Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I have a virus pls help me

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I have a virus pls help me

Unread postby jhon244 » July 17th, 2020, 11:16 am

when I open my task manager my cpu is at 100 per cent then it goes down to 2.
I think it is a trojan for mining bitcoin but I dont really understand how to remove it, any help would be appreciated
God bless you


FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by cabec (administrator) on DESKTOP-MQCUIRU (ASUSTeK COMPUTER INC. GS GS30) (17-07-2020 15:02:10)
Running from C:\Users\cabec\Downloads
Loaded Profiles: cabec
Platform: Windows 10 Home Version 1809 17763.914 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <26>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Kristjan Skutta -> ) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\cabec\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Spotify AB -> Spotify Ltd) C:\Users\cabec\AppData\Roaming\Spotify\Spotify.exe <5>
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Zemana D.O.O. Sarajevo -> Zemana Ltd.) C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [749512 2018-08-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Discord] => C:\Users\cabec\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Spotify] => C:\Users\cabec\AppData\Roaming\Spotify\Spotify.exe [23330024 2020-07-10] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Steam] => C:\Users\cabec\Pictures\steam\steam.exe [3376416 2020-07-09] (Valve -> Valve Corporation)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [WallpaperEngine] => C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\wallpaper32.exe [2887160 2020-07-12] (Kristjan Skutta -> )
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32339344 2020-06-23] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [7675360 2020-06-17] (GlassWire -> SecureMix LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-24] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10B369E2-9561-4834-B2E2-AE1548B7A964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {11FAC390-8444-4F1B-A572-E1236FF01B95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1B4C39BA-DACF-4FFC-91E5-C3BA371E7524} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {317B3AC1-9E00-42C6-BDE6-B0A149E4EACB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {33B3E5DD-4C3F-472F-A658-08E1D30CD10F} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [659520 2019-11-04] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {373C59AB-BC3C-443F-BF78-B830426D5E17} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BF4D48B-BBD5-4A14-BAF3-9F5CDAC7CEDF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {54F25868-3D1C-42C4-8CCE-DDA3832689DE} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [659520 2019-11-04] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {70789B62-1E4A-4B6B-9FBD-281F7C6CA368} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8652E09D-FF89-4DDA-8090-04685F2DC308} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {900D8489-CF6D-436E-86F2-D6A9295B3050} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [491320 2020-05-12] (Bitdefender SRL -> Bitdefender)
Task: {943785C0-5024-4113-84CD-09D2097BC973} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {96771905-0661-406E-A19F-DD6CB5619695} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {990E3F72-BB51-402A-A1E9-8DA750F3960D} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {9F584B90-D989-4EDA-92FB-AA9A005B131E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-26] (Google Inc -> Google LLC)
Task: {A5C9B9D9-CBA8-4A26-B4D1-EE05BE3978EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-26] (Google Inc -> Google LLC)
Task: {B6B5345C-4BC6-44B2-88CD-85AB59171087} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B938375F-A09F-4113-ADEE-E0E686B28D78} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE1B5949-93C3-43C3-AC04-6AF343518ACF} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ECB1EDFD-9E29-41E3-ADEB-77C26B74993D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FD663655-8394-4219-BE57-88748A0C6780} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{13636716-f8ba-4148-be78-b443fc47f947}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{19a10513-7b53-490a-8a61-1cfe829c00f8}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{b82b7d28-f146-43ef-a62d-c6ae0af56bd4}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2020-06-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-06-17] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-06-20] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-06-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-06-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-06-20] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3266803249-1906538077-2635784554-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\cabec\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-11] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default [2020-07-17]
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://www.pcdiga.com
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.photopea.com/promo/icon512.png
CHR Extension: (Google Drive) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-11-26]
CHR Extension: (YouTube) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-11-26]
CHR Extension: (pro grey) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhpebdanojkmhbbneclbkmpleemilaj [2020-05-11]
CHR Extension: (Photopea) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdklklfpinionkgpmghaghehojplfjio [2020-07-14]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-26]
CHR Extension: (Gmail) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-27]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8615864 2020-06-23] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-26] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [5448672 2020-06-17] (GlassWire -> SecureMix LLC)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [162392 2020-04-19] (SurfRight B.V. -> SurfRight B.V.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-19] (Malwarebytes Inc -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1352120 2020-05-12] (Bitdefender SRL -> Bitdefender)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1711232 2020-06-25] (Rockstar Games, Inc. -> Rockstar Games)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2019-12-02] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 AdobeUpdateService; "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2020-07-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-06-01] (ASUSTeK Computer Inc. -> )
R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
S3 dpclat_driver; C:\Windows\system32\drivers\dpclat_driver.sys [21232 2019-12-02] (Thesycon Systemsoftware Consulting GmbH -> Thesycon GmbH)
R3 e1rexpress; C:\Windows\System32\drivers\e1r65x64.sys [548800 2018-05-03] (Intel(R) INTELNPG1 -> Intel Corporation)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-06-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-06-06] (Malwarebytes Inc -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\nvlddmkm.sys [23287696 2020-03-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvModuleTracker; C:\Windows\System32\drivers\NvModuleTracker.sys [50592 2020-03-04] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [67456 2020-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [90168 2020-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 UcmCxUcsiNvppc; C:\Windows\System32\drivers\UcmCxUcsiNvppc.sys [715680 2019-11-21] (NVIDIA Corporation -> NVIDIA Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45664 2019-12-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [355760 2019-12-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-03] (Microsoft Windows -> Microsoft Corporation)
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\R:\Faclog\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-17 15:02 - 2020-07-17 15:02 - 000021277 _____ C:\Users\cabec\Downloads\FRST.txt
2020-07-17 15:02 - 2020-07-17 15:02 - 000000000 ____D C:\FRST
2020-07-17 15:01 - 2020-07-17 15:01 - 002292736 _____ (Farbar) C:\Users\cabec\Downloads\FRST64.exe
2020-07-17 14:55 - 2020-07-17 14:55 - 000049228 _____ C:\ProgramData\agent.uninstall.1594994103.bdinstall.v2.bin
2020-07-17 14:42 - 2020-07-17 14:42 - 000000250 _____ C:\Users\cabec\Desktop\VIRUS FREE.reg
2020-07-17 14:35 - 2020-07-17 14:35 - 020327732 _____ C:\Users\cabec\Desktop\registry backup.reg
2020-07-17 14:24 - 2020-07-17 14:24 - 000000000 ____D C:\Windows\pss
2020-07-14 17:50 - 2020-07-15 17:15 - 000000000 ____D C:\Windows\Minidump
2020-07-14 17:18 - 2020-07-17 15:02 - 000471256 _____ C:\Windows\ZAM.krnl.trace
2020-07-14 17:18 - 2020-07-17 14:50 - 000000000 ____D C:\Users\cabec\AppData\Local\AMSDK
2020-07-14 17:18 - 2020-07-14 17:18 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2020-07-14 17:18 - 2020-07-14 17:18 - 000003558 _____ C:\Windows\system32\Tasks\AMHelper
2020-07-14 17:18 - 2020-07-14 17:18 - 000002680 _____ C:\Windows\system32\Tasks\AMSkipUAC
2020-07-14 17:18 - 2020-07-14 17:18 - 000001340 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2020-07-14 17:18 - 2020-07-14 17:18 - 000001340 _____ C:\ProgramData\Desktop\Zemana AntiMalware.lnk
2020-07-14 17:18 - 2020-07-14 17:18 - 000000000 ____D C:\Users\cabec\AppData\Local\Zemana
2020-07-14 17:18 - 2020-07-14 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2020-07-14 17:18 - 2020-07-14 17:18 - 000000000 ____D C:\Program Files (x86)\Zemana
2020-07-14 17:17 - 2020-07-14 17:17 - 012741568 _____ (Zemana Ltd. ) C:\Users\cabec\Downloads\AntiMalware_Setup.exe
2020-07-14 16:57 - 2020-07-14 16:57 - 000000797 _____ C:\Users\cabec\Documents\hosts.txt
2020-07-14 15:52 - 2020-07-16 19:11 - 000000150 _____ C:\Windows\Reimage.ini
2020-07-14 15:51 - 2020-07-17 14:47 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2020-07-14 15:51 - 2020-07-14 17:44 - 000611598 _____ C:\Windows\ntbtlog.txt
2020-07-14 08:26 - 2020-07-14 08:38 - 000000881 _____ C:\Users\cabec\Desktop\exame 2013.txt
2020-07-14 07:57 - 2020-07-14 07:57 - 000003802 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2020-07-14 07:56 - 2020-07-14 07:56 - 000001203 _____ C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2020-07-14 07:56 - 2020-07-14 07:56 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2020-07-14 07:55 - 2020-07-17 14:55 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2020-07-14 07:55 - 2020-07-14 07:56 - 000000000 ____D C:\Program Files\Bitdefender Agent
2020-07-14 07:55 - 2020-07-14 07:55 - 000115192 _____ C:\ProgramData\agent.1594709704.bdinstall.v2.bin
2020-07-14 07:55 - 2020-07-14 07:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-07-14 07:55 - 2020-07-14 07:55 - 000000000 ____D C:\ProgramData\Bitdefender
2020-07-14 07:54 - 2020-07-14 07:54 - 012444368 _____ C:\Users\cabec\Downloads\bitdefender_online.exe
2020-07-14 07:37 - 2020-07-14 07:38 - 000000000 ____D C:\Users\cabec\AppData\Local\glasswire
2020-07-14 07:37 - 2020-07-14 07:37 - 048212664 _____ (SecureMix LLC) C:\Users\cabec\Downloads\GlassWireSetup.exe
2020-07-14 07:37 - 2020-07-14 07:37 - 000001981 _____ C:\Users\Public\Desktop\GlassWire.lnk
2020-07-14 07:37 - 2020-07-14 07:37 - 000001981 _____ C:\ProgramData\Desktop\GlassWire.lnk
2020-07-14 07:37 - 2020-07-14 07:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2020-07-14 07:37 - 2020-07-14 07:37 - 000000000 ____D C:\ProgramData\GlassWire
2020-07-14 07:37 - 2020-07-14 07:37 - 000000000 ____D C:\Program Files (x86)\GlassWire
2020-07-14 07:37 - 2015-05-29 08:30 - 000008392 _____ C:\Windows\system32\Drivers\gwdrv.cat
2020-07-14 07:37 - 2015-05-29 08:15 - 000033152 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2020-07-14 07:30 - 2020-07-14 07:30 - 008751634 _____ C:\Users\cabec\Desktop\DESKTOP-MQCUIRU.arn
2020-07-14 07:24 - 2020-07-14 07:24 - 000755576 _____ (Sysinternals - www.sysinternals.com) C:\Users\cabec\Downloads\autoruns.exe
2020-07-14 07:24 - 2020-07-14 07:24 - 000755576 _____ (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\autoruns (1).exe
2020-07-14 07:00 - 2020-07-14 08:24 - 000003975 _____ C:\Users\cabec\Desktop\exame 2015.txt
2020-07-14 05:17 - 2020-07-14 06:59 - 000002184 _____ C:\Users\cabec\Desktop\exame 2016.txt
2020-07-13 15:19 - 2020-07-14 07:19 - 000090168 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
2020-07-13 15:19 - 2020-07-13 15:19 - 001567005 _____ C:\Users\cabec\Downloads\ProcessMonitor.zip
2020-07-13 15:19 - 2020-07-13 15:19 - 000000000 ____D C:\Users\cabec\Downloads\ProcessMonitor
2020-07-13 15:19 - 2019-12-10 22:42 - 002181504 ____N (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\Procmon.exe
2020-07-13 15:19 - 2019-12-10 22:42 - 000063582 ____N C:\Users\cabec\Desktop\procmon.chm
2020-07-13 15:19 - 2019-12-10 22:38 - 001177168 ____N (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\Procmon64.exe
2020-07-13 15:19 - 2018-09-28 01:55 - 000007490 ____N C:\Users\cabec\Desktop\Eula.txt
2020-07-13 14:51 - 2020-07-13 19:15 - 000003527 _____ C:\Users\cabec\Desktop\exame 2017.txt
2020-07-13 14:05 - 2020-07-13 14:05 - 000001375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2020-07-13 14:05 - 2020-07-13 14:05 - 000001363 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2020-07-13 14:05 - 2020-07-13 14:05 - 000001363 _____ C:\ProgramData\Desktop\Adobe Creative Cloud.lnk
2020-07-13 12:06 - 2020-07-13 12:06 - 000000027 _____ C:\Users\cabec\Desktop\exame 2014.txt
2020-07-13 11:45 - 2020-07-13 11:45 - 002101330 _____ C:\Users\cabec\Desktop\Resumos HCA.pdf
2020-07-12 16:22 - 2020-07-12 16:22 - 002101330 _____ C:\Users\cabec\Downloads\Resumos HCA.pdf
2020-07-10 13:54 - 2020-07-10 13:54 - 000758323 _____ C:\Users\cabec\Downloads\Archive-69bc.zip
2020-07-10 13:54 - 2020-07-10 13:54 - 000758128 _____ C:\Users\cabec\Downloads\2020-07-10 13.51.58.heic
2020-07-10 13:54 - 2020-07-10 13:54 - 000000000 ____D C:\Users\cabec\Downloads\Archive-69bc
2020-07-09 13:21 - 2020-07-09 13:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2020-07-09 13:14 - 2020-07-09 13:22 - 000000000 ____D C:\Program Files (x86)\Overwatch
2020-07-07 09:47 - 2020-03-04 13:54 - 001804784 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2020-07-07 09:47 - 2020-03-04 13:54 - 000050592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\Users\cabec\AppData\LocalLow\Blizzard Entertainment
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\Users\cabec\AppData\Local\Blizzard
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2020-07-05 20:46 - 2020-07-05 20:48 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2020-06-29 20:44 - 2020-06-29 20:44 - 806409556 _____ C:\Users\cabec\Downloads\VIDEO RENDER.mp4
2020-06-28 21:39 - 2020-07-10 12:14 - 000000000 ____D C:\Users\cabec\AppData\Local\Battle.net
2020-06-28 21:39 - 2020-07-05 20:44 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Battle.net
2020-06-28 21:39 - 2020-06-28 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2020-06-28 21:34 - 2020-06-28 21:34 - 004902896 _____ (Blizzard Entertainment) C:\Users\cabec\Downloads\Battle.net-Setup (1).exe
2020-06-26 01:23 - 2020-06-26 01:24 - 006088416 _____ (Cfx.re) C:\Users\cabec\Downloads\FiveM.exe
2020-06-26 01:23 - 2020-06-26 01:23 - 008556152 _____ (cfx-collective) C:\Users\cabec\Downloads\FiveM (1).exe
2020-06-25 02:06 - 2020-06-25 02:06 - 004902896 _____ (Blizzard Entertainment) C:\Users\cabec\Downloads\Battle.net-Setup.exe
2020-06-23 15:19 - 2020-06-23 15:22 - 000000000 ____D C:\ProgramData\Epic
2020-06-23 15:19 - 2020-06-23 15:19 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2020-06-23 15:19 - 2020-06-23 15:19 - 000000000 ____D C:\Program Files (x86)\Epic Games
2020-06-23 15:16 - 2020-06-23 15:16 - 044257280 _____ C:\Users\cabec\Downloads\EpicInstaller-10.17.0.msi
2020-06-21 03:12 - 2020-06-21 03:12 - 071170399 _____ C:\Users\cabec\Downloads\y2mate.com - David Carreira - A Força Está em Nós (Ft. Snoop Dogg) - Videoclip Oficial_Mc8IgVWpdeo_1080p (1).mp4
2020-06-21 03:11 - 2020-06-21 03:11 - 071170399 _____ C:\Users\cabec\Downloads\y2mate.com - David Carreira - A Força Está em Nós (Ft. Snoop Dogg) - Videoclip Oficial_Mc8IgVWpdeo_1080p.mp4
2020-06-21 02:41 - 2020-06-21 02:41 - 000474573 _____ C:\Users\cabec\Downloads\y2mate.com - É o Conan!!!_MREH0EYn47g_360p.mp4
2020-06-19 20:15 - 2020-06-19 20:15 - 001397166 _____ C:\Users\cabec\Downloads\Shui hua piou piou bei feng shou shou tian de yi pian cheng mao.mp4
2020-06-17 17:28 - 2020-06-17 17:28 - 000227201 _____ C:\Users\cabec\Downloads\Horario Julho.pdf
2020-06-17 17:13 - 2020-06-17 17:13 - 003843584 _____ C:\Users\cabec\Downloads\axonom ortogonais11def.pps
2020-06-17 01:38 - 2020-06-17 01:38 - 000000000 ____D C:\Users\cabec\AppData\Roaming\WinRAR
2020-06-17 01:36 - 2020-06-17 01:36 - 005033806 _____ C:\Users\cabec\Downloads\OptiFine_1.15.2_HD_U_G1_pre26_MOD.jar
2020-06-17 01:34 - 2020-06-17 01:38 - 000000000 ____D C:\Users\cabec\Downloads\SEUS-Renewed-v1.0.1
2020-06-17 01:34 - 2020-06-17 01:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-06-17 01:34 - 2020-06-17 01:34 - 003218976 _____ (Alexander Roshal) C:\Users\cabec\Downloads\winrar-x64-590.exe
2020-06-17 01:34 - 2020-06-17 01:34 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-06-17 01:34 - 2020-06-17 01:34 - 000000000 ____D C:\Program Files\WinRAR
2020-06-17 01:32 - 2020-06-17 01:32 - 000114344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Sun
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\Users\cabec\AppData\LocalLow\Sun
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\ProgramData\Oracle
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\Program Files (x86)\Java
2020-06-17 01:30 - 2020-06-17 01:30 - 002066568 _____ (Oracle Corporation) C:\Users\cabec\Downloads\JavaSetup8u251.exe
2020-06-17 01:29 - 2020-06-17 01:30 - 005551647 _____ C:\Users\cabec\Downloads\preview_OptiFine_1.15.2_HD_U_G1_pre26.jar
2020-06-17 01:28 - 2020-06-17 01:28 - 007062638 _____ C:\Users\cabec\Downloads\SEUS-Renewed-v1.0.1.zip
2020-06-17 01:12 - 2020-06-17 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-06-17 00:26 - 2020-07-11 11:48 - 000000000 ____D C:\Users\cabec\Desktop\Jogos

