF Extension: (Exif Viewer) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2018-06-21]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2018-08-23]
FF Extension: (Save Images) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2017-10-14] [Legacy]
FF Extension: (Google Similar Images) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2016-04-28] [Legacy]
FF Extension: (PageRank Client) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2016-04-27] [Legacy]
FF Extension: (Corretor para Português de Portugal) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2018-04-19] [Legacy]
FF Extension: (The Addon Bar (restored)) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2016-05-04] [Legacy]
FF Extension: (Alexa Sparky) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\[email protected] [2015-11-13] [Legacy]
FF Extension: (Screengrab!) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-10-13]
FF Extension: (Alexa Rank) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\{833523a7-98c7-44a2-a361-579d2b067d45}.xpi [2018-10-12]
FF Extension: (Abduction!) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi [2016-04-27] [Legacy]
FF Extension: (Contextual Google Image Search) - C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\Extensions\{D46504D3-4959-4351-AED6-C7EA276DBB93}.xpi [2018-01-26]
FF SearchPlugin: C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\02zw29cx.default\searchplugins\s-amazon.xml [2013-03-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-01-26] [Legacy] [not signed]
FF HKU\S-1-5-21-3111750166-950763653-1138392380-1006\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Silverlight\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.sapo.pt/
CHR StartupUrls: Default -> "hxxp://www.google.pt/"
CHR Profile: C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default [2018-10-24]
CHR Extension: (Slides) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Docs) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-22]
CHR Extension: (YouTube) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-22]
CHR Extension: (CTERA Edit) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcanilindnkpmffpdadmihenpagcpin [2017-12-05]
CHR Extension: (Google Search) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-22]
CHR Extension: (Adobe Acrobat) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
CHR Extension: (Sheets) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (XKit) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2016-02-12]
CHR Extension: (Chrome Remote Desktop) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-16]
CHR Extension: (Tank Riders) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdmmodjlfegeieihcdcgcalkgmhgmiae [2016-01-22]
CHR Extension: (Google Docs Offline) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-28]
CHR Extension: (Cut the Rope) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2016-01-22]
CHR Extension: (Apps Launcher) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2018-06-15]
CHR Extension: (Google Analytics Debugger) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkmfdileelhofjcijamephohjechhna [2018-09-28]
CHR Extension: (Webcam Toy) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2018-06-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-22]
CHR Extension: (Chrome Media Router) - C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-28]
CHR Profile: C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-29]
CHR HKLM-x32\...\Chrome\Extension: [clcanilindnkpmffpdadmihenpagcpin] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc.)
R2 CLPSLauncherEx; C:\Program Files (x86)\Common Files\COMODO\launcher_service_ex.exe [97952 2016-08-12] (Comodo Security Solutions, Inc.)
R2 CTERA Agent service; C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\BackupService.exe [5541440 2017-12-07] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [143648 2018-01-08] (Maxthon International ltd.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RMMRSP; C:\Program Files (x86)\Common Files\COMODO\RMMRSP.exe [2814568 2016-03-09] (Comodo Security Solutions, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-23] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [28936 2018-08-03] (Glarysoft Ltd)
R3 IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [58880 2008-07-31] (Infineon Technologies AG)
R3 S3XXx64; C:\WINDOWS\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-23] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-23] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-27 10:01 - 2018-10-27 10:02 - 000022455 _____ C:\Users\RuiPedro\Desktop\FRST.txt
2018-10-27 10:01 - 2018-10-27 10:01 - 000000000 ____D C:\FRST
2018-10-27 10:00 - 2018-10-27 10:00 - 002414592 _____ (Farbar) C:\Users\RuiPedro\Desktop\FRST64.exe
2018-10-24 09:03 - 2018-10-24 09:03 - 000001098 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2018-10-22 18:23 - 2018-10-22 18:26 - 000000000 ____D C:\Users\RuiPedro\Desktop\4501440500
2018-10-17 20:47 - 2018-10-17 20:47 - 017367192 _____ (Glarysoft Ltd) C:\Users\RuiPedro\Downloads\Glary_Utilities_v5.107.0.132.exe
2018-10-17 20:41 - 2018-10-17 20:41 - 007799552 _____ (Tim Kosse) C:\Users\RuiPedro\Downloads\FileZilla_3.37.4_win64-setup.exe
2018-10-17 20:41 - 2018-10-17 20:41 - 000001927 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2018-10-17 12:17 - 2018-10-17 12:17 - 001647567 _____ C:\Users\RuiPedro\Downloads\decimalevolution_1.ai
2018-10-17 12:17 - 2018-10-17 12:17 - 000069228 _____ C:\Users\RuiPedro\Downloads\NEOTECHSTD-REGULAR.OTF
2018-10-17 06:41 - 2018-09-21 10:18 - 021386888 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-17 06:41 - 2018-09-21 09:22 - 020381784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-10-17 06:41 - 2018-09-21 05:09 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-10-17 06:41 - 2018-09-21 05:08 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-10-17 06:41 - 2018-09-21 04:41 - 003396096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-10-17 06:41 - 2018-09-20 10:23 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-10-17 06:41 - 2018-09-20 10:22 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-10-17 06:41 - 2018-09-20 10:18 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-10-17 06:41 - 2018-09-20 09:35 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-10-17 06:41 - 2018-09-20 09:34 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-10-17 06:41 - 2018-09-20 05:29 - 006569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-10-17 06:41 - 2018-09-20 05:29 - 006039368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-10-17 06:41 - 2018-09-20 05:21 - 022013440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-10-17 06:41 - 2018-09-20 05:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-10-17 06:41 - 2018-09-20 05:11 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-10-17 06:41 - 2018-09-20 05:09 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-10-17 06:41 - 2018-09-20 05:09 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-10-17 06:41 - 2018-09-20 05:09 - 007432136 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-10-17 06:41 - 2018-09-20 05:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-10-17 06:41 - 2018-09-20 04:53 - 025851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-10-17 06:41 - 2018-09-20 04:46 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-10-17 06:41 - 2018-09-20 04:44 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-10-17 06:41 - 2018-09-20 04:44 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-10-17 06:41 - 2018-09-20 04:42 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-10-17 06:41 - 2018-09-20 04:41 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-10-17 06:41 - 2018-09-20 04:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-17 06:41 - 2018-09-20 04:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-10-17 06:41 - 2018-09-08 09:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-10-17 06:41 - 2018-09-08 09:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-10-17 06:41 - 2018-09-08 09:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-10-17 06:41 - 2018-09-08 09:03 - 002267136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-10-17 06:41 - 2018-09-08 08:58 - 001520744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-10-17 06:41 - 2018-09-08 08:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-10-17 06:41 - 2018-09-08 08:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-10-17 06:41 - 2018-09-08 08:17 - 001540104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-10-17 06:41 - 2018-09-08 08:14 - 001328056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-10-17 06:41 - 2018-09-08 05:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-10-17 06:41 - 2018-09-08 04:57 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-10-17 06:41 - 2018-09-08 04:44 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-10-17 06:41 - 2018-09-08 04:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2018-10-17 06:41 - 2018-09-08 04:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-10-17 06:41 - 2018-09-08 04:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-10-17 06:41 - 2018-09-08 04:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2018-10-17 06:41 - 2018-09-08 04:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-10-17 06:41 - 2018-09-08 04:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-10-17 06:40 - 2018-09-21 10:23 - 000257848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 001786168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 001422648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000399672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-10-17 