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-17 15:00 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-17 14:56 - 2018-12-07 00:39 - 000840852 _____ C:\Windows\system32\PerfStringBackup.INI
2020-07-17 14:56 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2020-07-17 14:55 - 2018-09-15 08:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-07-17 14:52 - 2019-05-15 12:00 - 000000000 ____D C:\ProgramData\NVIDIA
2020-07-17 14:50 - 2020-05-28 17:56 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Spotify
2020-07-17 14:50 - 2020-05-28 17:56 - 000000000 ____D C:\Users\cabec\AppData\Local\Spotify
2020-07-17 14:50 - 2019-11-26 22:30 - 000000000 ___RD C:\Users\cabec\OneDrive
2020-07-17 14:50 - 2018-12-07 00:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-07-17 14:49 - 2018-09-15 07:09 - 000786432 _____ C:\Windows\system32\config\BBI
2020-07-17 14:25 - 2019-11-27 14:52 - 000012149 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1
2020-07-17 14:25 - 2019-11-27 01:17 - 000018385 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
2020-07-17 14:25 - 2019-11-27 01:17 - 000017429 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
2020-07-17 14:23 - 2019-11-27 01:17 - 000001206 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1
2020-07-17 14:23 - 2018-09-15 07:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-07-17 14:09 - 2018-12-07 00:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-07-16 15:47 - 2019-11-26 22:30 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3266803249-1906538077-2635784554-1001
2020-07-16 15:47 - 2019-11-26 22:27 - 000002374 _____ C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-07-14 19:36 - 2019-11-26 22:27 - 000000000 ____D C:\Users\cabec
2020-07-14 18:58 - 2019-11-27 23:23 - 000000000 ____D C:\Program Files\Rockstar Games
2020-07-14 18:58 - 2019-11-27 23:23 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-07-14 17:00 - 2020-01-30 19:47 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Adobe
2020-07-14 16:14 - 2019-12-22 17:11 - 000000000 ___RD C:\Users\cabec\Creative Cloud Files
2020-07-14 08:04 - 2020-04-19 19:38 - 000000000 ____D C:\AdwCleaner
2020-07-13 15:08 - 2019-12-02 18:31 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-07-13 15:08 - 2019-12-02 18:31 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-07-13 14:52 - 2019-11-27 01:27 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Discord
2020-07-13 14:17 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2020-07-13 14:08 - 2020-06-05 11:33 - 000000000 ____D C:\Users\cabec\AppData\Local\Adobe
2020-07-13 14:07 - 2020-06-05 11:33 - 000000000 ____D C:\ProgramData\Adobe
2020-07-13 14:07 - 2019-12-02 18:31 - 000003522 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2020-07-13 14:05 - 2019-12-02 18:32 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-07-13 14:05 - 2019-12-02 18:30 - 000000000 ____D C:\Program Files\Adobe
2020-07-13 14:05 - 2019-12-02 18:29 - 000000000 ____D C:\Program Files (x86)\Adobe
2020-07-13 14:03 - 2019-12-01 17:35 - 000000000 ____D C:\Users\cabec\AppData\Roaming\WhatsApp
2020-07-11 11:26 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-08 16:48 - 2020-04-07 07:27 - 000000000 ____D C:\Users\cabec\AppData\Local\WhatsApp
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:01 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:01 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-07-01 01:14 - 2019-11-27 01:17 - 000012150 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1
2020-06-28 21:49 - 2020-03-15 18:02 - 000000000 ____D C:\Program Files (x86)\Battle.net
2020-06-28 18:14 - 2019-12-02 21:42 - 000000000 ____D C:\Users\cabec\AppData\Roaming\obs-studio
2020-06-28 16:19 - 2019-11-27 01:05 - 000000000 ____D C:\Users\cabec\AppData\Roaming\.minecraft
2020-06-27 01:39 - 2020-03-15 14:57 - 000000000 ____D C:\Users\cabec\AppData\Local\FiveM
2020-06-26 01:52 - 2020-03-15 15:02 - 000000000 ____D C:\Users\cabec\AppData\Local\DigitalEntitlements
2020-06-25 02:32 - 2019-11-26 22:30 - 000000000 ____D C:\Users\cabec\AppData\Local\NVIDIA Corporation
2020-06-25 01:36 - 2020-04-21 16:14 - 000000000 ____D C:\Users\cabec\Desktop\Escola
2020-06-25 01:36 - 2020-03-26 19:02 - 000000000 ____D C:\Users\cabec\Desktop\Photoshop
2020-06-25 00:20 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\LiveKernelReports
2020-06-24 23:50 - 2019-11-26 22:37 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-23 22:49 - 2019-11-26 23:15 - 000000000 ____D C:\Users\cabec\AppData\Local\D3DSCache
2020-06-23 21:38 - 2019-11-27 23:24 - 000000000 ____D C:\Users\cabec\AppData\Local\Rockstar Games
2020-06-23 21:18 - 2019-11-27 23:23 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2020-06-23 15:44 - 2019-11-26 23:13 - 000000000 ____D C:\Users\cabec\AppData\Local\UnrealEngine
2020-06-23 15:29 - 2019-11-26 23:15 - 000000000 ____D C:\Program Files\Epic Games
2020-06-23 15:20 - 2019-05-15 12:01 - 002754024 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2020-06-23 15:20 - 2019-05-15 12:01 - 002122216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2020-06-23 15:20 - 2019-05-15 12:01 - 001295848 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2020-06-23 15:19 - 2020-04-23 15:32 - 000000000 ____D C:\Users\cabec\AppData\Local\EpicGamesLauncher
2020-06-21 17:01 - 2020-01-01 21:13 - 000000000 ____D C:\Users\cabec\Desktop\fotos
2020-06-21 00:42 - 2019-11-28 19:05 - 000000000 ____D C:\Users\cabec\AppData\Local\CrashDumps
2020-06-17 01:15 - 2019-11-26 23:07 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Files in the root of some directories ========

2020-03-31 17:48 - 2020-06-04 15:52 - 000000132 _____ () C:\Users\cabec\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2019-12-02 18:29 - 2020-06-17 11:53 - 000001435 _____ () C:\Users\cabec\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
ADDITION:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
Ran by cabec (17-07-2020 15:02:43)
Running from C:\Users\cabec\Downloads
Windows 10 Home Version 1809 17763.914 (X64) (2019-11-26 21:06:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3266803249-1906538077-2635784554-500 - Administrator - Disabled)
cabec (S-1-5-21-3266803249-1906538077-2635784554-1001 - Administrator - Enabled) => C:\Users\cabec
DefaultAccount (S-1-5-21-3266803249-1906538077-2635784554-503 - Limited - Disabled)
Guest (S-1-5-21-3266803249-1906538077-2635784554-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3266803249-1906538077-2635784554-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.2.0.436 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 24.0.1.169 - Bitdefender)
CPUID ASUS CPU-Z 1.86 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)
Discord (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Discord) (Version: 0.0.306 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{0EE6DDEF-E36B-45EB-9E03-5A266EC8A8F8}) (Version: 1.1.279.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FiveM (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\CitizenFX_FiveM) (Version: - The CitizenFX Collective)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
GlassWire 2.2 (remove only) (HKLM-x32\...\GlassWire 2.2) (Version: 2.2.210 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.18.312 - SurfRight B.V.)
Intel(R) Chipset Device Software (HKLM-x32\...\{eb0d4a41-3065-42b0-a868-c60d42d3ea98}) (Version: 10.1.17695.8086 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1829.12.0.1154 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.369.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{aa81bdf2-96a6-4400-a596-c7d1916ce9f7}) (Version: 1.50.369.0 - Intel Corporation) Hidden
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Graphics Driver 442.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.38.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.38.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 24.0.3 - OBS Project)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.25.260 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.6.1 - Rockstar Games)
Spotify (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Spotify) (Version: 1.1.37.690.g8f3b16fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.24.2 (HKLM\...\TAP-Windows) (Version: 9.24.2 - OpenVPN Technologies, Inc.)
WhatsApp (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\WhatsApp) (Version: 2.2027.10 - WhatsApp)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Zemana AntiMalware version 3.1.495 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.1.495 - Zemana)
Zoom (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-11] (Adobe Systems Incorporated)
ASUS Product Registration Program (APRP) -> C:\Program Files\WindowsApps\B9ECED6F.ASUSProductRegistrationProgramAPRP_2.1.7.0_x86__qmba6cd70vzyy [2019-05-15] (ASUSTeK COMPUTER INC.) [Startup Task]
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.4.4.0_x86__kgqvnymyfvs32 [2019-12-10] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.27.6.0_x86__kgqvnymyfvs32 [2019-12-12] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1660.4.0_x86__kgqvnymyfvs32 [2019-12-13] (king.com)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-11-26] (LinkedIn)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-11-26] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2019-11-26] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3266803249-1906538077-2635784554-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-3E512AFE03D6} -> [Creative Cloud Files] => C:\Users\cabec\Creative Cloud Files [2019-12-22 17:11]
CustomCLSID: HKU\S-1-5-21-3266803249-1906538077-2635784554-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2019-11-04] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\nvshext.dll [2020-03-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2019-11-04] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\cabec\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\cabec\AppData\Local\Temp:$DATA​ [16]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cabec\Desktop\fotos\425000.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B4EB1566-E2AE-4438-9BC2-0A308CB11AF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C3A391E5-7C5B-4258-9426-EA8C43613E9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{2DC31673-07E7-4D78-A304-67E704BD2FAA}R:\faclog\xml_udp.exe] => (Allow) R:\faclog\xml_udp.exe => No File
FirewallRules: [UDP Query User{8FD4C7A0-0968-481E-B08A-073DFF93FECD}R:\faclog\xml_udp.exe] => (Allow) R:\faclog\xml_udp.exe => No File
FirewallRules: [{E0CAF784-F8F0-41E7-9C9A-970A9D64F08C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{44489132-C84B-4D5C-83D5-CD548276B0EE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{30C4DA47-72F5-4A2F-BC7B-C8EB0D9658AC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{48C600C9-AD24-4B48-9D26-26EB6703C8FD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{AC5E0D92-DB13-4376-9EEF-5DE28D7DD632}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{BB38DA3A-C591-41B8-9CC9-49A86CEE0886}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{37EEFF46-748B-43A7-B65C-05DFFA20B41F}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{8EE01FFF-85B1-4405-B3EA-5650D0AE87DF}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [{B91F71BC-5E6A-499E-9A4C-966DE48C898D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{8AFDCE90-B5D8-4C7F-8AB0-4874D6F46E0E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{6FA27901-58B4-4E40-AE8A-2BA5CAC223FA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20332.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{59D62CD5-0161-4F56-94C4-80BCFAE4BC42}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe => No File
FirewallRules: [{6BB9495C-F788-41DC-9931-862D29FA40A0}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe => No File
FirewallRules: [{243CA801-2705-4B78-849B-E888F42DE731}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe => No File
FirewallRules: [{2CCD6495-6C1C-49D9-ABAD-5F2836EA1EC1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe => No File
FirewallRules: [{A5A332F8-A4E1-4A44-87CA-7F878F892FF1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe => No File
FirewallRules: [{ADC2B3AB-A461-4E4E-8EDC-E13CEA633135}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe => No File
FirewallRules: [{C97CF2AA-125A-4E52-B00C-5EAC42A17E4D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{DA6D6BDC-2096-4BF5-8B5F-DEA3C2A80F7A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe => No File
FirewallRules: [{0917DBF2-23E4-4CD0-907B-FFC35C94B690}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe => No File
FirewallRules: [{4EABDA6A-4CEB-49FD-BBFC-01059B8C1B81}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File
FirewallRules: [TCP Query User{AF278700-1AE7-42E9-AC2C-16F31DCEC347}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File
FirewallRules: [UDP Query User{0BF14D1E-9FC3-4201-BEBF-D2BB21F89A2B}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File
FirewallRules: [TCP Query User{9A8D3B69-D874-48D8-860B-8E2557F475FB}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [UDP Query User{180ECF96-FA4F-45FD-A261-B32DD1B347DD}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [TCP Query User{C4FE6CEB-B714-470D-A436-52AB7BC5E155}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File
FirewallRules: [UDP Query User{B7A79C89-D300-4E07-9A26-04DA5803FD50}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File
FirewallRules: [{343A8CA4-9763-4756-9ACB-6E66B31FE737}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FarCry5\bin\ArcadeEditor64.exe => No File
FirewallRules: [{6B7B79B8-CD22-4DFD-8066-C45EA89170A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FarCry5\bin\ArcadeEditor64.exe => No File
FirewallRules: [TCP Query User{2D87E3AC-51EA-4843-891F-6270D5B6AF86}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe => No File
FirewallRules: [UDP Query User{054ACD9D-A7D8-46B2-BD65-1104C56AC9F4}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe => No File
FirewallRules: [TCP Query User{48334160-DE2B-4B88-88AB-3249E06F4E4D}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{4D4A3834-B4E1-4A7C-91A0-383FEA139E31}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{004C3002-7BAE-4DB3-8A5E-6C546B6A319D}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe => No File
FirewallRules: [UDP Query User{3D4F3756-AC06-4E19-A1DD-22541610E72A}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe => No File
FirewallRules: [TCP Query User{916E4580-6205-446F-9960-84887A81011A}C:\users\cabec\appdata\local\fivem\fivem.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [UDP Query User{95C77CB8-221F-4F37-8379-14EBAE17D948}C:\users\cabec\appdata\local\fivem\fivem.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [TCP Query User{14D99437-3139-460D-A634-AC2A55EF54C0}C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [File not signed]
FirewallRules: [UDP Query User{D12AB444-51FF-48BC-9FE5-8FCCB115FB6E}C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [File not signed]
FirewallRules: [{2EB7BAE9-D176-43BE-A493-E87516D62E54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe => No File
FirewallRules: [{16030B2C-5537-4353-8E79-6F546D1B8678}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe => No File
FirewallRules: [TCP Query User{E49EEC6D-6D1A-4C89-8676-EC231F17EBC5}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{2E6A3C83-B3A9-4BE4-84EC-B263F63EDE9A}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{2853E3F7-69FF-4D36-BA08-EC5857FC100E}D:\overwatch\_retail_\overwatch.exe] => (Allow) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{3052D99D-636E-44FC-977D-3FD8912BF6AA}D:\overwatch\_retail_\overwatch.exe] => (Allow) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [{60188921-0C33-4C26-942C-F39A9560CC4D}] => (Allow) C:\Users\cabec\Desktop\jogos\Steam.exe => No File
FirewallRules: [{EC93ACF3-EC4A-4615-84C8-124E3D39FA1C}] => (Allow) C:\Users\cabec\Desktop\jogos\Steam.exe => No File
FirewallRules: [{920ECE17-DF28-4883-867C-8D1C797B1B39}] => (Allow) C:\Users\cabec\Desktop\jogos\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{BF1DFD7B-2402-4B5B-8ABA-4E97AF0022F8}] => (Allow) C:\Users\cabec\Desktop\jogos\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A4BD95D7-70CD-47DC-BA6E-A3183B143DAA}] => (Allow) C:\Users\cabec\Desktop\jogos\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{9E62D6AC-B6C8-4B99-8BEA-9AE44F36379E}] => (Allow) C:\Users\cabec\Desktop\jogos\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [TCP Query User{09757607-6E63-4190-AACC-5CC113768E11}C:\users\cabec\desktop\jogos\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\users\cabec\desktop\jogos\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{B5BE851D-6643-4F20-895E-D697D5275B19}C:\users\cabec\desktop\jogos\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\users\cabec\desktop\jogos\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [{C5A51D38-9A65-4EEF-9491-B4B48891CA54}] => (Allow) C:\Users\cabec\Desktop\steam\Steam.exe => No File
FirewallRules: [{0FA3D3E0-6CD4-49A2-9C09-EECD7E279596}] => (Allow) C:\Users\cabec\Desktop\steam\Steam.exe => No File
FirewallRules: [{7EFADCA5-CC61-41C6-93E5-D932EB45E4B1}] => (Allow) C:\Users\cabec\Desktop\steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C8F8CCF4-3A5E-49A1-AF47-F2B7CE80D192}] => (Allow) C:\Users\cabec\Desktop\steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{AA614601-B43C-4F2C-9F58-0BE8965EF022}] => (Allow) C:\steam\Steam.exe => No File
FirewallRules: [{DE333F3F-EF8A-4993-94D5-C175C0D79550}] => (Allow) C:\steam\Steam.exe => No File
FirewallRules: [{76B0861F-2ED6-4D1F-B26B-0BA44376ABB6}] => (Allow) C:\steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{EB87DB16-7F47-4D70-B1C3-ADC343E7F5A8}] => (Allow) C:\steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{89D90CFD-45D9-406C-94C8-8A3ADEF122F9}] => (Allow) C:\Users\cabec\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{312510DE-4545-4B15-AB6E-96156FD80857}] => (Allow) C:\Users\cabec\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{FAB40BAE-028D-489A-8B2C-D6590F2CAEB6}C:\users\cabec\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cabec\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{9820688A-9299-4459-9F9E-36C28974E0AE}C:\users\cabec\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cabec\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5F075C96-65EA-4EB5-8B15-63F89D253746}] => (Allow) C:\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{984F01A8-7664-4545-BA0A-1E5083FA257F}] => (Allow) C:\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{2D74CFC2-CBDC-4BD4-ACF4-CBBDBA3B4AD6}] => (Allow) C:\steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File
FirewallRules: [{944D89E6-FD7A-4F5B-8833-F4B828A625D7}] => (Allow) C:\steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File
FirewallRules: [TCP Query User{051C33DC-C7A4-40DF-B7B3-ABB35900B0C9}C:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{EAC8F45C-CD67-4F7D-B6D0-98D69ADA6F2D}C:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [{3439D8EB-6502-4613-ADD2-431CEC0460CD}] => (Allow) C:\Users\cabec\Pictures\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{EF73778D-5753-4482-B650-D53A14B3ABF5}] => (Allow) C:\Users\cabec\Pictures\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6D35C2A8-87DD-4AC6-8F69-14CF0B2CAC24}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D4CBF99F-F0E8-4585-A813-3492720ED181}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0FF9790B-D8A8-43C5-9AF2-E30DC4467436}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{33AA7470-9092-44D2-8818-6E85988D0124}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{64F23525-3A54-4E61-AC1C-4326A8E18AB3}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{41A45A20-6F0E-418E-AAA1-C6669BA35AB9}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{999F86F6-527B-4C61-9801-0BD6CBD9D937}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{2B776A8B-F6C8-4700-B36E-593BB60A20A5}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{D8FC0FE3-8EBD-4EC7-B311-E1D75C49D126}C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{FA131442-74CB-457B-989A-8C5188B009B3}C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{C7F77A1E-1CF4-48E8-A7B2-C00D963C76E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{C6FADD75-C65D-457C-B72C-DA534512A88D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{FB8467D7-5D74-4DF2-A9EA-6D338788158F}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{C0A61DBC-2E0B-45E7-B8FE-CA489B065BE0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{25C0C7D0-8F13-4DCC-A995-A4DA608992AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DEB01ED7-2EF4-4F0C-A5AD-72976FF64542}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3F0A00FF-02E4-4F96-9C72-C73ACDC9C529}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CCDA7A30-E535-4EC7-A420-EDA70AE37F2C}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F0F90CB4-C3BD-4024-974F-B46938DE3A46}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{CACEE9EB-3C5F-44E3-AD51-245CF3FE13F4}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{2B46F0F2-3E6B-4F24-98DA-B5EA32F4502D}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{0D99FA9F-5CFC-4DAC-8B84-FFBA96C85F29}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{12C41A4B-3BD7-4283-BF51-54D2DEDF1820}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)

==================== Restore Points =========================

23-06-2020 15:19:16 Installed DirectX
01-07-2020 18:34:24 Scheduled Checkpoint
09-07-2020 12:14:52 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/17/2020 02:51:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3738

Start Time: 01d65c414d1ee551

Termination Time: 0

Application Path: C:\Windows\System32\MicrosoftEdgeCP.exe

Report Id: 6f294794-eb49-4c98-9960-b7ce9150186a

Faulting package full name: Microsoft.MicrosoftEdge_44.17763.831.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Hang type: Unknown

Error: (07/17/2020 02:50:09 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/17/2020 02:23:48 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/17/2020 02:22:50 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/17/2020 12:21:43 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/17/2020 04:48:34 AM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/16/2020 07:13:55 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/16/2020 12:59:25 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (07/17/2020 03:02:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (07/17/2020 03:02:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (07/17/2020 03:00:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (07/17/2020 03:00:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (07/17/2020 02:59:22 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MQCUIRU)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MQCUIRU\cabec SID (S-1-5-21-3266803249-1906538077-2635784554-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2020 02:58:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (07/17/2020 02:58:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (07/17/2020 02:56:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.


Windows Defender:
===================================
Date: 2019-12-12 13:59:59.764
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {487BAD9A-C330-4233-BE7B-AE97962EBE50}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-05 09:33:29.113
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {698660BF-F832-4C05-83F8-1D45D12588CB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-04 21:22:33.404
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4A2C9B23-8239-4F5E-A6A4-00DC55AB3123}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-04 20:13:19.227
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {807AA218-8425-4517-B0C0-105137EF48AF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-11-28 17:40:25.666
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9330D0A3-A7E2-4D90-B67C-CDC616EDA42F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-13 16:39:02.212
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2020-07-17 14:50:19.458
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:50:19.456
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:23:56.841
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:23:56.838
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:22:58.419
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:22:58.416
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 12:21:52.441
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 12:21:52.438
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 0404 04/12/2019
Motherboard: ASUSTeK COMPUTER INC. WS C246 GS
Processor: Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 12%
Total physical RAM: 32633.93 MB
Available physical RAM: 28442.95 MB
Total Virtual: 34681.93 MB
Available Virtual: 28698.56 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:476.33 GB) (Free:139.77 GB) NTFS
Drive d: (data) (Fixed) (Total:1862.89 GB) (Free:1820.86 GB) NTFS

\\?\Volume{7fb0217e-e2a9-4e88-8f9a-c50f72859aa3}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{783377f8-cd83-45ef-bd0f-bc43b2b24249}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 7FE96090)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 2BBCADC2)

Partition: GPT.

==================== End of Addition.txt =======================
jhon244
Active Member
 
Posts: 7
Joined: July 17th, 2020, 11:12 am
Advertisement
Register to Remove

Re: I have a virus pls help me

Unread postby pgmigg » July 17th, 2020, 11:46 pm

Hello jhon244,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I have a virus pls help me

Unread postby pgmigg » July 18th, 2020, 12:17 am

Hello jhon244,

Step 1.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Right-click CKScanner.exe and select "Run as administrator...", then click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
Run CodeCheck Scan
  1. Please download codecheck from Here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Then:
Please tell me, is this computer used for business purposes or connected to any business network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a log created by CKFiles.txt
  3. Contents of the codecheck.txt log file
  4. Answer for my question related to type of using of your computer.
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I have a virus pls help me

Unread postby jhon244 » July 18th, 2020, 10:09 am

Hi thank you so much for replying, its not for bussiness I do have a youtube channel with 5k subs but I dont think that really counts haha.
Here are the things you asked for:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\de_de\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\de_de\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\de_de\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\es_es\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\es_es\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\es_es\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\fr_fr\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\fr_fr\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\fr_fr\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\it_it\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\it_it\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\it_it\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\ja_jp\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\ja_jp\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\ja_jp\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\ko_kr\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\ko_kr\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\ko_kr\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\pt_br\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\pt_br\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\pt_br\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\ru_ru\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\ru_ru\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\ru_ru\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\zh_cn\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\zh_cn\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cc 2019\plug-ins\zh_cn\vstplugins\decrackler6.dll
c:\program files\image-line\fl studio 20\data\patches\packs\drums (modeaudio)\claps\ma firecracker clap.wv
c:\program files\image-line\fl studio 20\data\patches\packs\drums (modeaudio)\hi hats\ma firecracker chat.wv
c:\program files\image-line\fl studio 20\data\patches\packs\drums (modeaudio)\kicks\ma firecracker kick.wv
c:\program files\image-line\fl studio 20\data\patches\packs\drums (modeaudio)\snares\ma firecracker snare.wv
c:\program files\image-line\fl studio 20\data\patches\plugin presets\generators\drumpad\sound fx\crack.fst
c:\program files\image-line\fl studio 20\plugins\fruity\effects\hardcore\presets\default\i cracked my tube!.hdprg
c:\program files\image-line\fl studio 20\plugins\fruity\generators\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files\image-line\fl studio 20\plugins\fruity\generators\drumpad\drum patches\sound fx\crack.dmpatch
c:\program files\image-line\fl studio 20\plugins\fruity\generators\poizone\banks\xenos soundworks\fx crackling static.fxp
c:\program files\image-line\fl studio 20\plugins\fruity\generators\sawer\presets\ambient\mc cracked.sawer
c:\program files\image-line\fl studio 20\plugins\fruity\generators\toxic biohazard\presets\basses\crack.tbio
c:\users\cabec\documents\image-line\drumaxx\drum patches\sound fx\crack.dmpatch
c:\users\cabec\documents\image-line\hardcore\default\i cracked my tube!.hdprg
c:\users\cabec\documents\image-line\poizone\xenos soundworks\fx crackling static.fxp
c:\users\cabec\documents\image-line\sawer\ambient\mc cracked.sawer
c:\users\cabec\documents\image-line\toxic biohazard\basses\crack.tbio
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207e8c478\ssh-keygen.exe
scanner sequence 3.ZZ.11.BSNAS0
----- EOF -----

Codecheck Version 1.0

07018
jhon244
Active Member
 
Posts: 7
Joined: July 17th, 2020, 11:12 am

Re: I have a virus pls help me

Unread postby pgmigg » July 19th, 2020, 12:37 am

Hello jhon244,

Thank you for your answers!

It seems to me that before to open a case here, you tried to make a few actions by yourself and install a lot of anti-all defense programs. Together, they can blur the picture and interfere with each other. After we finish here, you can install back whatever you want, but for now we will remove them ...

Multiple AV programs are working simultaneously is a recipe for disaster. More programs does not mean more security, in fact it means the very opposite. Running - more than one - antivirus program is not recommended because:
  • They can conflict with each other.
  • Report the other antivirus software as malicious.
  • Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
  • Can cause your computer to run slowly, become unstable and crash.
By the way, your computer is defenseless, since even the internal protection of Windows was disabled.

If you ask me personally, I would recommend Malwarebytes Premium (MBAM) as an active real-time antivirus defense, and in the paid version, believe me, it's worth it. But even the internal free Windows Defender is better than nothing and the protection is not so bad, although inferior to MBAM.

Step 1.
Create a Backup With Tweaking.com Registry Backup (TCRB)
There is also a tutorial with pictures available HERE.
  1. Please download TCRB from HERE and save it to your Desktop, then double-click on tweaking.com_registry_backup_setup.exe and follow the prompts to install TCRB.
  2. Launch TCRB.
  3. Click the Backup Registry tab and make sure all the boxes are checked.
  4. Click on Backup Now.
  5. Once the backup is finished you can now exit the program.
< STOP > Do not proceed any further if you were not able to create a registry backup. Post back with what happened so we can determine why it was unsuccessful.

Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    HitmanPro 3.8
    Bitdefender Agent
    GlassWire
    Zemana AntiMalware
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

Step 3.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Please press the Windows Key + R.
  4. Type notepad.exe into the text box and click OK.
  5. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\R:\Faclog\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
    AlternateDataStreams: C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
    AlternateDataStreams: C:\Users\cabec\AppData\Local\Temp:$DATA​ [16]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
    FirewallRules: [TCP Query User{2DC31673-07E7-4D78-A304-67E704BD2FAA}R:\faclog\xml_udp.exe] => (Allow) R:\faclog\xml_udp.exe => No File
    FirewallRules: [UDP Query User{8FD4C7A0-0968-481E-B08A-073DFF93FECD}R:\faclog\xml_udp.exe] => (Allow) R:\faclog\xml_udp.exe => No File
    
    EmptyTemp:
    CMD: ipconfig /flushdns
  6. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  7. Right click on FRST64.exe and select Run as administrator.
  8. Press the Fix button one time only and wait.
  9. When FRST finishes you will be prompted to reboot your computer. Click OK.
  10. Your computer should now restart - if not, please do it manually. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step 3.
Fresh FRST64 Scan
You should still have FRST64.exe on your Desktop.
  1. Please close all open programs and windows.
  2. Right-click FRST64.exe and select "Run as administrator..." to run it.
  3. When the tool opens click Yes to the disclaimer if it is occurred.
  4. Please be sure that 90 Days Files check box under Optional Scan section is checked.
  5. Please be sure that Addition.txt check box under Optional Scan section is checked.
  6. Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
  7. Please post the content of the both FRST.txt and Addition.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the Fixlog.txt log file
  3. Contents of the FRST.txt log file after fresh FRST scan
  4. Contents of the Addition.txt log file after fresh FRST scan
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I have a virus pls help me

Unread postby jhon244 » July 19th, 2020, 8:49 am

Hi pgmigg thanks for replying again, you are truly doing some honest to god help in this world.
I did not have any problems executing your instructions, I will include all of the contents you asked for in this reply I would also like to ask the question if you think that paying for the malwarebytes premium is really worth it Im 17 and dont have that much spending money
but if it will protect my computer really well I think I may invest in it,

Here are the things you asked for:

fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
Ran by cabec (19-07-2020 13:09:44) Run:1
Running from D:\antihack
Loaded Profiles: cabec
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\R:\Faclog\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
AlternateDataStreams: C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\cabec\AppData\Local\Temp:$DATA? [16]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
FirewallRules: [TCP Query User{2DC31673-07E7-4D78-A304-67E704BD2FAA}R:\faclog\xml_udp.exe] => (Allow) R:\faclog\xml_udp.exe => No File
FirewallRules: [UDP Query User{8FD4C7A0-0968-481E-B08A-073DFF93FECD}R:\faclog\xml_udp.exe] => (Allow) R:\faclog\xml_udp.exe => No File

EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
e1edc438-f640-4184-a443-d2a7c37a01dc => service not found.
C:\Users\cabec\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.
C:\Users\cabec\AppData\Local\Temp => ":$DATA?" ADS could not remove.
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2DC31673-07E7-4D78-A304-67E704BD2FAA}R:\faclog\xml_udp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8FD4C7A0-0968-481E-B08A-073DFF93FECD}R:\faclog\xml_udp.exe" => removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 115086763 B
Java, Flash, Steam htmlcache => 421829717 B
Windows/system/drivers => 7414264 B
Edge => 2728573 B
Chrome => 444537225 B
Firefox => 1099062262 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 7168 B
LocalService => 412668 B
NetworkService => 459828 B
cabec => 407041012 B

RecycleBin => 0 B
EmptyTemp: => 2.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:10:12 ====

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by cabec (administrator) on DESKTOP-MQCUIRU (ASUSTeK COMPUTER INC. GS GS30) (19-07-2020 13:22:40)
Running from D:\antihack
Loaded Profiles: cabec
Platform: Windows 10 Home Version 1809 17763.914 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Kristjan Skutta -> ) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\cabec\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [749512 2018-08-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Discord] => C:\Users\cabec\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Spotify] => C:\Users\cabec\AppData\Roaming\Spotify\Spotify.exe [23330024 2020-07-10] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Steam] => C:\Users\cabec\Pictures\steam\steam.exe [3377440 2020-07-10] (Valve -> Valve Corporation)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [WallpaperEngine] => C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\wallpaper32.exe [2887160 2020-07-12] (Kristjan Skutta -> )
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32339344 2020-06-23] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [] => [X]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10B369E2-9561-4834-B2E2-AE1548B7A964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {11FAC390-8444-4F1B-A572-E1236FF01B95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1B4C39BA-DACF-4FFC-91E5-C3BA371E7524} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {28698CB2-D487-4E03-A60A-081637108C44} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124112 2020-07-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {317B3AC1-9E00-42C6-BDE6-B0A149E4EACB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {373C59AB-BC3C-443F-BF78-B830426D5E17} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BF4D48B-BBD5-4A14-BAF3-9F5CDAC7CEDF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {70789B62-1E4A-4B6B-9FBD-281F7C6CA368} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {943785C0-5024-4113-84CD-09D2097BC973} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {94906888-35B9-49D8-B41D-E3A3D0572989} - System32\Tasks\AAAAAAA => C:\Users\cabec\AppData\Local\Programs\Opera\launcher.exe
Task: {96771905-0661-406E-A19F-DD6CB5619695} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6B5345C-4BC6-44B2-88CD-85AB59171087} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B938375F-A09F-4113-ADEE-E0E686B28D78} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE1B5949-93C3-43C3-AC04-6AF343518ACF} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ECB1EDFD-9E29-41E3-ADEB-77C26B74993D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FD663655-8394-4219-BE57-88748A0C6780} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{13636716-f8ba-4148-be78-b443fc47f947}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{19a10513-7b53-490a-8a61-1cfe829c00f8}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{b82b7d28-f146-43ef-a62d-c6ae0af56bd4}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