06:40 - 2018-09-21 10:21 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2018-10-17 06:40 - 2018-09-21 10:21 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2018-10-17 06:40 - 2018-09-21 10:21 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2018-10-17 06:40 - 2018-09-21 10:21 - 000034304 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2018-10-17 06:40 - 2018-09-21 10:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-10-17 06:40 - 2018-09-21 09:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-10-17 06:40 - 2018-09-21 05:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-10-17 06:40 - 2018-09-21 05:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-10-17 06:40 - 2018-09-21 05:12 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-10-17 06:40 - 2018-09-21 05:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-10-17 06:40 - 2018-09-21 05:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-10-17 06:40 - 2018-09-21 05:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-10-17 06:40 - 2018-09-21 05:09 - 001062920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-10-17 06:40 - 2018-09-21 05:09 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-10-17 06:40 - 2018-09-21 05:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-10-17 06:40 - 2018-09-21 05:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-10-17 06:40 - 2018-09-21 05:08 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-10-17 06:40 - 2018-09-21 05:08 - 001257864 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-10-17 06:40 - 2018-09-21 05:08 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-10-17 06:40 - 2018-09-21 05:08 - 000982600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-10-17 06:40 - 2018-09-21 05:08 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-10-17 06:40 - 2018-09-21 05:08 - 000261008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-10-17 06:40 - 2018-09-21 05:08 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-10-17 06:40 - 2018-09-21 05:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-10-17 06:40 - 2018-09-21 04:58 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-10-17 06:40 - 2018-09-21 04:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-10-17 06:40 - 2018-09-21 04:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-10-17 06:40 - 2018-09-21 04:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-10-17 06:40 - 2018-09-21 04:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-10-17 06:40 - 2018-09-21 04:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-10-17 06:40 - 2018-09-21 04:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-10-17 06:40 - 2018-09-21 04:42 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-10-17 06:40 - 2018-09-21 04:40 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-10-17 06:40 - 2018-09-21 04:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-10-17 06:40 - 2018-09-21 04:39 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-10-17 06:40 - 2018-09-21 04:39 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-10-17 06:40 - 2018-09-21 04:39 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-10-17 06:40 - 2018-09-21 04:38 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-10-17 06:40 - 2018-09-21 04:38 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-10-17 06:40 - 2018-09-21 04:37 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-10-17 06:40 - 2018-09-21 04:37 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-10-17 06:40 - 2018-09-21 04:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-10-17 06:40 - 2018-09-21 04:37 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-10-17 06:40 - 2018-09-21 04:36 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-10-17 06:40 - 2018-09-21 04:36 - 001034240 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-10-17 06:40 - 2018-09-21 04:36 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-10-17 06:40 - 2018-09-21 04:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-10-17 06:40 - 2018-09-21 04:36 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-10-17 06:40 - 2018-09-20 10:40 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-10-17 06:40 - 2018-09-20 10:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-17 06:40 - 2018-09-20 10:19 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-10-17 06:40 - 2018-09-20 10:18 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-10-17 06:40 - 2018-09-20 10:18 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-10-17 06:40 - 2018-09-20 10:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-17 06:40 - 2018-09-20 10:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-17 06:40 - 2018-09-20 10:17 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-10-17 06:40 - 2018-09-20 10:17 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-10-17 06:40 - 2018-09-20 10:16 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-17 06:40 - 2018-09-20 09:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-17 06:40 - 2018-09-20 09:30 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-10-17 06:40 - 2018-09-20 09:29 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-10-17 06:40 - 2018-09-20 09:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-17 06:40 - 2018-09-20 09:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-17 06:40 - 2018-09-20 09:28 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2018-10-17 06:40 - 2018-09-20 07:43 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-10-17 06:40 - 2018-09-20 06:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-10-17 06:40 - 2018-09-20 05:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-17 06:40 - 2018-09-20 05:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-17 06:40 - 2018-09-20 05:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-10-17 06:40 - 2018-09-20 05:28 - 001129544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-10-17 06:40 - 2018-09-20 05:28 - 000581792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-10-17 06:40 - 2018-09-20 05:28 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-10-17 06:40 - 2018-09-20 05:17 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-10-17 06:40 - 2018-09-20 05:13 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-10-17 06:40 - 2018-09-20 05:12 - 000272200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-10-17 06:40 - 2018-09-20 05:12 - 000269128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-10-17 06:40 - 2018-09-20 05:11 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-10-17 06:40 - 2018-09-20 05:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-10-17 06:40 - 2018-09-20 05:11 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-10-17 06:40 - 2018-09-20 05:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-10-17 06:40 - 2018-09-20 05:10 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-17 06:40 - 2018-09-20 05:10 - 001221128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-10-17 06:40 - 2018-09-20 05:10 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-10-17 06:40 - 2018-09-20 05:10 - 000566800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-10-17 06:40 - 2018-09-20 05:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-17 06:40 - 2018-09-20 05:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-17 06:40 - 2018-09-20 05:10 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-10-17 06:40 - 2018-09-20 05:10 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-10-17 06:40 - 2018-09-20 05:09 - 002825232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-10-17 06:40 - 2018-09-20 05:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-17 06:40 - 2018-09-20 05:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-17 06:40 - 2018-09-20 05:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-17 06:40 - 2018-09-20 05:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-10-17 06:40 - 2018-09-20 05:09 - 001097744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-10-17 06:40 - 2018-09-20 05:09 - 000885952 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-10-17 06:40 - 2018-09-20 05:09 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-17 06:40 - 2018-09-20 05:09 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-10-17 06:40 - 2018-09-20 05:09 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-17 06:40 - 2018-09-20 05:08 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-10-17 06:40 - 2018-09-20 04:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe
2018-10-17 06:40 - 2018-09-20 04:42 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-10-17 06:40 - 2018-09-20 04:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-10-17 06:40 - 2018-09-20 04:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-10-17 06:40 - 2018-09-20 04:41 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-10-17 06:40 - 2018-09-20 04:41 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-10-17 06:40 - 2018-09-20 04:41 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-10-17 06:40 - 2018-09-20 04:40 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-10-17 06:40 - 2018-09-20 04:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-10-17 06:40 - 2018-09-20 04:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-17 06:40 - 2018-09-20 04:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-17 06:40 - 2018-09-20 04:37 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-17 06:40 - 2018-09-20 04:36 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-10-17 06:40 - 2018-09-20 03:21 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-10-17 06:40 - 2018-09-20 02:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-17 06:40 - 2018-09-08 09:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-10-17 06:40 - 2018-09-08 09:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-10-17 06:40 - 2018-09-08 09:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-10-17 06:40 - 2018-09-08 09:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-10-17 06:40 - 2018-09-08 09:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-10-17 06:40 - 2018-09-08 09:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-10-17 06:40 - 2018-09-08 09:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-10-17 06:40 - 2018-09-08 09:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-10-17 06:40 - 2018-09-08 08:58 - 001639352 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-10-17 06:40 - 2018-09-08 08:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-10-17 06:40 - 2018-09-08 08:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-10-17 06:40 - 2018-09-08 08:43 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-10-17 06:40 - 2018-09-08 08:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