FireFox:
========
FF DefaultProfile: 4md9z3c1.default
FF ProfilePath: C:\Users\cabec\AppData\Roaming\Mozilla\Firefox\Profiles\4md9z3c1.default [2020-07-19]
FF ProfilePath: C:\Users\cabec\AppData\Roaming\Mozilla\Firefox\Profiles\5ctdp677.default-release [2020-07-19]
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-06-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-06-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin HKU\S-1-5-21-3266803249-1906538077-2635784554-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\cabec\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-11] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default [2020-07-19]
CHR Notifications: Default -> hxxps:\/\/meet.google.com; hxxps:\/\/www.pcdiga.com
CHR HomePage: Default -> hxxps:\/\/www.google.com\/
CHR StartupUrls: Default -> "hxxps:\/\/www.google.com\/","hxxps:\/\/www.google.com\/","hxxps:\/\/www.google.com\/","hxxps:\/\/www.google.com\/"
CHR Extension: (Google Drive) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-11-26]
CHR Extension: (YouTube) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-11-26]
CHR Extension: (Avira Password Manager) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2020-07-17]
CHR Extension: (Avira Safe Shopping) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2020-07-17]
CHR Extension: (pro grey) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhpebdanojkmhbbneclbkmpleemilaj [2020-05-11]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-26]
CHR Extension: (Gmail) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-27]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8615864 2020-06-23] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-26] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-19] (Malwarebytes Inc -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1711232 2020-06-25] (Rockstar Games, Inc. -> Rockstar Games)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2019-12-02] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 AGMService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe" [X]
S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-06-01] (ASUSTeK Computer Inc. -> )
R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
S3 dpclat_driver; C:\Windows\system32\drivers\dpclat_driver.sys [21232 2019-12-02] (Thesycon Systemsoftware Consulting GmbH -> Thesycon GmbH)
R3 e1rexpress; C:\Windows\System32\drivers\e1r65x64.sys [548800 2018-05-03] (Intel(R) INTELNPG1 -> Intel Corporation)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-06-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-06-06] (Malwarebytes Inc -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\nvlddmkm.sys [23287696 2020-03-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvModuleTracker; C:\Windows\System32\drivers\NvModuleTracker.sys [50592 2020-03-04] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [67456 2020-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [90168 2020-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 UcmCxUcsiNvppc; C:\Windows\System32\drivers\UcmCxUcsiNvppc.sys [715680 2019-11-21] (NVIDIA Corporation -> NVIDIA Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45664 2019-12-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [355760 2019-12-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-03] (Microsoft Windows -> Microsoft Corporation)
S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-19 13:02 - 2020-07-19 13:02 - 002292736 _____ (Farbar) C:\Users\cabec\Desktop\FRST64(1).exe
2020-07-19 13:00 - 2020-07-19 13:01 - 000000844 _____ C:\Users\cabec\Desktop\fixlist.txt..txt
2020-07-19 12:51 - 2020-07-19 12:51 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-MQCUIRU-Windows-10-Home-(64-bit).dat
2020-07-19 12:51 - 2020-07-19 12:51 - 000000000 ____D C:\RegBackup
2020-07-19 12:50 - 2020-07-19 12:50 - 000017985 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2020-07-19 12:50 - 2020-07-19 12:50 - 000002319 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2020-07-19 12:50 - 2020-07-19 12:50 - 000002319 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2020-07-19 12:50 - 2020-07-19 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2020-07-19 12:50 - 2020-07-19 12:50 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2020-07-19 12:49 - 2020-07-19 12:49 - 005766144 _____ (Tweaking.com) C:\Users\cabec\Desktop\tweaking.com_registry_backup_setup.exe
2020-07-18 15:05 - 2020-07-18 15:09 - 000000033 _____ C:\Users\cabec\Desktop\codecheck.txt
2020-07-18 15:05 - 2020-07-18 15:05 - 000025088 _____ C:\Users\cabec\Desktop\codecheck.exe
2020-07-18 15:03 - 2020-07-18 15:03 - 000071924 _____ C:\ProgramData\agent.uninstall.1595081011.bdinstall.v2.bin
2020-07-18 14:58 - 2020-07-18 14:58 - 000000000 ____D C:\Windows\system32\Tasks\Avira
2020-07-18 14:39 - 2020-07-18 14:40 - 000004651 _____ C:\Users\cabec\Desktop\ckfiles.txt
2020-07-18 14:38 - 2020-07-18 14:38 - 000468480 _____ () C:\Users\cabec\Desktop\CKScanner.exe
2020-07-18 14:38 - 2020-07-18 14:38 - 000468480 _____ () C:\Users\cabec\Desktop\CKScanner(1).exe
2020-07-17 20:19 - 2020-07-17 20:19 - 000001972 _____ C:\Users\cabec\Desktop\Process Hacker 2.lnk
2020-07-17 20:19 - 2020-07-17 20:19 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Process Hacker 2
2020-07-17 20:19 - 2020-07-17 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2020-07-17 20:19 - 2020-07-17 20:19 - 000000000 ____D C:\Program Files\Process Hacker 2
2020-07-17 20:17 - 2020-07-17 20:17 - 002267848 _____ (wj32 ) C:\Users\cabec\Downloads\processhacker-2.39-setup.exe
2020-07-17 20:09 - 2020-07-17 20:09 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-07-17 20:09 - 2020-07-17 20:09 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-07-17 20:09 - 2020-07-17 20:09 - 000001000 _____ C:\ProgramData\Desktop\Firefox.lnk
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Mozilla
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Users\cabec\AppData\Local\Mozilla
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\ProgramData\Mozilla
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-17 19:27 - 2020-07-17 19:27 - 000003632 _____ C:\Windows\system32\Tasks\AAAAAAA
2020-07-17 18:14 - 2020-07-17 18:15 - 007530244 _____ C:\Users\cabec\Desktop\AYYYYY.arn
2020-07-17 18:02 - 2020-07-17 18:02 - 002674525 _____ C:\Users\cabec\Downloads\Autoruns.zip
2020-07-17 17:57 - 2020-07-18 15:04 - 000000000 ____D C:\Users\cabec\AppData\Local\Opera Software
2020-07-17 17:56 - 2020-07-17 17:56 - 000000000 ____D C:\Users\Public\Security Sessions
2020-07-17 17:55 - 2020-07-19 12:26 - 000000000 ____D C:\Program Files (x86)\Avira
2020-07-17 17:55 - 2020-07-18 15:04 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Opera Software
2020-07-17 17:55 - 2020-07-18 15:03 - 000000000 ____D C:\ProgramData\Avira
2020-07-17 17:55 - 2020-07-17 17:56 - 000000000 ____D C:\Users\cabec\AppData\Local\Avira
2020-07-17 17:55 - 2020-07-17 17:55 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2020-07-17 17:54 - 2020-07-17 17:54 - 004344656 _____ (Avira Operations GmbH & Co. KG) C:\Users\cabec\Downloads\avira_en_sptl1_20749766-1595004868__featurews-spotlight-release.exe
2020-07-17 15:10 - 2020-07-17 15:03 - 000048170 _____ C:\Users\cabec\Desktop\Addition.txt
2020-07-17 15:10 - 2020-07-17 15:03 - 000040799 _____ C:\Users\cabec\Desktop\FRST.txt
2020-07-17 15:02 - 2020-07-19 13:22 - 000000000 ____D C:\FRST
2020-07-17 15:02 - 2020-07-17 15:03 - 000048170 _____ C:\Users\cabec\Downloads\Addition.txt
2020-07-17 15:02 - 2020-07-17 15:03 - 000040799 _____ C:\Users\cabec\Downloads\FRST.txt
2020-07-17 15:01 - 2020-07-17 15:01 - 002292736 _____ (Farbar) C:\Users\cabec\Downloads\FRST64.exe
2020-07-17 14:42 - 2020-07-17 14:42 - 000000250 _____ C:\Users\cabec\Desktop\VIRUS FREE.reg
2020-07-17 14:35 - 2020-07-17 14:35 - 020327732 _____ C:\Users\cabec\Desktop\registry backup.reg
2020-07-17 14:24 - 2020-07-17 14:24 - 000000000 ____D C:\Windows\pss
2020-07-14 17:50 - 2020-07-15 17:15 - 000000000 ____D C:\Windows\Minidump
2020-07-14 17:18 - 2020-07-19 12:54 - 000089447 _____ C:\Windows\ZAM.krnl.trace
2020-07-14 17:18 - 2020-07-19 12:54 - 000000000 ____D C:\Users\cabec\AppData\Local\AMSDK
2020-07-14 17:18 - 2020-07-14 17:18 - 000000000 ____D C:\Users\cabec\AppData\Local\Zemana
2020-07-14 17:17 - 2020-07-14 17:17 - 012741568 _____ (Zemana Ltd. ) C:\Users\cabec\Downloads\AntiMalware_Setup.exe
2020-07-14 16:57 - 2020-07-14 16:57 - 000000797 _____ C:\Users\cabec\Documents\hosts.txt
2020-07-14 15:52 - 2020-07-16 19:11 - 000000150 _____ C:\Windows\Reimage.ini
2020-07-14 15:51 - 2020-07-14 17:44 - 000611598 _____ C:\Windows\ntbtlog.txt
2020-07-14 08:26 - 2020-07-14 08:38 - 000000881 _____ C:\Users\cabec\Desktop\exame 2013.txt
2020-07-14 07:56 - 2020-07-14 07:56 - 000001203 _____ C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2020-07-14 07:56 - 2020-07-14 07:56 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2020-07-14 07:55 - 2020-07-14 07:55 - 000115192 _____ C:\ProgramData\agent.1594709704.bdinstall.v2.bin
2020-07-14 07:55 - 2020-07-14 07:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-07-14 07:55 - 2020-07-14 07:55 - 000000000 ____D C:\ProgramData\Bitdefender
2020-07-14 07:54 - 2020-07-14 07:54 - 012444368 _____ C:\Users\cabec\Downloads\bitdefender_online.exe
2020-07-14 07:37 - 2020-07-14 07:38 - 000000000 ____D C:\Users\cabec\AppData\Local\glasswire
2020-07-14 07:37 - 2020-07-14 07:37 - 048212664 _____ (SecureMix LLC) C:\Users\cabec\Downloads\GlassWireSetup.exe
2020-07-14 07:37 - 2020-07-14 07:37 - 000000000 ____D C:\ProgramData\GlassWire
2020-07-14 07:30 - 2020-07-14 07:30 - 008751634 _____ C:\Users\cabec\Desktop\DESKTOP-MQCUIRU.arn
2020-07-14 07:24 - 2020-07-14 07:24 - 000755576 _____ (Sysinternals - www.sysinternals.com) C:\Users\cabec\Downloads\autoruns.exe
2020-07-14 07:24 - 2020-07-14 07:24 - 000755576 _____ (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\autoruns (1).exe
2020-07-14 07:00 - 2020-07-14 08:24 - 000003975 _____ C:\Users\cabec\Desktop\exame 2015.txt
2020-07-14 05:17 - 2020-07-14 06:59 - 000002184 _____ C:\Users\cabec\Desktop\exame 2016.txt
2020-07-13 15:19 - 2020-07-14 07:19 - 000090168 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
2020-07-13 15:19 - 2020-07-13 15:19 - 001567005 _____ C:\Users\cabec\Downloads\ProcessMonitor.zip
2020-07-13 15:19 - 2020-07-13 15:19 - 000000000 ____D C:\Users\cabec\Downloads\ProcessMonitor
2020-07-13 15:19 - 2019-12-10 22:42 - 002181504 ____N (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\Procmon.exe
2020-07-13 15:19 - 2019-12-10 22:42 - 000063582 ____N C:\Users\cabec\Desktop\procmon.chm
2020-07-13 15:19 - 2019-12-10 22:38 - 001177168 ____N (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\Procmon64.exe
2020-07-13 15:19 - 2018-09-28 01:55 - 000007490 ____N C:\Users\cabec\Desktop\Eula.txt
2020-07-13 14:51 - 2020-07-13 19:15 - 000003527 _____ C:\Users\cabec\Desktop\exame 2017.txt
2020-07-13 12:06 - 2020-07-13 12:06 - 000000027 _____ C:\Users\cabec\Desktop\exame 2014.txt
2020-07-13 11:45 - 2020-07-13 11:45 - 002101330 _____ C:\Users\cabec\Desktop\Resumos HCA.pdf
2020-07-12 16:22 - 2020-07-12 16:22 - 002101330 _____ C:\Users\cabec\Downloads\Resumos HCA.pdf
2020-07-10 13:54 - 2020-07-10 13:54 - 000758323 _____ C:\Users\cabec\Downloads\Archive-69bc.zip
2020-07-10 13:54 - 2020-07-10 13:54 - 000758128 _____ C:\Users\cabec\Downloads\2020-07-10 13.51.58.heic
2020-07-10 13:54 - 2020-07-10 13:54 - 000000000 ____D C:\Users\cabec\Downloads\Archive-69bc
2020-07-09 13:21 - 2020-07-09 13:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2020-07-09 13:14 - 2020-07-09 13:22 - 000000000 ____D C:\Program Files (x86)\Overwatch
2020-07-07 09:47 - 2020-03-04 13:54 - 001804784 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2020-07-07 09:47 - 2020-03-04 13:54 - 000050592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\Users\cabec\AppData\LocalLow\Blizzard Entertainment
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\Users\cabec\AppData\Local\Blizzard
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2020-07-05 20:46 - 2020-07-05 20:48 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2020-06-29 20:44 - 2020-06-29 20:44 - 806409556 _____ C:\Users\cabec\Downloads\VIDEO RENDER.mp4
2020-06-28 21:39 - 2020-07-10 12:14 - 000000000 ____D C:\Users\cabec\AppData\Local\Battle.net
2020-06-28 21:39 - 2020-07-05 20:44 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Battle.net
2020-06-28 21:39 - 2020-06-28 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2020-06-28 21:34 - 2020-06-28 21:34 - 004902896 _____ (Blizzard Entertainment) C:\Users\cabec\Downloads\Battle.net-Setup (1).exe
2020-06-26 01:23 - 2020-06-26 01:24 - 006088416 _____ (Cfx.re) C:\Users\cabec\Downloads\FiveM.exe
2020-06-26 01:23 - 2020-06-26 01:23 - 008556152 _____ (cfx-collective) C:\Users\cabec\Downloads\FiveM (1).exe
2020-06-25 02:06 - 2020-06-25 02:06 - 004902896 _____ (Blizzard Entertainment) C:\Users\cabec\Downloads\Battle.net-Setup.exe
2020-06-23 15:19 - 2020-06-23 15:22 - 000000000 ____D C:\ProgramData\Epic
2020-06-23 15:19 - 2020-06-23 15:19 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2020-06-23 15:19 - 2020-06-23 15:19 - 000000000 ____D C:\Program Files (x86)\Epic Games
2020-06-23 15:16 - 2020-06-23 15:16 - 044257280 _____ C:\Users\cabec\Downloads\EpicInstaller-10.17.0.msi
2020-06-21 03:12 - 2020-06-21 03:12 - 071170399 _____ C:\Users\cabec\Downloads\y2mate.com - David Carreira - A Força Está em Nós (Ft. Snoop Dogg) - Videoclip Oficial_Mc8IgVWpdeo_1080p (1).mp4
2020-06-21 03:11 - 2020-06-21 03:11 - 071170399 _____ C:\Users\cabec\Downloads\y2mate.com - David Carreira - A Força Está em Nós (Ft. Snoop Dogg) - Videoclip Oficial_Mc8IgVWpdeo_1080p.mp4
2020-06-21 02:41 - 2020-06-21 02:41 - 000474573 _____ C:\Users\cabec\Downloads\y2mate.com - É o Conan!!!_MREH0EYn47g_360p.mp4
2020-06-19 20:15 - 2020-06-19 20:15 - 001397166 _____ C:\Users\cabec\Downloads\Shui hua piou piou bei feng shou shou tian de yi pian cheng mao.mp4
2020-06-17 17:28 - 2020-06-17 17:28 - 000227201 _____ C:\Users\cabec\Downloads\Horario Julho.pdf
2020-06-17 17:13 - 2020-06-17 17:13 - 003843584 _____ C:\Users\cabec\Downloads\axonom ortogonais11def.pps
2020-06-17 01:38 - 2020-06-17 01:38 - 000000000 ____D C:\Users\cabec\AppData\Roaming\WinRAR
2020-06-17 01:36 - 2020-06-17 01:36 - 005033806 _____ C:\Users\cabec\Downloads\OptiFine_1.15.2_HD_U_G1_pre26_MOD.jar
2020-06-17 01:34 - 2020-06-17 01:38 - 000000000 ____D C:\Users\cabec\Downloads\SEUS-Renewed-v1.0.1
2020-06-17 01:34 - 2020-06-17 01:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-06-17 01:34 - 2020-06-17 01:34 - 003218976 _____ (Alexander Roshal) C:\Users\cabec\Downloads\winrar-x64-590.exe
2020-06-17 01:34 - 2020-06-17 01:34 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-06-17 01:34 - 2020-06-17 01:34 - 000000000 ____D C:\Program Files\WinRAR
2020-06-17 01:32 - 2020-06-17 01:32 - 000114344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Sun
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\Users\cabec\AppData\LocalLow\Sun
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\ProgramData\Oracle
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\Program Files (x86)\Java
2020-06-17 01:30 - 2020-06-17 01:30 - 002066568 _____ (Oracle Corporation) C:\Users\cabec\Downloads\JavaSetup8u251.exe
2020-06-17 01:29 - 2020-06-17 01:30 - 005551647 _____ C:\Users\cabec\Downloads\preview_OptiFine_1.15.2_HD_U_G1_pre26.jar
2020-06-17 01:28 - 2020-06-17 01:28 - 007062638 _____ C:\Users\cabec\Downloads\SEUS-Renewed-v1.0.1.zip
2020-06-17 01:12 - 2020-06-17 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-06-17 00:26 - 2020-07-11 11:48 - 000000000 ____D C:\Users\cabec\Desktop\Jogos
2020-06-11 20:38 - 2020-06-11 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2020-06-11 20:38 - 2020-06-11 20:38 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2020-06-06 13:51 - 2020-06-06 19:56 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-06-05 11:33 - 2020-07-13 14:08 - 000000000 ____D C:\Users\cabec\AppData\Local\Adobe
2020-06-05 11:33 - 2020-07-13 14:07 - 000000000 ____D C:\ProgramData\Adobe
2020-05-28 17:56 - 2020-07-19 13:21 - 000000000 ____D C:\Users\cabec\AppData\Local\Spotify
2020-05-28 17:56 - 2020-07-19 13:11 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Spotify
2020-05-28 17:56 - 2020-05-28 17:56 - 000001843 _____ C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2020-05-13 19:20 - 2020-05-13 19:20 - 000000000 ___HD C:\OneDriveTemp
2020-05-11 19:27 - 2020-05-11 19:27 - 000000000 ____D C:\ProgramData\SystemAcCrux
2020-05-11 19:27 - 2020-05-11 19:27 - 000000000 ____D C:\Program Files\EaseUS
2020-05-11 18:03 - 2020-05-12 11:31 - 000000000 ____D C:\Program Files\Recuva
2020-05-11 11:48 - 2020-05-11 11:48 - 000000000 ____D C:\Users\cabec\Documents\Zoom
2020-05-11 11:47 - 2020-05-11 11:47 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Zoom
2020-05-11 11:47 - 2020-05-11 11:47 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-04-30 23:31 - 2020-04-30 23:32 - 000000000 ____D C:\Users\cabec\Documents\Rockstar Games
2020-04-30 22:56 - 2020-05-10 19:55 - 000000000 ____D C:\Users\cabec\Documents\The Witcher 3
2020-04-28 19:36 - 2020-04-28 19:36 - 000000000 ____D C:\Users\cabec\Documents\Youtube
2020-04-28 16:56 - 2020-04-28 16:56 - 000001363 _____ C:\Users\cabec\Documents\Adobe Creative Cloud.lnk
2020-04-23 19:51 - 2020-01-14 23:35 - 000000378 _____ C:\Users\cabec\Desktop\Cartão .lnk
2020-04-23 15:32 - 2020-06-23 15:19 - 000000000 ____D C:\Users\cabec\AppData\Local\EpicGamesLauncher
2020-04-21 16:14 - 2020-06-25 01:36 - 000000000 ____D C:\Users\cabec\Desktop\Escola

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-19 13:20 - 2020-03-11 21:06 - 000000000 ____D C:\Users\cabec\AppData\LocalLow\Mozilla
2020-07-19 13:19 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-19 13:17 - 2018-12-07 00:39 - 000840852 _____ C:\Windows\system32\PerfStringBackup.INI
2020-07-19 13:17 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2020-07-19 13:13 - 2019-05-15 12:00 - 000000000 ____D C:\ProgramData\NVIDIA
2020-07-19 13:11 - 2019-11-27 01:17 - 000018828 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
2020-07-19 13:11 - 2019-11-27 01:17 - 000017429 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
2020-07-19 13:11 - 2019-11-26 22:30 - 000000000 ___RD C:\Users\cabec\OneDrive
2020-07-19 13:11 - 2018-12-07 00:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-07-19 13:11 - 2018-09-15 07:09 - 000786432 _____ C:\Windows\system32\config\BBI
2020-07-19 13:10 - 2019-11-27 14:52 - 000012154 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1
2020-07-19 12:55 - 2019-11-27 01:17 - 000001206 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1
2020-07-19 12:44 - 2018-12-07 00:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-07-18 15:04 - 2020-03-13 17:46 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2020-07-18 15:04 - 2020-03-13 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2020-07-18 15:03 - 2019-05-15 11:58 - 000000000 ____D C:\ProgramData\Package Cache
2020-07-18 14:57 - 2018-09-15 08:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-07-18 14:46 - 2019-12-02 21:37 - 000000000 ____D C:\Users\cabec\AppData\Roaming\audacity
2020-07-18 14:29 - 2019-11-27 01:05 - 000000000 ____D C:\Users\cabec\AppData\Roaming\.minecraft
2020-07-17 23:35 - 2019-11-26 22:27 - 000000000 ____D C:\Users\cabec
2020-07-17 21:48 - 2019-11-26 23:15 - 000000000 ____D C:\Users\cabec\AppData\Local\D3DSCache
2020-07-17 20:41 - 2019-11-28 19:05 - 000000000 ____D C:\Users\cabec\AppData\Local\CrashDumps
2020-07-17 20:23 - 2019-12-22 19:53 - 000000000 ___HD C:\temp
2020-07-17 20:23 - 2019-12-02 18:32 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-07-17 20:23 - 2019-12-02 18:30 - 000000000 ____D C:\Program Files\Adobe
2020-07-17 20:23 - 2019-12-02 18:29 - 000000000 ____D C:\Program Files (x86)\Adobe
2020-07-17 20:22 - 2019-11-26 22:28 - 000000000 ____D C:\Users\cabec\AppData\Local\Packages
2020-07-17 20:22 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-17 20:22 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2020-07-17 19:52 - 2020-01-30 19:47 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Adobe
2020-07-17 19:05 - 2019-11-26 22:37 - 000000000 ____D C:\Program Files (x86)\Google
2020-07-17 18:06 - 2018-12-07 00:33 - 000257904 _____ C:\Windows\system32\FNTCACHE.DAT
2020-07-17 14:23 - 2018-09-15 07:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-07-16 15:47 - 2019-11-26 22:30 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3266803249-1906538077-2635784554-1001
2020-07-16 15:47 - 2019-11-26 22:27 - 000002374 _____ C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-07-14 18:58 - 2019-11-27 23:23 - 000000000 ____D C:\Program Files\Rockstar Games
2020-07-14 18:58 - 2019-11-27 23:23 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-07-14 16:14 - 2019-12-22 17:11 - 000000000 ___RD C:\Users\cabec\Creative Cloud Files
2020-07-14 08:04 - 2020-04-19 19:38 - 000000000 ____D C:\AdwCleaner
2020-07-13 15:08 - 2019-12-02 18:31 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-07-13 15:08 - 2019-12-02 18:31 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-07-13 14:52 - 2019-11-27 01:27 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Discord
2020-07-13 14:03 - 2019-12-01 17:35 - 000000000 ____D C:\Users\cabec\AppData\Roaming\WhatsApp
2020-07-08 16:48 - 2020-04-07 07:27 - 000000000 ____D C:\Users\cabec\AppData\Local\WhatsApp
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:01 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-07-01 01:14 - 2019-11-27 01:17 - 000012150 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1
2020-06-28 21:49 - 2020-03-15 18:02 - 000000000 ____D C:\Program Files (x86)\Battle.net
2020-06-28 18:14 - 2019-12-02 21:42 - 000000000 ____D C:\Users\cabec\AppData\Roaming\obs-studio
2020-06-27 01:39 - 2020-03-15 14:57 - 000000000 ____D C:\Users\cabec\AppData\Local\FiveM
2020-06-26 01:52 - 2020-03-15 15:02 - 000000000 ____D C:\Users\cabec\AppData\Local\DigitalEntitlements
2020-06-25 02:32 - 2019-11-26 22:30 - 000000000 ____D C:\Users\cabec\AppData\Local\NVIDIA Corporation
2020-06-25 01:36 - 2020-03-26 19:02 - 000000000 ____D C:\Users\cabec\Desktop\Photoshop
2020-06-25 00:20 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\LiveKernelReports
2020-06-23 21:38 - 2019-11-27 23:24 - 000000000 ____D C:\Users\cabec\AppData\Local\Rockstar Games
2020-06-23 21:18 - 2019-11-27 23:23 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2020-06-23 15:44 - 2019-11-26 23:13 - 000000000 ____D C:\Users\cabec\AppData\Local\UnrealEngine
2020-06-23 15:29 - 2019-11-26 23:15 - 000000000 ____D C:\Program Files\Epic Games
2020-06-23 15:20 - 2019-05-15 12:01 - 002754024 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2020-06-23 15:20 - 2019-05-15 12:01 - 002122216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2020-06-23 15:20 - 2019-05-15 12:01 - 001295848 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2020-06-21 17:01 - 2020-01-01 21:13 - 000000000 ____D C:\Users\cabec\Desktop\fotos