2018-10-17 06:40 - 2018-09-08 08:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-10-17 06:40 - 2018-09-08 08:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-10-17 06:40 - 2018-09-08 08:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-10-17 06:40 - 2018-09-08 08:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
2018-10-17 06:40 - 2018-09-08 08:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-10-17 06:40 - 2018-09-08 08:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-10-17 06:40 - 2018-09-08 08:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-10-17 06:40 - 2018-09-08 08:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2018-10-17 06:40 - 2018-09-08 08:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-10-17 06:40 - 2018-09-08 08:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2018-10-17 06:40 - 2018-09-08 08:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2018-10-17 06:40 - 2018-09-08 08:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-10-17 06:40 - 2018-09-08 08:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-10-17 06:40 - 2018-09-08 08:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-10-17 06:40 - 2018-09-08 08:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-10-17 06:40 - 2018-09-08 08:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-10-17 06:40 - 2018-09-08 08:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-10-17 06:40 - 2018-09-08 08:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-10-17 06:40 - 2018-09-08 08:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-10-17 06:40 - 2018-09-08 08:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-10-17 06:40 - 2018-09-08 08:13 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-10-17 06:40 - 2018-09-08 08:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-10-17 06:40 - 2018-09-08 08:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-10-17 06:40 - 2018-09-08 08:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-10-17 06:40 - 2018-09-08 08:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-10-17 06:40 - 2018-09-08 08:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2018-10-17 06:40 - 2018-09-08 07:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-10-17 06:40 - 2018-09-08 07:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-10-17 06:40 - 2018-09-08 07:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-10-17 06:40 - 2018-09-08 07:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-10-17 06:40 - 2018-09-08 07:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-10-17 06:40 - 2018-09-08 07:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-10-17 06:40 - 2018-09-08 07:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-10-17 06:40 - 2018-09-08 07:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-10-17 06:40 - 2018-09-08 07:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-10-17 06:40 - 2018-09-08 07:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-10-17 06:40 - 2018-09-08 07:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2018-10-17 06:40 - 2018-09-08 07:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-10-17 06:40 - 2018-09-08 04:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-10-17 06:40 - 2018-09-08 04:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-10-17 06:40 - 2018-09-08 04:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-10-17 06:40 - 2018-09-08 04:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-10-17 06:40 - 2018-09-08 04:58 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-10-17 06:40 - 2018-09-08 04:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-10-17 06:40 - 2018-09-08 04:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-10-17 06:40 - 2018-09-08 04:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-10-17 06:40 - 2018-09-08 04:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2018-10-17 06:40 - 2018-09-08 04:57 - 000267576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-10-17 06:40 - 2018-09-08 04:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-10-17 06:40 - 2018-09-08 04:45 - 000295416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-10-17 06:40 - 2018-09-08 04:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-10-17 06:40 - 2018-09-08 04:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-10-17 06:40 - 2018-09-08 04:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-10-17 06:40 - 2018-09-08 04:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2018-10-17 06:40 - 2018-09-08 04:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-10-17 06:40 - 2018-09-08 04:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-10-17 06:40 - 2018-09-08 04:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-10-17 06:40 - 2018-09-08 04:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2018-10-17 06:40 - 2018-09-08 04:30 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-10-17 06:40 - 2018-09-08 04:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2018-10-17 06:40 - 2018-09-08 04:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2018-10-17 06:40 - 2018-09-08 04:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-10-17 06:40 - 2018-09-08 04:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2018-10-17 06:40 - 2018-09-08 04:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-10-17 06:40 - 2018-09-08 04:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-10-17 06:40 - 2018-09-08 04:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-10-17 06:40 - 2018-09-08 04:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-10-17 06:40 - 2018-09-08 04:28 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-10-17 06:40 - 2018-09-08 04:28 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-10-17 06:40 - 2018-09-08 04:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
2018-10-17 06:40 - 2018-09-08 04:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-10-17 06:40 - 2018-09-08 04:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-10-17 06:40 - 2018-09-08 04:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2018-10-17 06:40 - 2018-09-08 04:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2018-10-17 06:40 - 2018-09-08 04:27 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-10-17 06:40 - 2018-09-08 04:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-10-17 06:40 - 2018-09-08 04:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-10-17 06:40 - 2018-09-08 04:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-10-17 06:40 - 2018-09-08 04:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-10-17 06:40 - 2018-09-08 04:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-10-17 06:40 - 2018-09-08 04:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
2018-10-17 06:40 - 2018-09-08 04:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2018-10-17 06:40 - 2018-09-08 04:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-10-17 06:40 - 2018-09-08 04:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2018-10-17 06:40 - 2018-09-08 04:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-10-17 06:40 - 2018-09-08 04:25 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-10-17 06:40 - 2018-09-08 04:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
2018-10-17 06:40 - 2018-09-08 04:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-10-17 06:40 - 2018-09-08 04:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2018-10-17 06:40 - 2018-09-08 04:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2018-10-17 06:40 - 2018-09-08 04:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2018-10-17 06:40 - 2018-09-08 04:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2018-10-17 06:40 - 2018-09-08 04:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2018-10-17 06:40 - 2018-09-08 04:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll
2018-10-17 06:40 - 2018-09-08 04:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-10-15 10:50 - 2018-10-24 00:27 - 000000000 ____D C:\Users\RuiPedro\Documents\Decimal Evolution
2018-10-09 11:20 - 2018-10-09 11:26 - 000287976 _____ C:\TDSSKiller.3.1.0.17_09.10.2018_11.20.27_log.txt
2018-10-09 11:20 - 2018-10-09 11:20 - 004949824 _____ (AO Kaspersky Lab) C:\Users\RuiPedro\Downloads\tdsskiller.exe
2018-10-08 23:11 - 2018-10-08 23:11 - 007592144 _____ (Malwarebytes) C:\Users\RuiPedro\Downloads\adwcleaner_7.2.4.0.exe
2018-10-08 22:56 - 2018-10-08 22:56 - 000000000 ____D C:\Users\RuiPedro\AppData\Local\ESET
2018-10-08 22:55 - 2018-10-08 22:55 - 006981240 _____ (ESET spol. s r.o.) C:\Users\RuiPedro\Downloads\esetonlinescanner_enu.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-27 09:58 - 2016-11-18 16:19 - 000000000 ____D C:\Users\RuiPedro\AppData\LocalLow\Mozilla