==================== Files in the root of some directories ========

2020-03-31 17:48 - 2020-06-04 15:52 - 000000132 _____ () C:\Users\cabec\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2019-12-02 18:29 - 2020-06-17 11:53 - 000001435 _____ () C:\Users\cabec\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
Ran by cabec (19-07-2020 13:23:13)
Running from D:\antihack
Windows 10 Home Version 1809 17763.914 (X64) (2019-11-26 21:06:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3266803249-1906538077-2635784554-500 - Administrator - Disabled)
cabec (S-1-5-21-3266803249-1906538077-2635784554-1001 - Administrator - Enabled) => C:\Users\cabec
DefaultAccount (S-1-5-21-3266803249-1906538077-2635784554-503 - Limited - Disabled)
Guest (S-1-5-21-3266803249-1906538077-2635784554-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3266803249-1906538077-2635784554-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CPUID ASUS CPU-Z 1.86 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)
Discord (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Discord) (Version: 0.0.306 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{0EE6DDEF-E36B-45EB-9E03-5A266EC8A8F8}) (Version: 1.1.279.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FiveM (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\CitizenFX_FiveM) (Version: - The CitizenFX Collective)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Chipset Device Software (HKLM-x32\...\{eb0d4a41-3065-42b0-a868-c60d42d3ea98}) (Version: 10.1.17695.8086 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1829.12.0.1154 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.369.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{aa81bdf2-96a6-4400-a596-c7d1916ce9f7}) (Version: 1.50.369.0 - Intel Corporation) Hidden
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 78.0.2 (x64 pt-PT) (HKLM\...\Mozilla Firefox 78.0.2 (x64 pt-PT)) (Version: 78.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.2 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Graphics Driver 442.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.38.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.38.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 24.0.3 - OBS Project)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.25.260 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.6.1 - Rockstar Games)
Spotify (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Spotify) (Version: 1.1.37.690.g8f3b16fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.24.2 (HKLM\...\TAP-Windows) (Version: 9.24.2 - OpenVPN Technologies, Inc.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
WhatsApp (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\WhatsApp) (Version: 2.2027.10 - WhatsApp)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
ASUS Product Registration Program (APRP) -> C:\Program Files\WindowsApps\B9ECED6F.ASUSProductRegistrationProgramAPRP_2.1.7.0_x86__qmba6cd70vzyy [2019-05-15] (ASUSTeK COMPUTER INC.) [Startup Task]
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.4.4.0_x86__kgqvnymyfvs32 [2019-12-10] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.27.6.0_x86__kgqvnymyfvs32 [2019-12-12] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1660.4.0_x86__kgqvnymyfvs32 [2019-12-13] (king.com)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-11-26] (LinkedIn)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-11-26] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2019-11-26] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\cabec\AppData\Local\Temp:$DATA​ [16]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cabec\Desktop\fotos\425000.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B4EB1566-E2AE-4438-9BC2-0A308CB11AF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C3A391E5-7C5B-4258-9426-EA8C43613E9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{AC5E0D92-DB13-4376-9EEF-5DE28D7DD632}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{BB38DA3A-C591-41B8-9CC9-49A86CEE0886}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{6FA27901-58B4-4E40-AE8A-2BA5CAC223FA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20332.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{48334160-DE2B-4B88-88AB-3249E06F4E4D}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{4D4A3834-B4E1-4A7C-91A0-383FEA139E31}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{916E4580-6205-446F-9960-84887A81011A}C:\users\cabec\appdata\local\fivem\fivem.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [UDP Query User{95C77CB8-221F-4F37-8379-14EBAE17D948}C:\users\cabec\appdata\local\fivem\fivem.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [TCP Query User{14D99437-3139-460D-A634-AC2A55EF54C0}C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [File not signed]
FirewallRules: [UDP Query User{D12AB444-51FF-48BC-9FE5-8FCCB115FB6E}C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [File not signed]
FirewallRules: [{89D90CFD-45D9-406C-94C8-8A3ADEF122F9}] => (Allow) C:\Users\cabec\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{FAB40BAE-028D-489A-8B2C-D6590F2CAEB6}C:\users\cabec\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cabec\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{9820688A-9299-4459-9F9E-36C28974E0AE}C:\users\cabec\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cabec\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3439D8EB-6502-4613-ADD2-431CEC0460CD}] => (Allow) C:\Users\cabec\Pictures\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{EF73778D-5753-4482-B650-D53A14B3ABF5}] => (Allow) C:\Users\cabec\Pictures\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6D35C2A8-87DD-4AC6-8F69-14CF0B2CAC24}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D4CBF99F-F0E8-4585-A813-3492720ED181}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0FF9790B-D8A8-43C5-9AF2-E30DC4467436}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{33AA7470-9092-44D2-8818-6E85988D0124}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{64F23525-3A54-4E61-AC1C-4326A8E18AB3}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{41A45A20-6F0E-418E-AAA1-C6669BA35AB9}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{999F86F6-527B-4C61-9801-0BD6CBD9D937}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{2B776A8B-F6C8-4700-B36E-593BB60A20A5}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{D8FC0FE3-8EBD-4EC7-B311-E1D75C49D126}C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{FA131442-74CB-457B-989A-8C5188B009B3}C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{C7F77A1E-1CF4-48E8-A7B2-C00D963C76E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No File
FirewallRules: [TCP Query User{C6FADD75-C65D-457C-B72C-DA534512A88D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{FB8467D7-5D74-4DF2-A9EA-6D338788158F}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{C0A61DBC-2E0B-45E7-B8FE-CA489B065BE0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{25C0C7D0-8F13-4DCC-A995-A4DA608992AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DEB01ED7-2EF4-4F0C-A5AD-72976FF64542}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3F0A00FF-02E4-4F96-9C72-C73ACDC9C529}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CCDA7A30-E535-4EC7-A420-EDA70AE37F2C}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F0F90CB4-C3BD-4024-974F-B46938DE3A46}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{CACEE9EB-3C5F-44E3-AD51-245CF3FE13F4}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{2B46F0F2-3E6B-4F24-98DA-B5EA32F4502D}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{4EA3E7AE-0C47-4D12-A62A-CDF1FB341FA5}] => (Allow) C:\Users\cabec\AppData\Local\Programs\Opera\69.0.3686.77\opera.exe => No File
FirewallRules: [{DE8036BA-D9FA-4FED-83CC-E4566BA08B96}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{778B148C-6D5B-4D77-AEAF-5E906B268D2B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D6E89E61-C224-47E2-AA13-86D396F0F749}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{82A030CA-FD97-4AA7-B1F3-8FD28E9993FD}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{5CFC7882-599F-4564-B55F-A4680C9A2750}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File

==================== Restore Points =========================

01-07-2020 18:34:24 Scheduled Checkpoint
09-07-2020 12:14:52 Scheduled Checkpoint
18-07-2020 14:59:12 Removed Avira Software Updater

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/19/2020 01:11:28 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/19/2020 01:09:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (07/19/2020 01:09:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/19/2020 01:09:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ebb24e6a-1069-4ca9-8dde-d36d8c355aa4}

Error: (07/19/2020 12:55:53 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/19/2020 12:26:11 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/18/2020 02:59:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/18/2020 02:46:03 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (07/19/2020 01:23:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (07/19/2020 01:23:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (07/19/2020 01:21:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (07/19/2020 01:21:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (07/19/2020 01:19:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (07/19/2020 01:19:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (07/19/2020 01:17:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (07/19/2020 01:17:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2019-12-12 13:59:59.764
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {487BAD9A-C330-4233-BE7B-AE97962EBE50}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-05 09:33:29.113
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {698660BF-F832-4C05-83F8-1D45D12588CB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-04 21:22:33.404
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4A2C9B23-8239-4F5E-A6A4-00DC55AB3123}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-04 20:13:19.227
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {807AA218-8425-4517-B0C0-105137EF48AF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-11-28 17:40:25.666
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9330D0A3-A7E2-4D90-B67C-CDC616EDA42F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-13 16:39:02.212
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2020-07-18 14:54:12.409
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:50:19.458
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:50:19.456
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:23:56.841
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:23:56.838
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:22:58.419
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:22:58.416
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 12:21:52.441
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 0404 04/12/2019
Motherboard: ASUSTeK COMPUTER INC. WS C246 GS
Processor: Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 8%
Total physical RAM: 32633.93 MB
Available physical RAM: 29781.8 MB
Total Virtual: 34681.93 MB
Available Virtual: 30378.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:476.33 GB) (Free:144.34 GB) NTFS
Drive d: (data) (Fixed) (Total:1862.89 GB) (Free:1820.86 GB) NTFS

\\?\Volume{7fb0217e-e2a9-4e88-8f9a-c50f72859aa3}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{783377f8-cd83-45ef-bd0f-bc43b2b24249}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 7FE96090)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 2BBCADC2)

Partition: GPT.

==================== End of Addition.txt =======================

I dont see any changes in my computer behavior
jhon244
Active Member
 
Posts: 7
Joined: July 17th, 2020, 11:12 am

Re: I have a virus pls help me

Unread postby pgmigg » July 19th, 2020, 12:56 pm

Hello jhon244,

jhon244 wrote:I would also like to ask the question if you think that paying for the malwarebytes premium is really worth it Im 17 and dont have that much spending money
but if it will protect my computer really well I think I may invest in it,
In the modern world of computers running under Windows and connected to the Internet, each computer must have anti-virus protection, which should do at least 4 things in real-time and do it very well:
  • Web Protection
  • Malware Protection
  • Ransomware Protection
  • Exploit Protection
In addition, the protection should be imperceptible, not intrusive, consume computer resources to a minimum, and flexible, that is, allow the user to configure it for exceptions when the user is sure that a particular web-site can be trusted.
To all of the above MBAM corresponds to and my personal computers are protected precisely by MBAM - this protection works very well!
I was repeatedly saved by it from serious problems and highly recommend this product.

There is one more thing that you should pay attention to and seriously think about - you have a very outdated version of Windows. Microsoft twice a year releases a new version of Windows 10, which are called builds and have names by the number of the year and the number of the month when the next build was released. You have version 1809, which means September 2018. I do not agitate that the latest version should always be there (now it’s 2004) due to the fact that they are may be problematic and it takes some time for Microsoft to correct its mistakes, but the previous version compared to the current one should be. For example, I now have Windows 10 build 1909.
When your computer is clean and I will say that everything is fine, we will return to this issue, but for now just think ...

And finally, please be more careful when you follow my instructions. If I ask you to start something from your Desktop, it means that it matters to me. Your initial FRST scan was launched from C:\Users\cabec\Downloads and the fresh one even from another disk D:\antihack - it is not so good and I need to ask you to repeat it from the right location.

So...

Step 1.
Scan with AdwCleaner.
  1. Please download AdwCleaner and save it to your Desktop.
  2. Double click AdwCleaner.exe to run it. If it will ask for update please decline it.
  3. Click Yes on UAC question and I Agree on Welcome window.
  4. Click Scan now button and wait for a while until the scan finish... then click on Cancel button.
  5. On the vertical left side menu select Log Files, click on it, and you will see the list of log files.
  6. Find most recent one AdwCleaner[Sxx].txt with a type of Scan and double click on it - the Notepad with a log file will be opened.
  7. Close the AdwCleaner.
  8. Please post the contents of AdwCleaner[Sxx].txt log file from Notepad with your next reply.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Step 2.
Fresh FRST64 Scan
You should still have FRST64.exe on your Desktop, if it is not here, copy it here!
  1. Please close all open programs and windows.
  2. Right-click FRST64.exe and select "Run as administrator..." to run it.
  3. When the tool opens click Yes to the disclaimer if it is occurred.
  4. Please be sure that 90 Days Files check box under Optional Scan section is checked.
  5. Please be sure that Addition.txt check box under Optional Scan section is checked.
  6. Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
  7. Please post the content of the both FRST.txt and Addition.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Content of the C:\AdwCleaner[Sxx].txt
  3. Contents of the FRST.txt log file after fresh FRST scan
  4. Contents of the Addition.txt log file after fresh FRST scan
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I have a virus pls help me

Unread postby jhon244 » July 19th, 2020, 2:00 pm

Did not have any problem following the instructions

adw cleaner:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-19-2020
# Duration: 00:00:11
# OS: Windows 10 Home
# Scanned: 31802
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Conduit Trovi search
PUP.Optional.Conduit http://search.conduit.com/?ctid=CT33194 ... D631&SSPV=

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2020
Ran by cabec (administrator) on DESKTOP-MQCUIRU (ASUSTeK COMPUTER INC. GS GS30) (19-07-2020 18:57:38)
Running from C:\Users\cabec\Desktop
Loaded Profiles: cabec
Platform: Windows 10 Home Version 1809 17763.914 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Kristjan Skutta -> ) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\cabec\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Rockstar Games, Inc. -> Rockstar Games) C:\Program Files\Rockstar Games\Launcher\Launcher.exe
(Rockstar Games, Inc. -> Rockstar Games) C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
(Rockstar Games, Inc. -> Rockstar Games) C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\GTA5.exe
(Rockstar Games, Inc. -> Rockstar Games) C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe
(Rockstar Games, Inc. -> Take-Two Interactive Software, Inc.) C:\Program Files\Rockstar Games\Social Club\SocialClubHelper.exe <3>
(Spotify AB -> Spotify Ltd) C:\Users\cabec\AppData\Roaming\Spotify\Spotify.exe <5>
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(Valve -> Valve Corporation) C:\Users\cabec\Pictures\steam\GameOverlayUI.exe
(Valve -> Valve Corporation) C:\Users\cabec\Pictures\steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [749512 2018-08-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Discord] => C:\Users\cabec\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Spotify] => C:\Users\cabec\AppData\Roaming\Spotify\Spotify.exe [23330024 2020-07-10] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Steam] => C:\Users\cabec\Pictures\steam\steam.exe [3377440 2020-07-10] (Valve -> Valve Corporation)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [WallpaperEngine] => C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\wallpaper32.exe [2887160 2020-07-12] (Kristjan Skutta -> )
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32339344 2020-06-23] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [] => [X]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10B369E2-9561-4834-B2E2-AE1548B7A964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {11FAC390-8444-4F1B-A572-E1236FF01B95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1B4C39BA-DACF-4FFC-91E5-C3BA371E7524} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {28698CB2-D487-4E03-A60A-081637108C44} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124112 2020-07-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {317B3AC1-9E00-42C6-BDE6-B0A149E4EACB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {373C59AB-BC3C-443F-BF78-B830426D5E17} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BF4D48B-BBD5-4A14-BAF3-9F5CDAC7CEDF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {70789B62-1E4A-4B6B-9FBD-281F7C6CA368} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {943785C0-5024-4113-84CD-09D2097BC973} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {94906888-35B9-49D8-B41D-E3A3D0572989} - System32\Tasks\AAAAAAA => C:\Users\cabec\AppData\Local\Programs\Opera\launcher.exe
Task: {96771905-0661-406E-A19F-DD6CB5619695} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6B5345C-4BC6-44B2-88CD-85AB59171087} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B938375F-A09F-4113-ADEE-E0E686B28D78} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE1B5949-93C3-43C3-AC04-6AF343518ACF} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ECB1EDFD-9E29-41E3-ADEB-77C26B74993D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FD663655-8394-4219-BE57-88748A0C6780} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{13636716-f8ba-4148-be78-b443fc47f947}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{19a10513-7b53-490a-8a61-1cfe829c00f8}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{b82b7d28-f146-43ef-a62d-c6ae0af56bd4}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