2018-10-27 09:49 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-27 09:48 - 2016-01-21 15:33 - 000000000 ____D C:\Users\RuiPedro\Documents\Outlook Files
2018-10-27 09:40 - 2018-05-09 06:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-27 09:01 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-27 09:01 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-27 00:34 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-10-26 17:50 - 2016-01-21 18:01 - 000000000 ____D C:\Users\RuiPedro\Desktop\PROP
2018-10-26 10:32 - 2016-01-22 13:34 - 000000000 ____D C:\Users\RuiPedro\AppData\Local\CutePDF Writer
2018-10-26 09:30 - 2016-02-01 17:28 - 000001662 _____ C:\Users\RuiPedro\Desktop\eConnector.lnk
2018-10-26 03:33 - 2017-10-03 09:37 - 000000000 ____D C:\Users\RuiPedro\AppData\Local\GoToMeeting
2018-10-25 10:50 - 2018-07-30 13:25 - 000001379 _____ C:\Users\Public\Desktop\Skype.lnk
2018-10-25 10:50 - 2018-07-30 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-10-25 10:50 - 2016-01-21 16:26 - 000000000 ____D C:\Users\RuiPedro\AppData\Roaming\Skype
2018-10-25 10:40 - 2016-01-13 18:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-25 10:39 - 2017-06-30 14:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-10-25 10:39 - 2016-01-13 18:21 - 000001257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-10-24 17:33 - 2018-05-09 06:41 - 000003842 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3111750166-950763653-1138392380-1006
2018-10-24 17:33 - 2018-05-09 06:41 - 000003746 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3111750166-950763653-1138392380-1006
2018-10-24 17:33 - 2017-10-03 09:37 - 000000676 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3111750166-950763653-1138392380-1006.job
2018-10-24 17:33 - 2017-10-03 09:37 - 000000580 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3111750166-950763653-1138392380-1006.job
2018-10-24 13:05 - 2016-01-22 18:50 - 000000000 ____D C:\Users\RuiPedro\Documents\Estagios
2018-10-24 09:17 - 2018-05-09 06:41 - 000003272 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRuiPedro
2018-10-24 09:17 - 2018-01-04 11:43 - 000000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRuiPedro.job
2018-10-24 09:03 - 2016-02-17 13:34 - 000001110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2018-10-24 09:03 - 2016-02-17 13:33 - 000000000 ____D C:\Program Files\Paint.NET
2018-10-24 00:18 - 2018-07-05 10:52 - 000000000 ____D C:\Users\RuiPedro\Documents\PixelDestaque
2018-10-23 18:35 - 2018-02-22 01:08 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-10-23 16:57 - 2018-07-10 02:38 - 000000000 ____D C:\ProgramData\Packages
2018-10-22 17:37 - 2016-04-29 17:16 - 000000000 ____D C:\Users\RuiPedro\AppData\Roaming\FileZilla
2018-10-22 12:16 - 2016-01-22 18:21 - 000000000 ____D C:\Users\RuiPedro\.gls
2018-10-22 11:25 - 2016-10-12 09:52 - 000000000 ____D C:\Users\RuiPedro\Desktop\Tabelas Fornecedores
2018-10-19 12:00 - 2018-03-13 14:23 - 000002154 _____ C:\Users\RuiPedro\Desktop\GLS.lnk
2018-10-19 11:36 - 2016-01-22 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-19 11:36 - 2016-01-22 18:14 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-19 11:34 - 2016-01-22 18:14 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-10-17 20:48 - 2018-08-03 13:30 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2018-10-17 20:47 - 2018-08-03 13:30 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2018-10-17 20:46 - 2016-12-30 01:46 - 000000000 ____D C:\Users\RuiPedro\AppData\Roaming\vlc
2018-10-17 20:44 - 2016-06-03 16:28 - 000000000 ____D C:\Users\RuiPedro\AppData\Local\CrashDumps
2018-10-17 20:43 - 2018-05-09 06:29 - 001946294 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-10-17 20:43 - 2018-04-12 17:42 - 000832542 _____ C:\WINDOWS\system32\prfh0816.dat
2018-10-17 20:43 - 2018-04-12 17:42 - 000180212 _____ C:\WINDOWS\system32\prfc0816.dat
2018-10-17 20:43 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-10-17 20:41 - 2017-03-17 18:32 - 000000000 ____D C:\Users\RuiPedro\AppData\Local\FileZilla
2018-10-17 20:41 - 2016-04-29 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-10-17 20:41 - 2016-04-29 17:27 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2018-10-17 20:35 - 2018-09-20 20:41 - 000001677 _____ C:\Users\RuiPedro\Desktop\Disco Virtual.lnk
2018-10-17 20:35 - 2018-08-22 19:04 - 000000000 ____D C:\Users\RuiPedro\AppData\Roaming\plugin Autenticacao.Gov
2018-10-17 20:35 - 2016-01-22 18:11 - 000000000 ____D C:\Users\RuiPedro\AppData\Roaming\stickies
2018-10-17 20:34 - 2018-05-09 06:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-17 20:34 - 2018-05-09 06:27 - 000366632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-17 20:34 - 2017-10-26 08:39 - 000000000 ___RD C:\Users\RuiPedro\3D Objects
2018-10-17 20:34 - 2016-11-22 16:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-10-17 20:34 - 2016-09-16 14:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-17 20:33 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-10-17 20:33 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-10-17 20:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-10-17 20:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-10-17 20:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-10-17 20:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-17 20:33 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-10-17 20:33 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-10-17 06:54 - 2016-01-12 17:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-17 06:52 - 2016-01-12 17:55 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-17 06:50 - 2009-07-14 03:34 - 000000513 _____ C:\WINDOWS\win.ini
2018-10-16 05:05 - 2010-11-21 04:27 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-10-12 16:20 - 2018-07-06 14:31 - 000000000 ___RD C:\Users\RuiPedro\Documents\Scanned Documents
2018-10-12 13:21 - 2016-01-26 12:23 - 000000000 ____D C:\Users\RuiPedro\Documents\Minhas digitalizações
2018-10-09 07:35 - 2016-09-19 12:38 - 000000000 ___RD C:\Users\RuiPedro\Desktop\DT
2018-10-09 03:11 - 2018-05-09 06:41 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3111750166-950763653-1138392380-1006
2018-10-09 03:11 - 2018-05-09 06:34 - 000002467 _____ C:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-09 03:11 - 2016-09-16 15:07 - 000000000 ___RD C:\Users\RuiPedro\OneDrive
2018-10-08 23:13 - 2018-02-01 12:31 - 000000000 ____D C:\AdwCleaner
2018-10-02 21:13 - 2018-04-12 00:41 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-10-02 21:13 - 2018-04-12 00:41 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-27 13:54 - 2016-01-22 18:45 - 000000000 ____D C:\Users\RuiPedro\Documents\bancos
==================== Files in the root of some directories =======
2016-01-25 18:12 - 2016-01-25 18:12 - 000007605 _____ () C:\Users\RuiPedro\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2018-10-17 20:35 - 2018-10-17 20:35 - 000018008 ____N () C:\Users\RuiPedro\AppData\Local\Temp\detectReader326460370468397998873.dll
2018-10-24 00:07 - 2018-10-24 00:07 - 007858216 _____ () C:\Users\RuiPedro\AppData\Local\Temp\paint.net.4.1.2.install.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-09 06:27
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by RuiPedro (27-10-2018 10:03:30)
Running from C:\Users\RuiPedro\Desktop
Windows 10 Pro Version 1803 17134.345 (X64) (2018-05-09 05:42:15)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-3111750166-950763653-1138392380-500 - Administrator - Disabled)
Caos (S-1-5-21-3111750166-950763653-1138392380-1004 - Limited - Enabled)
Convidado (S-1-5-21-3111750166-950763653-1138392380-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-3111750166-950763653-1138392380-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3111750166-950763653-1138392380-1002 - Limited - Enabled)
RuiPedro (S-1-5-21-3111750166-950763653-1138392380-1006 - Administrator - Enabled) => C:\Users\RuiPedro
Sysop (S-1-5-21-3111750166-950763653-1138392380-1003 - Administrator - Enabled)
WDAGUtilityAccount (S-1-5-21-3111750166-950763653-1138392380-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Analizador y SDK de MSXML 4.0 SP2 (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assistente de Atualização do Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Autenticação.Gov 3.0.14 (build 5561) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F205561}) (Version: 3.0.5561 - Portuguese Government)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Chilkat Crypt ActiveX (HKLM-x32\...\{E796DF56-2808-424E-8E73-833C046B8BB0}) (Version: 4.4.8 - Chilkat Software Inc)
Chilkat HTTP ActiveX (HKLM-x32\...\{EE0523D7-7268-4587-A4EF-8682B41D2ABC}) (Version: 9.4.0 - Chilkat Software Inc)
Chrome Remote Desktop Host (HKLM-x32\...\{F51A03C4-2DD0-43B0-900F-EAD1C45DC542}) (Version: 71.0.3578.15 - Google Inc.)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Disco Virtual 360 (HKLM-x32\...\{38bda00c-347a-4f25-b312-d5f7a0ff39d7}) (Version: 5.6.3131 - PT-Empresas)
DJ_AIO_03_F4200_Software_Min (HKLM-x32\...\{363CEA5C-C9D0-45DD-9511-A461DBDEE94B}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
F4200 (HKLM-x32\...\{C2524280-A5CF-4458-B809-167F13FAB56D}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
FastStone Image Viewer 5.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.7 - FastStone Soft)
FileZilla Client 3.37.4 (HKLM-x32\...\FileZilla Client) (Version: 3.37.4 - Tim Kosse)
Glary Utilities 5.107 (HKLM-x32\...\Glary Utilities 5) (Version: 5.107.0.132 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 8.36.1.10903 (HKU\S-1-5-21-3111750166-950763653-1138392380-1006\...\GoToMeeting) (Version: 8.36.1.10903 - LogMeIn, Inc.)
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{7463C61B-A36C-47BC-8E16-701EBC34C26F}) (Version: 12.9.24.3 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.8 - Intel)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Malwarebytes versão 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3111750166-950763653-1138392380-1006\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM-x32\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 63.0 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0 (x64 en-US)) (Version: 63.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.0.6865 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 pt-PT) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 pt-PT)) (Version: 52.8.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.1.5.2000 - Maxthon International Limited)
Pacote de controladores do Windows - Estado Português SmartCard (07/26/2016 4.0.0.3) (HKLM\...\FE243E41772876B005E5C788B4B7DF2E9914C241) (Version: 07/26/2016 4.0.0.3 - Estado Português)
paint.net (HKLM\...\{FC1BF7F0-A83E-464A-8D59-FCEB5FA582AB}) (Version: 4.1.2 - dotPDN LLC)
PHC 18 (HKLM-x32\...\{C9028CA5-DB59-4903-BD43-023A1D3939F0}_is1) (Version: 18 - PHC)
PHC Controls for CS (HKLM-x32\...\{C574973A-0FCC-4559-8606-E6664B141F8D}) (Version: 17.0 - PHC)
PHC CS 19 (HKLM-x32\...\{2888D0AD-4C14-409C-AAB5-090F555DB7C0}_is1) (Version: 19 - PHC)
PHC CS 20 (HKLM-x32\...\{8A1A3280-DDE2-4035-BC21-8ADA6E0F774D}_is1) (Version: 20 - PHC)
plugin Autenticação.Gov (HKLM-x32\...\{78D56187-E252-44F5-A344-5172A04350A3}) (Version: 2.0.31 - Agência para a Modernização Administrativa)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
RMM Agent Service (HKLM\...\{378B301A-477D-4303-8846-15224892C2B2}) (Version: 6.1.524 - Comodo Security Solutions Inc)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Sentinel Protection Installer 7.6.5 (HKLM-x32\...\{DE09967A-E9E2-4562-A58D-989CA70FA65E}) (Version: 7.6.5 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype versão 8.33 (HKLM-x32\...\Skype_is1) (Version: 8.33 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SSDlife Pro (HKLM-x32\...\{6F104B6D-535A-4D27-9A11-8525368AEB1F}) (Version: 2.5.82 - BinarySense Inc.)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
Suporte para Aplicações Apple (32-bits) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Suporte para Aplicações Apple (64-bits) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ CTERA_Backup] -> {42782684-F29F-4425-ADFF-39050E37105E} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ShellIconOverlayIdentifiers: [ CTERA_error] -> {2541846f-31fd-4811-91db-6d78bf3e43b9} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ShellIconOverlayIdentifiers: [ CTERA_IncludeBackup] -> {07E032ED-45F7-424A-86B9-DF916F1245CD} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ShellIconOverlayIdentifiers: [ CTERA_NotSynced] -> {2074142E-089E-4CA3-9842-4B0C5220D466} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ShellIconOverlayIdentifiers: [ CTERA_Synced] -> {B2B81867-2E6F-402A-8962-EF878D403262} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ContextMenuHandlers1: [CTERA] -> {42782684-F29F-4425-ADFF-39050E37105E} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers2: [CTERA] -> {42782684-F29F-4425-ADFF-39050E37105E} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [CTERA] -> {42782684-F29F-4425-ADFF-39050E37105E} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ContextMenuHandlers5: [CTERA] -> {42782684-F29F-4425-ADFF-39050E37105E} => C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll [2017-12-07] ()
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0491F1FD-D2BA-4778-9811-01913BDC12AA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {08E1E6E0-0EEE-445F-B9A8-ADC5AA2FA2A5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {090D6130-09FA-4A2F-B20C-E9F34FA7B1DD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {0DB855C9-0632-43CD-B004-E177E72D39E1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {11FA80E1-25E4-45EA-8838-2F185FCA2FF6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1726FA22-A049-4BF7-8B9A-6E2DC07C45AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {320E55ED-43C3-42BB-943F-B5BA4E469069} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {37362195-C187-42C0-8C88-5E28FE49737C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)
Task: {39669084-0EAA-46A8-BA05-4720561C5648} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {3973ED8C-F238-46D5-8C5D-7F1F8A7D6DC0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-22] ()
Task: {3A44238D-EA5B-49B6-9CDC-78A7050CCF34} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3E05D855-D3E6-47E0-8878-21F4C6C47E62} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {44BDDC9C-40F3-49C5-9A51-0D91A476F78F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {4653BEE4-DF91-48CC-BB7A-5DA8F6FF185C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {48320C61-299B-4680-92A0-267ACD8C62A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
Task: {4852EA3B-0BD6-41EE-90AB-6E51FC8CCD69} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {551BFD8D-3BDD-43DF-B618-8266681F2222} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)
Task: {58C5874A-A67C-4F40-AEDC-73D36E940523} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {5D2EA505-0002-40B2-A38F-8703A99F9529} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5E7845B7-596B-4132-A0CD-7E80E41CB1CF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {63AB110A-48F3-4470-B186-7B99F1E735E5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {65FFC615-5F27-492C-8AF5-962A26EDE743} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {6B465911-6A5C-418B-99F2-259A83A7F06B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {6BB446A9-AA47-43F2-A001-6AB15250AE3E} - System32\Tasks\G2MUploadTask-S-1-5-21-3111750166-950763653-1138392380-1006 => C:\Users\RuiPedro\AppData\Local\GoToMeeting\10903\g2mupload.exe [2018-10-24] (LogMeIn, Inc.)