FireFox:
========
FF DefaultProfile: 4md9z3c1.default
FF ProfilePath: C:\Users\cabec\AppData\Roaming\Mozilla\Firefox\Profiles\4md9z3c1.default [2020-07-19]
FF ProfilePath: C:\Users\cabec\AppData\Roaming\Mozilla\Firefox\Profiles\5ctdp677.default-release [2020-07-19]
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-06-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-06-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin HKU\S-1-5-21-3266803249-1906538077-2635784554-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\cabec\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-11] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default [2020-07-19]
CHR Notifications: Default -> hxxps:\/\/meet.google.com; hxxps:\/\/www.pcdiga.com
CHR HomePage: Default -> hxxps:\/\/www.google.com\/
CHR StartupUrls: Default -> "hxxps:\/\/www.google.com\/","hxxps:\/\/www.google.com\/","hxxps:\/\/www.google.com\/","hxxps:\/\/www.google.com\/"
CHR Extension: (Google Drive) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-11-26]
CHR Extension: (YouTube) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-11-26]
CHR Extension: (Avira Password Manager) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2020-07-17]
CHR Extension: (Avira Safe Shopping) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2020-07-17]
CHR Extension: (pro grey) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhpebdanojkmhbbneclbkmpleemilaj [2020-05-11]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-26]
CHR Extension: (Gmail) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-27]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8615864 2020-06-23] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-26] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-19] (Malwarebytes Inc -> Malwarebytes)
R3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1711232 2020-06-25] (Rockstar Games, Inc. -> Rockstar Games)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2019-12-02] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 AGMService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe" [X]
S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-06-01] (ASUSTeK Computer Inc. -> )
R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
S3 dpclat_driver; C:\Windows\system32\drivers\dpclat_driver.sys [21232 2019-12-02] (Thesycon Systemsoftware Consulting GmbH -> Thesycon GmbH)
R3 e1rexpress; C:\Windows\System32\drivers\e1r65x64.sys [548800 2018-05-03] (Intel(R) INTELNPG1 -> Intel Corporation)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-06-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-06-06] (Malwarebytes Inc -> Malwarebytes)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [90168 2020-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45664 2019-12-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [355760 2019-12-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-03] (Microsoft Windows -> Microsoft Corporation)
S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-19 18:57 - 2020-07-19 18:57 - 002293760 _____ (Farbar) C:\Users\cabec\Desktop\FRST64.exe
2020-07-19 18:57 - 2020-07-19 18:57 - 000000000 ____D C:\Users\cabec\Desktop\FRST-OlderVersion
2020-07-19 18:51 - 2020-07-19 18:51 - 008420016 _____ (Malwarebytes) C:\Users\cabec\Desktop\AdwCleaner.exe
2020-07-19 13:00 - 2020-07-19 13:01 - 000000844 _____ C:\Users\cabec\Desktop\fixlist.txt..txt
2020-07-19 12:51 - 2020-07-19 12:51 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-MQCUIRU-Windows-10-Home-(64-bit).dat
2020-07-19 12:51 - 2020-07-19 12:51 - 000000000 ____D C:\RegBackup
2020-07-19 12:50 - 2020-07-19 12:50 - 000017985 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2020-07-19 12:50 - 2020-07-19 12:50 - 000002319 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2020-07-19 12:50 - 2020-07-19 12:50 - 000002319 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2020-07-19 12:50 - 2020-07-19 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2020-07-19 12:50 - 2020-07-19 12:50 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2020-07-19 12:49 - 2020-07-19 12:49 - 005766144 _____ (Tweaking.com) C:\Users\cabec\Desktop\tweaking.com_registry_backup_setup.exe
2020-07-18 15:05 - 2020-07-18 15:09 - 000000033 _____ C:\Users\cabec\Desktop\codecheck.txt
2020-07-18 15:05 - 2020-07-18 15:05 - 000025088 _____ C:\Users\cabec\Desktop\codecheck.exe
2020-07-18 15:03 - 2020-07-18 15:03 - 000071924 _____ C:\ProgramData\agent.uninstall.1595081011.bdinstall.v2.bin
2020-07-18 14:58 - 2020-07-18 14:58 - 000000000 ____D C:\Windows\system32\Tasks\Avira
2020-07-18 14:39 - 2020-07-18 14:40 - 000004651 _____ C:\Users\cabec\Desktop\ckfiles.txt
2020-07-18 14:38 - 2020-07-18 14:38 - 000468480 _____ () C:\Users\cabec\Desktop\CKScanner.exe
2020-07-18 14:38 - 2020-07-18 14:38 - 000468480 _____ () C:\Users\cabec\Desktop\CKScanner(1).exe
2020-07-17 20:19 - 2020-07-17 20:19 - 000001972 _____ C:\Users\cabec\Desktop\Process Hacker 2.lnk
2020-07-17 20:19 - 2020-07-17 20:19 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Process Hacker 2
2020-07-17 20:19 - 2020-07-17 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2020-07-17 20:19 - 2020-07-17 20:19 - 000000000 ____D C:\Program Files\Process Hacker 2
2020-07-17 20:17 - 2020-07-17 20:17 - 002267848 _____ (wj32 ) C:\Users\cabec\Downloads\processhacker-2.39-setup.exe
2020-07-17 20:09 - 2020-07-17 20:09 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-07-17 20:09 - 2020-07-17 20:09 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-07-17 20:09 - 2020-07-17 20:09 - 000001000 _____ C:\ProgramData\Desktop\Firefox.lnk
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Mozilla
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Users\cabec\AppData\Local\Mozilla
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\ProgramData\Mozilla
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-17 19:27 - 2020-07-17 19:27 - 000003632 _____ C:\Windows\system32\Tasks\AAAAAAA
2020-07-17 18:14 - 2020-07-17 18:15 - 007530244 _____ C:\Users\cabec\Desktop\AYYYYY.arn
2020-07-17 18:02 - 2020-07-17 18:02 - 002674525 _____ C:\Users\cabec\Downloads\Autoruns.zip
2020-07-17 17:57 - 2020-07-18 15:04 - 000000000 ____D C:\Users\cabec\AppData\Local\Opera Software
2020-07-17 17:56 - 2020-07-17 17:56 - 000000000 ____D C:\Users\Public\Security Sessions
2020-07-17 17:55 - 2020-07-19 12:26 - 000000000 ____D C:\Program Files (x86)\Avira
2020-07-17 17:55 - 2020-07-18 15:04 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Opera Software
2020-07-17 17:55 - 2020-07-18 15:03 - 000000000 ____D C:\ProgramData\Avira
2020-07-17 17:55 - 2020-07-17 17:56 - 000000000 ____D C:\Users\cabec\AppData\Local\Avira
2020-07-17 17:55 - 2020-07-17 17:55 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2020-07-17 17:54 - 2020-07-17 17:54 - 004344656 _____ (Avira Operations GmbH & Co. KG) C:\Users\cabec\Downloads\avira_en_sptl1_20749766-1595004868__featurews-spotlight-release.exe
2020-07-17 15:10 - 2020-07-19 18:58 - 000017986 _____ C:\Users\cabec\Desktop\FRST.txt
2020-07-17 15:10 - 2020-07-17 15:03 - 000048170 _____ C:\Users\cabec\Desktop\Addition.txt
2020-07-17 15:02 - 2020-07-19 18:57 - 000000000 ____D C:\FRST
2020-07-17 15:02 - 2020-07-17 15:03 - 000048170 _____ C:\Users\cabec\Downloads\Addition.txt
2020-07-17 15:02 - 2020-07-17 15:03 - 000040799 _____ C:\Users\cabec\Downloads\FRST.txt
2020-07-17 15:01 - 2020-07-17 15:01 - 002292736 _____ (Farbar) C:\Users\cabec\Downloads\FRST64.exe
2020-07-17 14:42 - 2020-07-17 14:42 - 000000250 _____ C:\Users\cabec\Desktop\VIRUS FREE.reg
2020-07-17 14:35 - 2020-07-17 14:35 - 020327732 _____ C:\Users\cabec\Desktop\registry backup.reg
2020-07-17 14:24 - 2020-07-17 14:24 - 000000000 ____D C:\Windows\pss
2020-07-14 17:50 - 2020-07-15 17:15 - 000000000 ____D C:\Windows\Minidump
2020-07-14 17:18 - 2020-07-19 12:54 - 000089447 _____ C:\Windows\ZAM.krnl.trace
2020-07-14 17:18 - 2020-07-19 12:54 - 000000000 ____D C:\Users\cabec\AppData\Local\AMSDK
2020-07-14 17:18 - 2020-07-14 17:18 - 000000000 ____D C:\Users\cabec\AppData\Local\Zemana
2020-07-14 17:17 - 2020-07-14 17:17 - 012741568 _____ (Zemana Ltd. ) C:\Users\cabec\Downloads\AntiMalware_Setup.exe
2020-07-14 16:57 - 2020-07-14 16:57 - 000000797 _____ C:\Users\cabec\Documents\hosts.txt
2020-07-14 15:52 - 2020-07-16 19:11 - 000000150 _____ C:\Windows\Reimage.ini
2020-07-14 15:51 - 2020-07-14 17:44 - 000611598 _____ C:\Windows\ntbtlog.txt
2020-07-14 08:26 - 2020-07-14 08:38 - 000000881 _____ C:\Users\cabec\Desktop\exame 2013.txt
2020-07-14 07:56 - 2020-07-14 07:56 - 000001203 _____ C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2020-07-14 07:56 - 2020-07-14 07:56 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2020-07-14 07:55 - 2020-07-14 07:55 - 000115192 _____ C:\ProgramData\agent.1594709704.bdinstall.v2.bin
2020-07-14 07:55 - 2020-07-14 07:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-07-14 07:55 - 2020-07-14 07:55 - 000000000 ____D C:\ProgramData\Bitdefender
2020-07-14 07:54 - 2020-07-14 07:54 - 012444368 _____ C:\Users\cabec\Downloads\bitdefender_online.exe
2020-07-14 07:37 - 2020-07-14 07:38 - 000000000 ____D C:\Users\cabec\AppData\Local\glasswire
2020-07-14 07:37 - 2020-07-14 07:37 - 048212664 _____ (SecureMix LLC) C:\Users\cabec\Downloads\GlassWireSetup.exe
2020-07-14 07:37 - 2020-07-14 07:37 - 000000000 ____D C:\ProgramData\GlassWire
2020-07-14 07:30 - 2020-07-14 07:30 - 008751634 _____ C:\Users\cabec\Desktop\DESKTOP-MQCUIRU.arn
2020-07-14 07:24 - 2020-07-14 07:24 - 000755576 _____ (Sysinternals - www.sysinternals.com) C:\Users\cabec\Downloads\autoruns.exe
2020-07-14 07:24 - 2020-07-14 07:24 - 000755576 _____ (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\autoruns (1).exe
2020-07-14 07:00 - 2020-07-14 08:24 - 000003975 _____ C:\Users\cabec\Desktop\exame 2015.txt
2020-07-14 05:17 - 2020-07-14 06:59 - 000002184 _____ C:\Users\cabec\Desktop\exame 2016.txt
2020-07-13 15:19 - 2020-07-14 07:19 - 000090168 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
2020-07-13 15:19 - 2020-07-13 15:19 - 001567005 _____ C:\Users\cabec\Downloads\ProcessMonitor.zip
2020-07-13 15:19 - 2020-07-13 15:19 - 000000000 ____D C:\Users\cabec\Downloads\ProcessMonitor
2020-07-13 15:19 - 2019-12-10 22:42 - 002181504 ____N (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\Procmon.exe
2020-07-13 15:19 - 2019-12-10 22:42 - 000063582 ____N C:\Users\cabec\Desktop\procmon.chm
2020-07-13 15:19 - 2019-12-10 22:38 - 001177168 ____N (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\Procmon64.exe
2020-07-13 15:19 - 2018-09-28 01:55 - 000007490 ____N C:\Users\cabec\Desktop\Eula.txt
2020-07-13 14:51 - 2020-07-13 19:15 - 000003527 _____ C:\Users\cabec\Desktop\exame 2017.txt
2020-07-13 12:06 - 2020-07-13 12:06 - 000000027 _____ C:\Users\cabec\Desktop\exame 2014.txt
2020-07-13 11:45 - 2020-07-13 11:45 - 002101330 _____ C:\Users\cabec\Desktop\Resumos HCA.pdf
2020-07-12 16:22 - 2020-07-12 16:22 - 002101330 _____ C:\Users\cabec\Downloads\Resumos HCA.pdf
2020-07-10 13:54 - 2020-07-10 13:54 - 000758323 _____ C:\Users\cabec\Downloads\Archive-69bc.zip
2020-07-10 13:54 - 2020-07-10 13:54 - 000758128 _____ C:\Users\cabec\Downloads\2020-07-10 13.51.58.heic
2020-07-10 13:54 - 2020-07-10 13:54 - 000000000 ____D C:\Users\cabec\Downloads\Archive-69bc
2020-07-09 13:21 - 2020-07-09 13:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2020-07-09 13:14 - 2020-07-09 13:22 - 000000000 ____D C:\Program Files (x86)\Overwatch
2020-07-07 09:47 - 2020-03-04 13:54 - 001804784 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2020-07-07 09:47 - 2020-03-04 13:54 - 000050592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\Users\cabec\AppData\LocalLow\Blizzard Entertainment
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\Users\cabec\AppData\Local\Blizzard
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2020-07-05 20:46 - 2020-07-05 20:48 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2020-06-29 20:44 - 2020-06-29 20:44 - 806409556 _____ C:\Users\cabec\Downloads\VIDEO RENDER.mp4
2020-06-28 21:39 - 2020-07-10 12:14 - 000000000 ____D C:\Users\cabec\AppData\Local\Battle.net
2020-06-28 21:39 - 2020-07-05 20:44 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Battle.net
2020-06-28 21:39 - 2020-06-28 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2020-06-28 21:34 - 2020-06-28 21:34 - 004902896 _____ (Blizzard Entertainment) C:\Users\cabec\Downloads\Battle.net-Setup (1).exe
2020-06-26 01:23 - 2020-06-26 01:24 - 006088416 _____ (Cfx.re) C:\Users\cabec\Downloads\FiveM.exe
2020-06-26 01:23 - 2020-06-26 01:23 - 008556152 _____ (cfx-collective) C:\Users\cabec\Downloads\FiveM (1).exe
2020-06-25 02:06 - 2020-06-25 02:06 - 004902896 _____ (Blizzard Entertainment) C:\Users\cabec\Downloads\Battle.net-Setup.exe
2020-06-23 15:19 - 2020-06-23 15:22 - 000000000 ____D C:\ProgramData\Epic
2020-06-23 15:19 - 2020-06-23 15:19 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2020-06-23 15:19 - 2020-06-23 15:19 - 000000000 ____D C:\Program Files (x86)\Epic Games
2020-06-23 15:16 - 2020-06-23 15:16 - 044257280 _____ C:\Users\cabec\Downloads\EpicInstaller-10.17.0.msi
2020-06-21 03:12 - 2020-06-21 03:12 - 071170399 _____ C:\Users\cabec\Downloads\y2mate.com - David Carreira - A Força Está em Nós (Ft. Snoop Dogg) - Videoclip Oficial_Mc8IgVWpdeo_1080p (1).mp4
2020-06-21 03:11 - 2020-06-21 03:11 - 071170399 _____ C:\Users\cabec\Downloads\y2mate.com - David Carreira - A Força Está em Nós (Ft. Snoop Dogg) - Videoclip Oficial_Mc8IgVWpdeo_1080p.mp4
2020-06-21 02:41 - 2020-06-21 02:41 - 000474573 _____ C:\Users\cabec\Downloads\y2mate.com - É o Conan!!!_MREH0EYn47g_360p.mp4
2020-06-19 20:15 - 2020-06-19 20:15 - 001397166 _____ C:\Users\cabec\Downloads\Shui hua piou piou bei feng shou shou tian de yi pian cheng mao.mp4
2020-06-17 17:28 - 2020-06-17 17:28 - 000227201 _____ C:\Users\cabec\Downloads\Horario Julho.pdf
2020-06-17 17:13 - 2020-06-17 17:13 - 003843584 _____ C:\Users\cabec\Downloads\axonom ortogonais11def.pps
2020-06-17 01:38 - 2020-06-17 01:38 - 000000000 ____D C:\Users\cabec\AppData\Roaming\WinRAR
2020-06-17 01:36 - 2020-06-17 01:36 - 005033806 _____ C:\Users\cabec\Downloads\OptiFine_1.15.2_HD_U_G1_pre26_MOD.jar
2020-06-17 01:34 - 2020-06-17 01:38 - 000000000 ____D C:\Users\cabec\Downloads\SEUS-Renewed-v1.0.1
2020-06-17 01:34 - 2020-06-17 01:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-06-17 01:34 - 2020-06-17 01:34 - 003218976 _____ (Alexander Roshal) C:\Users\cabec\Downloads\winrar-x64-590.exe
2020-06-17 01:34 - 2020-06-17 01:34 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-06-17 01:34 - 2020-06-17 01:34 - 000000000 ____D C:\Program Files\WinRAR
2020-06-17 01:32 - 2020-06-17 01:32 - 000114344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Sun
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\Users\cabec\AppData\LocalLow\Sun
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\ProgramData\Oracle
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\Program Files (x86)\Java
2020-06-17 01:30 - 2020-06-17 01:30 - 002066568 _____ (Oracle Corporation) C:\Users\cabec\Downloads\JavaSetup8u251.exe
2020-06-17 01:29 - 2020-06-17 01:30 - 005551647 _____ C:\Users\cabec\Downloads\preview_OptiFine_1.15.2_HD_U_G1_pre26.jar
2020-06-17 01:28 - 2020-06-17 01:28 - 007062638 _____ C:\Users\cabec\Downloads\SEUS-Renewed-v1.0.1.zip
2020-06-17 01:12 - 2020-06-17 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-06-17 00:26 - 2020-07-11 11:48 - 000000000 ____D C:\Users\cabec\Desktop\Jogos
2020-06-11 20:38 - 2020-06-11 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2020-06-11 20:38 - 2020-06-11 20:38 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2020-06-06 13:51 - 2020-06-06 19:56 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-06-05 11:33 - 2020-07-13 14:08 - 000000000 ____D C:\Users\cabec\AppData\Local\Adobe
2020-06-05 11:33 - 2020-07-13 14:07 - 000000000 ____D C:\ProgramData\Adobe
2020-05-28 17:56 - 2020-07-19 17:58 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Spotify
2020-05-28 17:56 - 2020-07-19 17:58 - 000000000 ____D C:\Users\cabec\AppData\Local\Spotify
2020-05-28 17:56 - 2020-05-28 17:56 - 000001843 _____ C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2020-05-13 19:20 - 2020-05-13 19:20 - 000000000 ___HD C:\OneDriveTemp
2020-05-11 19:27 - 2020-05-11 19:27 - 000000000 ____D C:\ProgramData\SystemAcCrux
2020-05-11 19:27 - 2020-05-11 19:27 - 000000000 ____D C:\Program Files\EaseUS
2020-05-11 18:03 - 2020-05-12 11:31 - 000000000 ____D C:\Program Files\Recuva
2020-05-11 11:48 - 2020-05-11 11:48 - 000000000 ____D C:\Users\cabec\Documents\Zoom
2020-05-11 11:47 - 2020-05-11 11:47 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Zoom
2020-05-11 11:47 - 2020-05-11 11:47 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-04-30 23:31 - 2020-04-30 23:32 - 000000000 ____D C:\Users\cabec\Documents\Rockstar Games
2020-04-30 22:56 - 2020-05-10 19:55 - 000000000 ____D C:\Users\cabec\Documents\The Witcher 3
2020-04-28 19:36 - 2020-04-28 19:36 - 000000000 ____D C:\Users\cabec\Documents\Youtube
2020-04-28 16:56 - 2020-04-28 16:56 - 000001363 _____ C:\Users\cabec\Documents\Adobe Creative Cloud.lnk
2020-04-23 19:51 - 2020-01-14 23:35 - 000000378 _____ C:\Users\cabec\Desktop\Cartão .lnk
2020-04-23 15:32 - 2020-06-23 15:19 - 000000000 ____D C:\Users\cabec\AppData\Local\EpicGamesLauncher
2020-04-21 16:14 - 2020-06-25 01:36 - 000000000 ____D C:\Users\cabec\Desktop\Escola