Task: {71F12D8D-2152-4D5E-A288-D1BDB09EBC36} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {82B4EF1D-EFD4-4599-820B-E82D4BE21EFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {8BBACD97-7304-42EA-B7D4-CDFBCEBC722B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {971F8149-7718-40AA-A848-599A7B31F7A5} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {98B1FA75-CF1D-41FD-BB8E-657F03722836} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {98D39798-5223-427B-A907-4DAC39C4162D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9F82687A-A2C8-4EB7-B201-4C200AFDDC32} - System32\Tasks\COMODO RMM SERVICE => net [Argument = START CLPSLauncherEx]
Task: {A03C3C6D-E786-4C79-80C8-62631F00974E} - System32\Tasks\HPCeeScheduleForRuiPedro => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {A2F18595-F97C-4BF6-8C79-BC001346DA52} - System32\Tasks\G2MUpdateTask-S-1-5-21-3111750166-950763653-1138392380-1006 => C:\Users\RuiPedro\AppData\Local\GoToMeeting\10903\g2mupdate.exe [2018-10-24] (LogMeIn, Inc.)
Task: {B39DF0E1-4B8F-4ADC-89A1-B2280B71B416} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BB86EE18-AF63-4BF4-86E0-90D80BEAEA3F} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [2018-01-08] (Maxthon International ltd.)
Task: {BC170FC0-DD24-483D-8B0C-132A749AB6C0} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BC76CFC8-8AEF-4639-B35F-E408964A9A78} - System32\Tasks\{312C8181-607E-47D7-B6A0-C999EE1805E6} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {C5AF56CD-1428-4898-861E-0B950036ADB7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C930B00E-6E6E-456B-B291-A09548C33C81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D7148084-0382-4692-87F6-5A921F136D2B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D8D903E0-9C7C-458F-AF85-1D4E0C491F1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {DB6682D5-EAF2-4DFA-B4C0-C7856130390D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DE21DC8A-1196-479C-91A5-877905E78A5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {E14D6595-A7BD-4754-BF4E-BCE959CCB6DB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {E6C0637B-95A8-4E35-83D3-E6F922A68038} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {E845471C-AF4C-4550-9202-843C8780EB70} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EAB5F695-9E2C-45C2-8F19-C0E1C72DA8B4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EB4E2464-F202-49FF-80B7-363DC85635EA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {EF615657-4DD0-45FD-8E8A-E714328461D9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F2B4D8F3-DCCB-43D6-B826-251EB3E7FB21} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {FC5C950A-1DAA-4E73-B8DE-B849B09772FA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FD959ED3-8620-4CEC-BE61-4D95AE294B35} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3111750166-950763653-1138392380-1006.job => C:\Users\RuiPedro\AppData\Local\GoToMeeting\10903\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3111750166-950763653-1138392380-1006.job => C:\Users\RuiPedro\AppData\Local\GoToMeeting\10903\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRuiPedro.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\RuiPedro\Desktop\GLS.lnk -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://unique.gls-holding.net/UniStart/uniconnectaccess/jnlp/uniconnectaccess.jnlp "C:\Users\RuiPedro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\209951e94-181be
ShortcutWithArgument: C:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Tank Riders.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gdmmodjlfegeieihcdcgcalkgmhgmiae
==================== Loaded Modules (Whitelisted) ==============
2016-01-22 13:33 - 2016-01-19 21:27 - 000088496 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-02-15 22:01 - 2016-02-15 22:01 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-07 12:45 - 2017-12-07 12:45 - 005541440 _____ () C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\BackupService.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-12-07 12:45 - 2017-12-07 12:45 - 002335808 _____ () C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CTERAShell64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-04 15:50 - 2018-10-04 15:50 - 000054440 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2018-10-17 06:40 - 2018-09-20 04:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-07 12:45 - 2017-12-07 12:45 - 000714816 _____ () C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CteraAgentWD.exe
2017-12-07 12:45 - 2017-12-07 12:45 - 001155136 _____ () C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CteraAgent.exe
2018-10-23 16:56 - 2018-10-23 16:57 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-10-23 16:56 - 2018-10-23 16:57 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-10-23 16:56 - 2018-10-23 16:57 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-23 16:56 - 2018-10-23 16:57 - 010978304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-10-23 16:56 - 2018-10-23 16:57 - 002810368 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\skypert.dll
2018-10-23 16:56 - 2018-10-23 16:57 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-10-23 16:56 - 2018-10-23 16:57 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-09-22 10:41 - 2018-09-22 10:41 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-09-22 10:41 - 2018-09-22 10:41 - 069128192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-04 11:03 - 2017-10-04 11:04 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-09-22 10:41 - 2018-09-22 10:41 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-08-29 18:55 - 2018-08-29 18:56 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-04 11:32 - 2018-05-04 11:32 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-08-29 18:55 - 2018-08-29 18:56 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-05 08:20 - 2018-04-05 08:21 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-08-16 20:28 - 2018-08-16 20:28 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-08-16 20:28 - 2018-08-16 20:28 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-09-22 10:41 - 2018-09-22 10:41 - 014171648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-08-29 18:55 - 2018-08-29 18:56 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-09-22 10:41 - 2018-09-22 10:41 - 002866176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-29 18:55 - 2018-08-29 18:56 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 18:20 - 2018-07-26 18:20 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-16 17:31 - 2018-10-16 17:31 - 004183040 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-09-26 03:03 - 2018-09-26 03:03 - 004472952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2011-05-20 14:31 - 2011-05-20 14:31 - 002869248 _____ () C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\QtCore4.dll
2011-05-20 14:34 - 2011-05-20 14:34 - 001277440 _____ () C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\QtNetwork4.dll
2011-05-20 14:52 - 2011-05-20 14:52 - 010445312 _____ () C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\QtGui4.dll
2016-08-12 14:12 - 2016-08-12 14:12 - 000195048 _____ () C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\LibNtlm.dll
2016-08-12 14:11 - 2016-08-12 14:11 - 000045160 _____ () C:\PROGRAM FILES\COMODO\RMM AGENT SERVICE\imageformats\qgif4.dll
2018-10-17 20:35 - 2018-10-17 20:35 - 000018008 ____N () C:\Users\RuiPedro\AppData\Local\Temp\detectReader326460370468397998873.dll
2018-07-30 13:25 - 2018-10-19 18:09 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-10-25 10:50 - 2018-10-19 18:09 - 002363960 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2018-10-25 10:50 - 2018-10-19 18:09 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-10-25 10:50 - 2018-10-19 18:09 - 000094152 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\skype-coexistence\build\Release\coexistence.node