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-19 18:48 - 2020-03-11 21:06 - 000000000 ____D C:\Users\cabec\AppData\LocalLow\Mozilla
2020-07-19 18:27 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-19 18:04 - 2018-12-07 00:39 - 000840852 _____ C:\Windows\system32\PerfStringBackup.INI
2020-07-19 18:04 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2020-07-19 18:00 - 2019-05-15 12:00 - 000000000 ____D C:\ProgramData\NVIDIA
2020-07-19 17:58 - 2019-11-26 22:30 - 000000000 ___RD C:\Users\cabec\OneDrive
2020-07-19 17:58 - 2018-12-07 00:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-07-19 17:22 - 2019-11-27 14:52 - 000012149 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1
2020-07-19 17:22 - 2019-11-27 01:17 - 000018380 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
2020-07-19 17:22 - 2019-11-27 01:17 - 000017089 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
2020-07-19 17:22 - 2018-09-15 07:09 - 000786432 _____ C:\Windows\system32\config\BBI
2020-07-19 16:37 - 2018-12-07 00:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-07-19 13:11 - 2019-11-27 01:17 - 000001206 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1
2020-07-18 15:04 - 2020-03-13 17:46 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2020-07-18 15:04 - 2020-03-13 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2020-07-18 15:03 - 2019-05-15 11:58 - 000000000 ____D C:\ProgramData\Package Cache
2020-07-18 14:57 - 2018-09-15 08:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-07-18 14:46 - 2019-12-02 21:37 - 000000000 ____D C:\Users\cabec\AppData\Roaming\audacity
2020-07-18 14:29 - 2019-11-27 01:05 - 000000000 ____D C:\Users\cabec\AppData\Roaming\.minecraft
2020-07-17 23:35 - 2019-11-26 22:27 - 000000000 ____D C:\Users\cabec
2020-07-17 21:48 - 2019-11-26 23:15 - 000000000 ____D C:\Users\cabec\AppData\Local\D3DSCache
2020-07-17 20:41 - 2019-11-28 19:05 - 000000000 ____D C:\Users\cabec\AppData\Local\CrashDumps
2020-07-17 20:23 - 2019-12-22 19:53 - 000000000 ___HD C:\temp
2020-07-17 20:23 - 2019-12-02 18:32 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-07-17 20:23 - 2019-12-02 18:30 - 000000000 ____D C:\Program Files\Adobe
2020-07-17 20:23 - 2019-12-02 18:29 - 000000000 ____D C:\Program Files (x86)\Adobe
2020-07-17 20:22 - 2019-11-26 22:28 - 000000000 ____D C:\Users\cabec\AppData\Local\Packages
2020-07-17 20:22 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-17 20:22 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2020-07-17 19:52 - 2020-01-30 19:47 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Adobe
2020-07-17 19:05 - 2019-11-26 22:37 - 000000000 ____D C:\Program Files (x86)\Google
2020-07-17 18:06 - 2018-12-07 00:33 - 000257904 _____ C:\Windows\system32\FNTCACHE.DAT
2020-07-17 14:23 - 2018-09-15 07:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-07-16 15:47 - 2019-11-26 22:30 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3266803249-1906538077-2635784554-1001
2020-07-16 15:47 - 2019-11-26 22:27 - 000002374 _____ C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-07-14 18:58 - 2019-11-27 23:23 - 000000000 ____D C:\Program Files\Rockstar Games
2020-07-14 18:58 - 2019-11-27 23:23 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-07-14 16:14 - 2019-12-22 17:11 - 000000000 ___RD C:\Users\cabec\Creative Cloud Files
2020-07-14 08:04 - 2020-04-19 19:38 - 000000000 ____D C:\AdwCleaner
2020-07-13 15:08 - 2019-12-02 18:31 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-07-13 15:08 - 2019-12-02 18:31 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-07-13 14:52 - 2019-11-27 01:27 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Discord
2020-07-13 14:03 - 2019-12-01 17:35 - 000000000 ____D C:\Users\cabec\AppData\Roaming\WhatsApp
2020-07-08 16:48 - 2020-04-07 07:27 - 000000000 ____D C:\Users\cabec\AppData\Local\WhatsApp
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:01 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-07-01 01:14 - 2019-11-27 01:17 - 000012150 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1
2020-06-28 21:49 - 2020-03-15 18:02 - 000000000 ____D C:\Program Files (x86)\Battle.net
2020-06-28 18:14 - 2019-12-02 21:42 - 000000000 ____D C:\Users\cabec\AppData\Roaming\obs-studio
2020-06-27 01:39 - 2020-03-15 14:57 - 000000000 ____D C:\Users\cabec\AppData\Local\FiveM
2020-06-26 01:52 - 2020-03-15 15:02 - 000000000 ____D C:\Users\cabec\AppData\Local\DigitalEntitlements
2020-06-25 02:32 - 2019-11-26 22:30 - 000000000 ____D C:\Users\cabec\AppData\Local\NVIDIA Corporation
2020-06-25 01:36 - 2020-03-26 19:02 - 000000000 ____D C:\Users\cabec\Desktop\Photoshop
2020-06-25 00:20 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\LiveKernelReports
2020-06-23 21:38 - 2019-11-27 23:24 - 000000000 ____D C:\Users\cabec\AppData\Local\Rockstar Games
2020-06-23 21:18 - 2019-11-27 23:23 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2020-06-23 15:44 - 2019-11-26 23:13 - 000000000 ____D C:\Users\cabec\AppData\Local\UnrealEngine
2020-06-23 15:29 - 2019-11-26 23:15 - 000000000 ____D C:\Program Files\Epic Games
2020-06-23 15:20 - 2019-05-15 12:01 - 002754024 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2020-06-23 15:20 - 2019-05-15 12:01 - 002122216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2020-06-23 15:20 - 2019-05-15 12:01 - 001295848 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2020-06-21 17:01 - 2020-01-01 21:13 - 000000000 ____D C:\Users\cabec\Desktop\fotos

==================== Files in the root of some directories ========

2020-03-31 17:48 - 2020-06-04 15:52 - 000000132 _____ () C:\Users\cabec\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2019-12-02 18:29 - 2020-06-17 11:53 - 000001435 _____ () C:\Users\cabec\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2020
Ran by cabec (19-07-2020 18:58:16)
Running from C:\Users\cabec\Desktop
Windows 10 Home Version 1809 17763.914 (X64) (2019-11-26 21:06:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3266803249-1906538077-2635784554-500 - Administrator - Disabled)
cabec (S-1-5-21-3266803249-1906538077-2635784554-1001 - Administrator - Enabled) => C:\Users\cabec
DefaultAccount (S-1-5-21-3266803249-1906538077-2635784554-503 - Limited - Disabled)
Guest (S-1-5-21-3266803249-1906538077-2635784554-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3266803249-1906538077-2635784554-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CPUID ASUS CPU-Z 1.86 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)
Discord (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Discord) (Version: 0.0.306 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{0EE6DDEF-E36B-45EB-9E03-5A266EC8A8F8}) (Version: 1.1.279.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FiveM (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\CitizenFX_FiveM) (Version: - The CitizenFX Collective)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Chipset Device Software (HKLM-x32\...\{eb0d4a41-3065-42b0-a868-c60d42d3ea98}) (Version: 10.1.17695.8086 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1829.12.0.1154 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.369.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{aa81bdf2-96a6-4400-a596-c7d1916ce9f7}) (Version: 1.50.369.0 - Intel Corporation) Hidden
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 78.0.2 (x64 pt-PT) (HKLM\...\Mozilla Firefox 78.0.2 (x64 pt-PT)) (Version: 78.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.2 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Graphics Driver 442.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.38.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.38.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 24.0.3 - OBS Project)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.25.260 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.6.1 - Rockstar Games)
Spotify (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Spotify) (Version: 1.1.37.690.g8f3b16fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.24.2 (HKLM\...\TAP-Windows) (Version: 9.24.2 - OpenVPN Technologies, Inc.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
WhatsApp (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\WhatsApp) (Version: 2.2027.10 - WhatsApp)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
ASUS Product Registration Program (APRP) -> C:\Program Files\WindowsApps\B9ECED6F.ASUSProductRegistrationProgramAPRP_2.1.7.0_x86__qmba6cd70vzyy [2019-05-15] (ASUSTeK COMPUTER INC.) [Startup Task]
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.4.4.0_x86__kgqvnymyfvs32 [2019-12-10] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.27.6.0_x86__kgqvnymyfvs32 [2019-12-12] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1660.4.0_x86__kgqvnymyfvs32 [2019-12-13] (king.com)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-11-26] (LinkedIn)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-11-26] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2019-11-26] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-06-22 21:06 - 2020-06-22 21:06 - 003954688 _____ () [File not signed] C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\GFSDK_ShadowLib.win64.dll
2020-06-22 21:12 - 2020-06-22 21:12 - 000094720 _____ () [File not signed] C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\GFSDK_TXAA_AlphaResolve.win64.dll
2020-06-22 21:06 - 2020-06-22 21:06 - 000435712 _____ (RAD Game Tools, Inc.) [File not signed] C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\bink2w64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\cabec\AppData\Local\Temp:$DATA​ [16]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cabec\Desktop\fotos\425000.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B4EB1566-E2AE-4438-9BC2-0A308CB11AF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C3A391E5-7C5B-4258-9426-EA8C43613E9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{AC5E0D92-DB13-4376-9EEF-5DE28D7DD632}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{BB38DA3A-C591-41B8-9CC9-49A86CEE0886}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{6FA27901-58B4-4E40-AE8A-2BA5CAC223FA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20332.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{48334160-DE2B-4B88-88AB-3249E06F4E4D}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{4D4A3834-B4E1-4A7C-91A0-383FEA139E31}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{916E4580-6205-446F-9960-84887A81011A}C:\users\cabec\appdata\local\fivem\fivem.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [UDP Query User{95C77CB8-221F-4F37-8379-14EBAE17D948}C:\users\cabec\appdata\local\fivem\fivem.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [TCP Query User{14D99437-3139-460D-A634-AC2A55EF54C0}C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [File not signed]
FirewallRules: [UDP Query User{D12AB444-51FF-48BC-9FE5-8FCCB115FB6E}C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [File not signed]
FirewallRules: [{89D90CFD-45D9-406C-94C8-8A3ADEF122F9}] => (Allow) C:\Users\cabec\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{FAB40BAE-028D-489A-8B2C-D6590F2CAEB6}C:\users\cabec\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cabec\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{9820688A-9299-4459-9F9E-36C28974E0AE}C:\users\cabec\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cabec\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3439D8EB-6502-4613-ADD2-431CEC0460CD}] => (Allow) C:\Users\cabec\Pictures\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{EF73778D-5753-4482-B650-D53A14B3ABF5}] => (Allow) C:\Users\cabec\Pictures\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6D35C2A8-87DD-4AC6-8F69-14CF0B2CAC24}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D4CBF99F-F0E8-4585-A813-3492720ED181}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0FF9790B-D8A8-43C5-9AF2-E30DC4467436}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{33AA7470-9092-44D2-8818-6E85988D0124}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{64F23525-3A54-4E61-AC1C-4326A8E18AB3}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{41A45A20-6F0E-418E-AAA1-C6669BA35AB9}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{999F86F6-527B-4C61-9801-0BD6CBD9D937}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{2B776A8B-F6C8-4700-B36E-593BB60A20A5}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{D8FC0FE3-8EBD-4EC7-B311-E1D75C49D126}C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{FA131442-74CB-457B-989A-8C5188B009B3}C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{C7F77A1E-1CF4-48E8-A7B2-C00D963C76E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No File
FirewallRules: [TCP Query User{C6FADD75-C65D-457C-B72C-DA534512A88D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{FB8467D7-5D74-4DF2-A9EA-6D338788158F}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{C0A61DBC-2E0B-45E7-B8FE-CA489B065BE0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{25C0C7D0-8F13-4DCC-A995-A4DA608992AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DEB01ED7-2EF4-4F0C-A5AD-72976FF64542}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3F0A00FF-02E4-4F96-9C72-C73ACDC9C529}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CCDA7A30-E535-4EC7-A420-EDA70AE37F2C}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F0F90CB4-C3BD-4024-974F-B46938DE3A46}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{CACEE9EB-3C5F-44E3-AD51-245CF3FE13F4}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{2B46F0F2-3E6B-4F24-98DA-B5EA32F4502D}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{4EA3E7AE-0C47-4D12-A62A-CDF1FB341FA5}] => (Allow) C:\Users\cabec\AppData\Local\Programs\Opera\69.0.3686.77\opera.exe => No File
FirewallRules: [{DE8036BA-D9FA-4FED-83CC-E4566BA08B96}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{778B148C-6D5B-4D77-AEAF-5E906B268D2B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D6E89E61-C224-47E2-AA13-86D396F0F749}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{82A030CA-FD97-4AA7-B1F3-8FD28E9993FD}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{5CFC7882-599F-4564-B55F-A4680C9A2750}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File

==================== Restore Points =========================

01-07-2020 18:34:24 Scheduled Checkpoint
09-07-2020 12:14:52 Scheduled Checkpoint
18-07-2020 14:59:12 Removed Avira Software Updater

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/19/2020 05:58:14 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/19/2020 01:11:28 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/19/2020 01:09:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (07/19/2020 01:09:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/19/2020 01:09:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ebb24e6a-1069-4ca9-8dde-d36d8c355aa4}

Error: (07/19/2020 12:55:53 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/19/2020 12:26:11 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/18/2020 02:59:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (07/19/2020 06:51:21 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MQCUIRU)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MQCUIRU\cabec SID (S-1-5-21-3266803249-1906538077-2635784554-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/19/2020 06:51:21 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MQCUIRU)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MQCUIRU\cabec SID (S-1-5-21-3266803249-1906538077-2635784554-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/19/2020 06:44:13 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (07/19/2020 06:42:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (07/19/2020 06:42:13 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MQCUIRU)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (07/19/2020 06:40:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (07/19/2020 06:40:13 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (07/19/2020 06:38:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-12-12 13:59:59.764
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {487BAD9A-C330-4233-BE7B-AE97962EBE50}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-05 09:33:29.113
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {698660BF-F832-4C05-83F8-1D45D12588CB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-04 21:22:33.404
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4A2C9B23-8239-4F5E-A6A4-00DC55AB3123}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-04 20:13:19.227
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {807AA218-8425-4517-B0C0-105137EF48AF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-11-28 17:40:25.666
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9330D0A3-A7E2-4D90-B67C-CDC616EDA42F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-13 16:39:02.212
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2020-07-18 14:54:12.409
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:50:19.458
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:50:19.456
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:23:56.841
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:23:56.838
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:22:58.419
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:22:58.416
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 12:21:52.441
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 0404 04/12/2019
Motherboard: ASUSTeK COMPUTER INC. WS C246 GS
Processor: Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 31%
Total physical RAM: 32633.93 MB
Available physical RAM: 22515.8 MB
Total Virtual: 34681.93 MB
Available Virtual: 18696.49 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:476.33 GB) (Free:143.92 GB) NTFS
Drive d: (data) (Fixed) (Total:1862.89 GB) (Free:1820.86 GB) NTFS

\\?\Volume{7fb0217e-e2a9-4e88-8f9a-c50f72859aa3}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{783377f8-cd83-45ef-bd0f-bc43b2b24249}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 7FE96090)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 2BBCADC2)

Partition: GPT.

==================== End of Addition.txt =======================
jhon244
Active Member
 
Posts: 7
Joined: July 17th, 2020, 11:12 am

Re: I have a virus pls help me

Unread postby pgmigg » July 19th, 2020, 3:20 pm

Hello jhon244,

Thank you for your quick response!
Let's continue our treatment...

Step 1.
Scan and Clean with AdwCleaner.
  1. Please close all open programs and windows.
  2. You should still have the AdwCleaner.exe on your Desktop. If it not, please download AdwCleaner and save it to your Desktop.
  3. Double click AdwCleaner.exe to run it. If it will ask for update please decline it.
  4. Click Yes on UAC question and I Agree on Welcome window.
  5. Click Scan now button and wait for a while until the scan finish... if something will be found you will see Scan results, then click on Quarantine button.
  6. At the finish of Quarantine process, AdwCleaner will ask you to restart - please allow it.
  7. On reboot a log will open AdwCleaner[Cxx].txt. Copy and paste the contents of that log file in your reply.
  8. You can also find the most recent log file at C:\AdwCleaner\AdwCleaner[Cxx].txt.

Step 2.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Please press the Windows Key + R.
  4. Type notepad.exe into the text box and click OK.
  5. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    C:\Program Files (x86)\Avira
    C:\ProgramData\Avira
    C:\Users\cabec\AppData\Local\Avira
    C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity
    C:\Users\cabec\AppData\Local\Temp:$DATA
    C:\Users\cabec\AppData\Local\AMSDK
    C:\Users\cabec\Downloads\AntiMalware_Setup.exe
    C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
    C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
    C:\ProgramData\agent.1594709704.bdinstall.v2.bin
    C:\ProgramData\Bitdefender Agent
    C:\ProgramData\Bitdefender
    C:\Users\cabec\Downloads\bitdefender_online.exe
    C:\Users\cabec\AppData\Local\glasswire
    C:\Users\cabec\Downloads\GlassWireSetup.exe
    C:\ProgramData\GlassWire
    
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [] => [X]
    Task: {943785C0-5024-4113-84CD-09D2097BC973} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
    CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
    CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
    S3 wuauserv; C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
    S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
    S2 AGMService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe" [X]
    S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
    S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]
    C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity
    C:\Users\cabec\AppData\Local\Temp:$DATA
    AlternateDataStreams: C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
    AlternateDataStreams: C:\Users\cabec\AppData\Local\Temp:$DATA​ [16]
    ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => -> No File
    
    EmptyTemp:
    CMD: ipconfig /flushdns
  6. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  7. Right click on FRST64.exe and select Run as administrator.
  8. Press the Fix button one time only and wait.
  9. When FRST finishes you will be prompted to reboot your computer. Click OK.
  10. Your computer should now restart - if not, please do it manually. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step 3.
FRST Search
  1. Double click Frst64.exe to launch it from your Desktop.
  2. FRST will start to run.
  3. When the tool opens click Yes to the disclaimer.
  4. Copy/Paste or Type the following line into the Search: box.
    babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;howmanymilestoba;iLivid;Istartsurf;kelkoopartners;Luckysearches;mystartsearch;QuickSurf;Searchnu;Searchqu;SharkManCoupon;SNPedia;sushileads;SweetIM;SweetPacks;SafeFinder;TidyNetwork;trolltech;Trovi;trovigo;whitesmoke;Wordinator;WordSurfer
  5. Press the Search Registry button.
  6. When finished searching a log will open on your Desktop ... SearchReg.txt
  7. Please post it in your next reply.

Step 4.
Fresh FRST64 Scan
You should still have FRST64.exe on your Desktop.
  1. Please close all open programs and windows.
  2. Right-click FRST64.exe and select "Run as administrator..." to run it.
  3. When the tool opens click Yes to the disclaimer if it is occurred.
  4. Please be sure that Addition.txt check box under Optional Scan section is checked.
  5. Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
  6. Please post the content of the both FRST.txt and Addition.txt in your next reply.