2018-10-25 10:50 - 2018-10-19 18:09 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-10-25 10:50 - 2018-10-19 18:09 - 000081864 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
2018-07-30 13:25 - 2018-10-19 18:09 - 002723872 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-07-30 13:25 - 2018-10-19 18:09 - 000031776 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-10-25 10:50 - 2018-10-19 18:09 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-10-25 10:50 - 2018-10-19 18:09 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\RuiPedro\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\RuiPedro\Desktop\pdat.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\RuiPedro\Desktop\pdat.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\RuiPedro\Downloads\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\RuiPedro\Documents\Tribunal-LENOVO:com.dropbox.attributes [168]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-3111750166-950763653-1138392380-1006\...\skype.com -> hxxps://apps.skype.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-12-30 00:12 - 2016-12-30 00:12 - 000000849 _____ C:\WINDOWS\system32\Drivers\etc\hosts
192.168.1.150 SQLSERVER
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3111750166-950763653-1138392380-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\RuiPedro\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{35decd5c-8622-456e-890d-6f0a175ac32a}.jpg
DNS Servers: 62.28.116.41 - 62.28.40.173
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{0AB56CFE-1DEF-4A86-91E5-EC48DA9A541E}C:\users\ruipedro\desktop\anydesk.exe] => (Allow) C:\users\ruipedro\desktop\anydesk.exe
FirewallRules: [TCP Query User{6656E34A-426D-4FA5-B6B2-CE49D8A1B30F}C:\users\ruipedro\desktop\anydesk.exe] => (Allow) C:\users\ruipedro\desktop\anydesk.exe
FirewallRules: [UDP Query User{8A18FE40-2F7F-49DB-B5EF-95B4D1E21CCA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{1D5F06F9-FEB8-4D1D-BE76-B48963B567C6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{CA56C7BC-975F-425A-98F0-8B97B76559BF}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{04FF5C3A-768C-4DC3-9895-359784117AE7}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{20BA6EE3-1544-4E7B-BCB6-074B741F9DD9}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{06B71A07-9A22-4F60-BD57-2E324DF745FD}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [UDP Query User{8CE20380-655A-482A-80AB-F5BB3B710936}C:\users\ruipedro\desktop\anydesk.exe] => (Allow) C:\users\ruipedro\desktop\anydesk.exe
FirewallRules: [TCP Query User{763AD000-C21C-46ED-A7B8-F2535F728510}C:\users\ruipedro\desktop\anydesk.exe] => (Allow) C:\users\ruipedro\desktop\anydesk.exe
FirewallRules: [UDP Query User{5E2AF437-CF6A-4E1B-94BE-D67DE6F735E0}C:\program files (x86)\stickies\stickies.exe] => (Allow) C:\program files (x86)\stickies\stickies.exe
FirewallRules: [TCP Query User{62492946-7846-49AA-959C-71662D09422B}C:\program files (x86)\stickies\stickies.exe] => (Allow) C:\program files (x86)\stickies\stickies.exe
FirewallRules: [{CA8EA60C-2B89-483B-AF7C-A82464E5E14A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B333779A-6DBA-42CF-9CF3-4D4B70156C2D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{61D5A923-61A7-4815-A9B1-61BA289F2FFC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34046A40-2146-426E-BBD1-54E23CFC3AB8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D44E2499-B8FF-4A4E-BC4C-76CAE6281E08}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1855531E-652A-4394-909C-CABBE50A32B5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE49EEE5-F614-4B42-A871-9B5AFE43A379}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{18C12486-1CCC-49C7-B8F4-A55F3C0EF925}C:\program files (x86)\stickies\stickies.exe] => (Allow) C:\program files (x86)\stickies\stickies.exe
FirewallRules: [UDP Query User{5876C0DC-B7D4-412F-9AB7-C6B70461E419}C:\program files (x86)\stickies\stickies.exe] => (Allow) C:\program files (x86)\stickies\stickies.exe
FirewallRules: [{A14D47AF-E7BA-43D0-9FDE-8395F206C9BA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C0E4B8A0-871F-4EBA-9928-29C44457FB7F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{7D1DC600-C606-4863-B9B7-6F63F81586C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{AC8714D4-9398-485C-A54E-EC43268C8247}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{FC2102DF-01B3-4B87-9A35-89FAE47035EB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{76B8D304-A6E7-4FBC-B04B-591794C3EEB4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9F593E56-524D-402F-9CCE-254A9E3D83C5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{0DE4F1DD-DA45-42A1-BFD9-173BF3B2C11B}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{3BAE9E65-BF13-41AD-A577-8AB35A7DB396}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{2BD5FF2C-3859-4809-8C99-43FCA75E81A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{38704E68-658B-47E6-A95F-FCB7E1B1EE98}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{C4EED3B8-ABEF-427E-9668-D89923F914E4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{BF1C7C02-98F0-4A78-9613-1F9284077BAA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{EA075539-30E0-4BC6-B89C-0D32A73C68A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3AAEA0BC-9B5B-447C-8AC3-842FA24BBB9F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{670990EB-2950-4668-A81C-A5441687A722}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{4B5F8C88-381B-4F35-8EA2-9B1C777D213D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{C2E9AB37-FC4E-44D0-9692-E7A259223925}C:\users\ruipedro\downloads\anydesk.exe] => (Allow) C:\users\ruipedro\downloads\anydesk.exe
FirewallRules: [UDP Query User{46B3FF1E-D3D8-4F9E-AB40-C14286C90B8A}C:\users\ruipedro\downloads\anydesk.exe] => (Allow) C:\users\ruipedro\downloads\anydesk.exe
FirewallRules: [{35445675-6AEA-4395-80CD-30084E6ED6FA}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{66E4BDC2-24CF-459F-88C5-C4EEFA592972}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{878D7C91-905D-4956-B724-4103092EFBA5}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{2A73B192-E6C1-410F-A1F7-1601580D14C6}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{CB52C344-5155-4ABE-B377-C21EA83DD151}] => (Allow) C:\Program Files\COMODO\RMM Agent Service\unit.exe
FirewallRules: [TCP Query User{73C6578D-FD2B-40B1-956C-601B05D24D16}E:\program files\mirc\mirc.exe] => (Allow) E:\program files\mirc\mirc.exe
FirewallRules: [UDP Query User{3C4BB2F7-EA31-48A2-AC85-395D10E33939}E:\program files\mirc\mirc.exe] => (Allow) E:\program files\mirc\mirc.exe
FirewallRules: [{A3B3B4D9-79FB-4427-9303-A11BA2F4062F}] => (Allow) C:\Program Files\COMODO\RMM Agent Service\unit.exe
FirewallRules: [{8FEF46C2-0C01-44C0-9808-7C964E9113FA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{93FB2506-C6BD-470A-89EE-D2528CCE0DA5}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{CD14733B-A5C5-4650-8C79-3F18FDB85C77}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{678428AC-350C-4855-A278-92773D1385A7}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
==================== Restore Points =========================
17-10-2018 09:22:47 Instalador de Módulos do Windows
18-10-2018 10:34:39 Instalador de Módulos do Windows
19-10-2018 12:34:39 Instalador de Módulos do Windows
20-10-2018 14:34:39 Instalador de Módulos do Windows
21-10-2018 16:34:39 Instalador de Módulos do Windows
22-10-2018 18:34:39 Instalador de Módulos do Windows
24-10-2018 20:34:46 Instalador de Módulos do Windows
25-10-2018 22:34:44 Instalador de Módulos do Windows
27-10-2018 00:34:44 Instalador de Módulos do Windows
==================== Faulty Device Manager Devices =============
Name: Rato Compatível com PS/2
Description: Rato Compatível com PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/24/2018 09:03:06 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópia sombra de volumes: Erro inesperado ao chamar a rotina QueryFullProcessImageNameW. hr = 0x80070006, O identificador é inválido.
.
Operação:
A Executar Operação [bleep]íncrona
Contexto:
Estado Atual: DoSnapshotSet
Error: (10/17/2018 08:44:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: vlc.exe, versão: 2.2.4.0, carimbo de data/hora: 0x00000004
Nome do módulo com falha: msvcrt.dll, versão: 7.0.17134.1, carimbo de data/hora: 0xc5dd3631
Código de exceção: 0xc0000005
Desvio de falha: 0x00067c97
ID do processo com falha: 0x224c
Hora de início da aplicação com falha: 0x01d46651ae35917e
Caminho da aplicação com falha: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Caminho do módulo com falha: C:\WINDOWS\System32\msvcrt.dll
ID do Relatório: 73902831-4ada-4fe9-a8c7-7c64e15ae8ab
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:
Error: (10/08/2018 10:56:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: vlc.exe, versão: 2.2.4.0, carimbo de data/hora: 0x00000004
Nome do módulo com falha: msvcrt.dll, versão: 7.0.17134.1, carimbo de data/hora: 0xc5dd3631
Código de exceção: 0xc0000005
Desvio de falha: 0x00067c97
ID do processo com falha: 0x4bc
Hora de início da aplicação com falha: 0x01d45f51c4424a46
Caminho da aplicação com falha: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Caminho do módulo com falha: C:\WINDOWS\System32\msvcrt.dll
ID do Relatório: da4ed9b3-39e6-474b-8dff-44aa812456df
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:
Error: (09/20/2018 08:39:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: phccorporate.exe, versão: 23.0.358.0, carimbo de data/hora: 0x47139f24
Nome do módulo com falha: MFC42.DLL, versão: 6.6.8063.0, carimbo de data/hora: 0x77d7520f
Código de exceção: 0xc000041d
Desvio de falha: 0x00029152
ID do processo com falha: 0xec8
Hora de início da aplicação com falha: 0x01d450398b0e40cd
Caminho da aplicação com falha: C:\PHC\PHCPRG\phccorporate.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\MFC42.DLL
ID do Relatório: 3c580b89-3a72-4e6e-892c-20946ceb4393
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:
Error: (09/20/2018 08:39:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: phccorporate.exe, versão: 23.0.358.0, carimbo de data/hora: 0x47139f24
Nome do módulo com falha: MFC42.DLL, versão: 6.6.8063.0, carimbo de data/hora: 0x77d7520f
Código de exceção: 0xc0000005
Desvio de falha: 0x00029152
ID do processo com falha: 0xec8
Hora de início da aplicação com falha: 0x01d450398b0e40cd
Caminho da aplicação com falha: C:\PHC\PHCPRG\phccorporate.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\MFC42.DLL
ID do Relatório: a4e0d504-fc9d-4e93-a2d0-d48f43fd0a85
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:
Error: (09/12/2018 12:06:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa phccorporate.exe versão 23.0.358.0 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo de Segurança e Manutenção.
ID do Processo: 2414
Hora de Início: 01d448ef7a3607b8
Hora de Cessação: 217
Caminho da Aplicação: C:\PHC\PHCPRG\phccorporate.exe
ID do Relatório: 504e292a-3716-4f16-b794-9e13dd26fdfc
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:
Error: (08/24/2018 03:58:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa hpqkygrp.exe versão 13.0.0.131 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo de Segurança e Manutenção.
ID do Processo: 31a4
Hora de Início: 01d43bafa15e2973
Hora de Cessação: 10
Caminho da Aplicação: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
ID do Relatório: eafe9cff-1974-4552-a6e1-417e612ba690
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:
Error: (08/24/2018 03:58:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: CteraAgent.exe, versão: 0.0.0.0, carimbo de data/hora: 0x5a020d23
Nome do módulo com falha: ntdll.dll, versão: 10.0.17134.228, carimbo de data/hora: 0x2c71c7b8
Código de exceção: 0xc0000005
Desvio de falha: 0x00061d89
ID do processo com falha: 0x3650
Hora de início da aplicação com falha: 0x01d43bbaf11ed16a
Caminho da aplicação com falha: C:\Program Files (x86)\PT-Empresas\Disco Virtual 360\CteraAgent.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\ntdll.dll
ID do Relatório: ba28d807-1812-4444-8044-ef2bfb948e99
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:
System errors:
=============
Error: (10/27/2018 09:53:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço eapihdrv falhou o arranque devido ao seguinte erro:
O carregamento deste controlador foi bloqueado
Error: (10/27/2018 09:53:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\RuiPedro\AppData\Local\Temp\ehdrv.sys
Error: (10/27/2018 09:53:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço eapihdrv falhou o arranque devido ao seguinte erro:
O carregamento deste controlador foi bloqueado
Error: (10/27/2018 09:53:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\RuiPedro\AppData\Local\Temp\ehdrv.sys
Error: (10/27/2018 09:53:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço eapihdrv falhou o arranque devido ao seguinte erro:
O carregamento deste controlador foi bloqueado
Error: (10/27/2018 09:53:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\RuiPedro\AppData\Local\Temp\ehdrv.sys
Error: (10/27/2018 09:53:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço eapihdrv falhou o arranque devido ao seguinte erro:
O carregamento deste controlador foi bloqueado
Error: (10/27/2018 09:53:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\RuiPedro\AppData\Local\Temp\ehdrv.sys
Windows Defender:
===================================
Date: 2018-10-19 13:04:07.088
Description:
Antivírus do Windows Defender detetou um comportamento suspeito.
Nome: Informational:Behavior/ModifiedKernel
ID: 34308026
Gravidade: Baixa
Categoria: Comportamento Suspeito
Caminho Encontrado: process:_0
Início de Deteção: Desconhecido
Tipo de Deteção: Suspeito
Origem de Deteção: Proteção em Tempo Real
Estado: A executar
Utilizador: Unknown\Unknown
Nome do Processo: Unknown
ID da Assinatura: 717259538435
Versão da Assinatura: AV: 1.279.62.0, AS: 1.279.62.0
Versão do Motor: 1.1.15400.4
Etiqueta de Fidelidade: Baixo
Nome do Ficheiro de Destino:
Date: 2018-10-18 10:38:19.753
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {1CE8E3C2-8EF7-4249-AFA9-2E59E2DC4513}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM
Date: 2018-10-17 09:39:38.447
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {23A60BC7-BAC4-4335-955A-1C2C3BEB60EA}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM
Date: 2018-10-17 09:24:55.697
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {9B708B6F-4289-4D85-861D-99BFC28512EF}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM
Date: 2018-10-08 19:08:15.673
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {C853D5B8-C752-4661-B67E-98A149C7199C}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM
CodeIntegrity:
===================================
Date: 2018-10-18 02:44:47.513
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-18 02:44:47.480
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-18 02:44:47.447
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-18 02:44:47.383
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-18 02:44:47.371
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-18 02:44:47.359
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-18 02:44:46.369
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2018-10-18 02:44:46.238
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 71%
Total physical RAM: 3991.24 MB
Available physical RAM: 1133.27 MB
Total Virtual: 8087.24 MB
Available Virtual: 4200.19 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:223.03 GB) (Free:103.24 GB) NTFS
Drive e: (OLD C) (Fixed) (Total:134.94 GB) (Free:52.66 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_RECOVERY) (Fixed) (Total:12.05 GB) (Free:6.63 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (OS_TOOLS) (Fixed) (Total:1.95 GB) (Free:1.74 GB) NTFS
\\?\Volume{6aae7c3a-ad9b-11e5-bceb-806e6f6e6963}\ (Sistema Reservado) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{2bd2c32a-0000-0000-0000-50c837000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 3833069C)
Partition 1: (Active) - (Size=134.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=72)
==================== End of Addition.txt ============================