Step 5.
I need to have a list of Chrome Extensions you have even in case when Chrome is not your default browser. Please do the following:

List Chrome Extensions
  1. Please type or copy chrome://extensions in Chrome’s address bar and Chrome will display your extensions in a nice grid.
    Each extension shows the icon, name, brief description, Details and Remove buttons, and status toggle.
  2. List just a names of all Chrome Extensions you can see

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[Cxx].txt log file
  3. Contents of the Fixlog.txt log file
  4. Contents of the SearchReg.txt log file
  5. Contents of the FRST.txt log file after fresh FRST scan
  6. Contents of the Addition.txt log file after fresh FRST scan
  7. The full list of Chrome Extensions you have
  8. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I have a virus pls help me

Unread postby jhon244 » July 19th, 2020, 4:54 pm

Hi, I deleted all my chrome extension 2 weeks prior to this

With that said I cannot get frst to work with the fixlist txt on my desktop it only works in the antihack folder.


here are the things you asked for:

adwcleaner:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.6.0
# -------------------------------
# Build: 06-24-2020
# Database: 2020-06-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-19-2020
# Duration: 00:00:10
# OS: Windows 10 Home
# Scanned: 31836
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1589 octets] - [19/04/2020 19:38:53]
AdwCleaner[C00].txt - [1741 octets] - [19/04/2020 19:39:22]
AdwCleaner[S01].txt - [2220 octets] - [19/07/2020 18:53:49]
AdwCleaner[S02].txt - [2281 octets] - [19/07/2020 21:02:17]
AdwCleaner[C02].txt - [2359 octets] - [19/07/2020 21:02:27]
AdwCleaner[S03].txt - [1711 octets] - [19/07/2020 21:04:55]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########


fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-07-2020
Ran by cabec (19-07-2020 21:16:54) Run:2
Running from D:\antihack
Loaded Profiles: cabec
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

C:\Program Files (x86)\Avira
C:\ProgramData\Avira
C:\Users\cabec\AppData\Local\Avira
C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity
C:\Users\cabec\AppData\Local\Temp:$DATA
C:\Users\cabec\AppData\Local\AMSDK
C:\Users\cabec\Downloads\AntiMalware_Setup.exe
C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
C:\ProgramData\agent.1594709704.bdinstall.v2.bin
C:\ProgramData\Bitdefender Agent
C:\ProgramData\Bitdefender
C:\Users\cabec\Downloads\bitdefender_online.exe
C:\Users\cabec\AppData\Local\glasswire
C:\Users\cabec\Downloads\GlassWireSetup.exe
C:\ProgramData\GlassWire

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [] => [X]
Task: {943785C0-5024-4113-84CD-09D2097BC973} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
S3 wuauserv; C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 AGMService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe" [X]
S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]
C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity
C:\Users\cabec\AppData\Local\Temp:$DATA
AlternateDataStreams: C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\cabec\AppData\Local\Temp:$DATA? [16]
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => -> No File

EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
C:\Program Files (x86)\Avira => moved successfully
C:\ProgramData\Avira => moved successfully
C:\Users\cabec\AppData\Local\Avira => moved successfully
Symbolic link found: "C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" => ""
"C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" => Symbolic linkcould not remove.
"C:\Users\cabec\AppData\Local\Temp:$DATA" => not found
C:\Users\cabec\AppData\Local\AMSDK => moved successfully
C:\Users\cabec\Downloads\AntiMalware_Setup.exe => moved successfully
C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk => moved successfully
C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4 => moved successfully
C:\ProgramData\agent.1594709704.bdinstall.v2.bin => moved successfully
C:\ProgramData\Bitdefender Agent => moved successfully
C:\ProgramData\Bitdefender => moved successfully
C:\Users\cabec\Downloads\bitdefender_online.exe => moved successfully
C:\Users\cabec\AppData\Local\glasswire => moved successfully
C:\Users\cabec\Downloads\GlassWireSetup.exe => moved successfully
C:\ProgramData\GlassWire => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{943785C0-5024-4113-84CD-09D2097BC973}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{943785C0-5024-4113-84CD-09D2097BC973}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh => removed successfully
HKLM\System\CurrentControlSet\Services\wuauserv => removed successfully
wuauserv => service removed successfully
wuauserv => service not found.
HKLM\System\CurrentControlSet\Services\AGMService => removed successfully
AGMService => service removed successfully
HKLM\System\CurrentControlSet\Services\AGSService => removed successfully
AGSService => service removed successfully
HKLM\System\CurrentControlSet\Services\amsdk => removed successfully
amsdk => service removed successfully
Symbolic link found: "C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" => ""
"C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" => Symbolic linkcould not remove.
"C:\Users\cabec\AppData\Local\Temp:$DATA" => not found
C:\Users\cabec\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.
C:\Users\cabec\AppData\Local\Temp => ":$DATA?" ADS could not remove.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\2.0 Zemana AntiMalware => removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15003212 B
Java, Flash, Steam htmlcache => 10430865 B
Windows/system/drivers => 11926 B
Edge => 6132505 B
Chrome => 0 B
Firefox => 241679466 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2720 B
NetworkService => 2720 B
cabec => 4789818 B

RecycleBin => 0 B
EmptyTemp: => 274.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:17:03 ====

seach reg:

Farbar Recovery Scan Tool (x64) Version: 19-07-2020
Ran by cabec (19-07-2020 21:25:47)
Running from C:\Users\cabec\Desktop
Boot Mode: Normal

================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;howmanymilestoba;iLivid;Istartsurf;kelkoopartners;Luckysearches;mystartsearch;QuickSurf;Searchnu;Searchqu;SharkManCoupon;SNPedia;sushileads;SweetIM;SweetPacks;SafeFinder;TidyNetwork;trolltech;Trovi;trovigo;whitesmoke;Wordinator;WordSurfer" ===========


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "Bandoo" ==========


===================== Search result for "CleverSearch" ==========


===================== Search result for "conduit" ==========


===================== Search result for "datamngr" ==========


===================== Search result for "Fun4IM" ==========


===================== Search result for "howmanymilestoba" ==========


===================== Search result for "iLivid" ==========


===================== Search result for "Istartsurf" ==========


===================== Search result for "kelkoopartners" ==========


===================== Search result for "Luckysearches" ==========


===================== Search result for "mystartsearch" ==========


===================== Search result for "QuickSurf" ==========


===================== Search result for "Searchnu" ==========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
""="ISearchQueryHelperPriv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
""="ISearchQueryHelperPriv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]


===================== Search result for "SharkManCoupon" ==========


===================== Search result for "SNPedia" ==========


===================== Search result for "sushileads" ==========


===================== Search result for "SweetIM" ==========


===================== Search result for "SweetPacks" ==========


===================== Search result for "SafeFinder" ==========


===================== Search result for "TidyNetwork" ==========


===================== Search result for "trolltech" ==========


===================== Search result for "Trovi" ==========


===================== Search result for "trovigo" ==========


===================== Search result for "whitesmoke" ==========


===================== Search result for "Wordinator" ==========


===================== Search result for "WordSurfer" ==========

====== End of Search ======

frst:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2020
Ran by cabec (administrator) on DESKTOP-MQCUIRU (ASUSTeK COMPUTER INC. GS GS30) (19-07-2020 21:50:07)
Running from C:\Users\cabec\Desktop
Loaded Profiles: cabec
Platform: Windows 10 Home Version 1809 17763.914 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Kristjan Skutta -> ) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\cabec\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Spotify AB -> Spotify Ltd) C:\Users\cabec\AppData\Roaming\Spotify\Spotify.exe <5>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [749512 2018-08-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Discord] => C:\Users\cabec\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Spotify] => C:\Users\cabec\AppData\Roaming\Spotify\Spotify.exe [23330024 2020-07-10] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Steam] => C:\Users\cabec\Pictures\steam\steam.exe [3377440 2020-07-10] (Valve -> Valve Corporation)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [WallpaperEngine] => C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\wallpaper32.exe [2887160 2020-07-12] (Kristjan Skutta -> )
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32339344 2020-06-23] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Installer\chrmstp.exe [2020-07-19] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10B369E2-9561-4834-B2E2-AE1548B7A964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {11FAC390-8444-4F1B-A572-E1236FF01B95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1B4C39BA-DACF-4FFC-91E5-C3BA371E7524} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {25DB0302-77BA-41C2-9C8A-0F0E77D7FCDA} - System32\Tasks\AdwCleaner_onReboot => C:\Users\cabec\Desktop\AdwCleaner.exe [8420016 2020-07-19] (Malwarebytes Inc -> Malwarebytes)
Task: {28698CB2-D487-4E03-A60A-081637108C44} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124112 2020-07-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {2A8194DF-34E3-4052-8BE7-B077C61F1448} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-19] (Google LLC -> Google LLC)
Task: {317B3AC1-9E00-42C6-BDE6-B0A149E4EACB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {373C59AB-BC3C-443F-BF78-B830426D5E17} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BD443F1-6BD0-41DA-AE81-DB0B41BF47AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-19] (Google LLC -> Google LLC)
Task: {3BF4D48B-BBD5-4A14-BAF3-9F5CDAC7CEDF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {70789B62-1E4A-4B6B-9FBD-281F7C6CA368} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {94906888-35B9-49D8-B41D-E3A3D0572989} - System32\Tasks\AAAAAAA => C:\Users\cabec\AppData\Local\Programs\Opera\launcher.exe
Task: {96771905-0661-406E-A19F-DD6CB5619695} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6B5345C-4BC6-44B2-88CD-85AB59171087} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B938375F-A09F-4113-ADEE-E0E686B28D78} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE1B5949-93C3-43C3-AC04-6AF343518ACF} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ECB1EDFD-9E29-41E3-ADEB-77C26B74993D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FD663655-8394-4219-BE57-88748A0C6780} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{13636716-f8ba-4148-be78-b443fc47f947}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{19a10513-7b53-490a-8a61-1cfe829c00f8}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{b82b7d28-f146-43ef-a62d-c6ae0af56bd4}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

FireFox:
========
FF DefaultProfile: 4md9z3c1.default
FF ProfilePath: C:\Users\cabec\AppData\Roaming\Mozilla\Firefox\Profiles\4md9z3c1.default [2020-07-19]
FF ProfilePath: C:\Users\cabec\AppData\Roaming\Mozilla\Firefox\Profiles\5ctdp677.default-release [2020-07-19]
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-06-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-06-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin HKU\S-1-5-21-3266803249-1906538077-2635784554-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\cabec\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-11] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default [2020-07-19]
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://www.pcdiga.com
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/"
CHR Extension: (Google Drive) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-11-26]
CHR Extension: (YouTube) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-11-26]
CHR Extension: (pro grey) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhpebdanojkmhbbneclbkmpleemilaj [2020-05-11]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-26]
CHR Extension: (Gmail) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8615864 2020-06-23] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-26] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-19] (Malwarebytes Inc -> Malwarebytes)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1711232 2020-06-25] (Rockstar Games, Inc. -> Rockstar Games)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2019-12-02] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-06-01] (ASUSTeK Computer Inc. -> )
R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
S3 dpclat_driver; C:\Windows\system32\drivers\dpclat_driver.sys [21232 2019-12-02] (Thesycon Systemsoftware Consulting GmbH -> Thesycon GmbH)
R3 e1rexpress; C:\Windows\System32\drivers\e1r65x64.sys [548800 2018-05-03] (Intel(R) INTELNPG1 -> Intel Corporation)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-06-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-06-06] (Malwarebytes Inc -> Malwarebytes)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [90168 2020-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45664 2019-12-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [355760 2019-12-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-03] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-19 21:25 - 2020-07-19 21:25 - 000005139 _____ C:\Users\cabec\Desktop\SearchReg.txt
2020-07-19 21:22 - 2020-07-19 21:22 - 000003530 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-07-19 21:22 - 2020-07-19 21:22 - 000003406 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-07-19 21:22 - 2020-07-19 21:22 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-07-19 21:22 - 2020-07-19 21:22 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-07-19 21:22 - 2020-07-19 21:22 - 000002343 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-07-19 21:21 - 2020-07-19 21:21 - 001295576 _____ (Google LLC) C:\Users\cabec\Downloads\ChromeSetup.exe
2020-07-19 21:16 - 2020-07-19 21:16 - 000000000 ____D C:\Users\cabec\Desktop\ff
2020-07-19 21:15 - 2020-07-19 21:16 - 000000000 ____D C:\Users\cabec\Desktop\ease
2020-07-19 21:02 - 2020-07-19 21:05 - 000003158 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot
2020-07-19 18:57 - 2020-07-19 18:57 - 002293760 _____ (Farbar) C:\Users\cabec\Desktop\FRST64.exe
2020-07-19 18:57 - 2020-07-19 18:57 - 000000000 ____D C:\Users\cabec\Desktop\FRST-OlderVersion
2020-07-19 18:51 - 2020-07-19 18:51 - 008420016 _____ (Malwarebytes) C:\Users\cabec\Desktop\AdwCleaner.exe
2020-07-19 13:00 - 2020-07-19 21:13 - 000002133 _____ C:\Users\cabec\Desktop\fixlist.txt..txt
2020-07-19 12:51 - 2020-07-19 12:51 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-MQCUIRU-Windows-10-Home-(64-bit).dat
2020-07-19 12:51 - 2020-07-19 12:51 - 000000000 ____D C:\RegBackup
2020-07-19 12:50 - 2020-07-19 12:50 - 000017985 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2020-07-19 12:50 - 2020-07-19 12:50 - 000002319 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2020-07-19 12:50 - 2020-07-19 12:50 - 000002319 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2020-07-19 12:50 - 2020-07-19 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2020-07-19 12:50 - 2020-07-19 12:50 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2020-07-19 12:49 - 2020-07-19 12:49 - 005766144 _____ (Tweaking.com) C:\Users\cabec\Desktop\tweaking.com_registry_backup_setup.exe
2020-07-18 15:05 - 2020-07-18 15:09 - 000000033 _____ C:\Users\cabec\Desktop\codecheck.txt
2020-07-18 15:05 - 2020-07-18 15:05 - 000025088 _____ C:\Users\cabec\Desktop\codecheck.exe
2020-07-18 15:03 - 2020-07-18 15:03 - 000071924 _____ C:\ProgramData\agent.uninstall.1595081011.bdinstall.v2.bin
2020-07-18 14:58 - 2020-07-18 14:58 - 000000000 ____D C:\Windows\system32\Tasks\Avira
2020-07-18 14:39 - 2020-07-18 14:40 - 000004651 _____ C:\Users\cabec\Desktop\ckfiles.txt
2020-07-18 14:38 - 2020-07-18 14:38 - 000468480 _____ () C:\Users\cabec\Desktop\CKScanner.exe
2020-07-18 14:38 - 2020-07-18 14:38 - 000468480 _____ () C:\Users\cabec\Desktop\CKScanner(1).exe
2020-07-17 20:19 - 2020-07-17 20:19 - 000001972 _____ C:\Users\cabec\Desktop\Process Hacker 2.lnk
2020-07-17 20:19 - 2020-07-17 20:19 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Process Hacker 2
2020-07-17 20:19 - 2020-07-17 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2020-07-17 20:19 - 2020-07-17 20:19 - 000000000 ____D C:\Program Files\Process Hacker 2
2020-07-17 20:17 - 2020-07-17 20:17 - 002267848 _____ (wj32 ) C:\Users\cabec\Downloads\processhacker-2.39-setup.exe
2020-07-17 20:09 - 2020-07-17 20:09 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-07-17 20:09 - 2020-07-17 20:09 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-07-17 20:09 - 2020-07-17 20:09 - 000001000 _____ C:\ProgramData\Desktop\Firefox.lnk
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Mozilla
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Users\cabec\AppData\Local\Mozilla
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\ProgramData\Mozilla
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-07-17 20:09 - 2020-07-17 20:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-17 19:27 - 2020-07-17 19:27 - 000003632 _____ C:\Windows\system32\Tasks\AAAAAAA
2020-07-17 18:14 - 2020-07-17 18:15 - 007530244 _____ C:\Users\cabec\Desktop\AYYYYY.arn
2020-07-17 18:02 - 2020-07-17 18:02 - 002674525 _____ C:\Users\cabec\Downloads\Autoruns.zip
2020-07-17 17:57 - 2020-07-18 15:04 - 000000000 ____D C:\Users\cabec\AppData\Local\Opera Software
2020-07-17 17:56 - 2020-07-17 17:56 - 000000000 ____D C:\Users\Public\Security Sessions
2020-07-17 17:55 - 2020-07-18 15:04 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Opera Software
2020-07-17 17:55 - 2020-07-17 17:55 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2020-07-17 17:54 - 2020-07-17 17:54 - 004344656 _____ (Avira Operations GmbH & Co. KG) C:\Users\cabec\Downloads\avira_en_sptl1_20749766-1595004868__featurews-spotlight-release.exe
2020-07-17 15:10 - 2020-07-19 21:50 - 000015335 _____ C:\Users\cabec\Desktop\FRST.txt
2020-07-17 15:10 - 2020-07-19 18:58 - 000036668 _____ C:\Users\cabec\Desktop\Addition.txt
2020-07-17 15:02 - 2020-07-19 21:50 - 000000000 ____D C:\FRST
2020-07-17 15:02 - 2020-07-17 15:03 - 000048170 _____ C:\Users\cabec\Downloads\Addition.txt
2020-07-17 15:02 - 2020-07-17 15:03 - 000040799 _____ C:\Users\cabec\Downloads\FRST.txt
2020-07-17 15:01 - 2020-07-17 15:01 - 002292736 _____ (Farbar) C:\Users\cabec\Downloads\FRST64.exe
2020-07-17 14:42 - 2020-07-17 14:42 - 000000250 _____ C:\Users\cabec\Desktop\VIRUS FREE.reg
2020-07-17 14:35 - 2020-07-17 14:35 - 020327732 _____ C:\Users\cabec\Desktop\registry backup.reg
2020-07-17 14:24 - 2020-07-17 14:24 - 000000000 ____D C:\Windows\pss
2020-07-14 17:50 - 2020-07-15 17:15 - 000000000 ____D C:\Windows\Minidump
2020-07-14 17:18 - 2020-07-19 12:54 - 000089447 _____ C:\Windows\ZAM.krnl.trace
2020-07-14 17:18 - 2020-07-14 17:18 - 000000000 ____D C:\Users\cabec\AppData\Local\Zemana
2020-07-14 16:57 - 2020-07-14 16:57 - 000000797 _____ C:\Users\cabec\Documents\hosts.txt
2020-07-14 15:51 - 2020-07-14 17:44 - 000611598 _____ C:\Windows\ntbtlog.txt
2020-07-14 08:26 - 2020-07-14 08:38 - 000000881 _____ C:\Users\cabec\Desktop\exame 2013.txt
2020-07-14 07:30 - 2020-07-14 07:30 - 008751634 _____ C:\Users\cabec\Desktop\DESKTOP-MQCUIRU.arn
2020-07-14 07:24 - 2020-07-14 07:24 - 000755576 _____ (Sysinternals - www.sysinternals.com) C:\Users\cabec\Downloads\autoruns.exe
2020-07-14 07:24 - 2020-07-14 07:24 - 000755576 _____ (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\autoruns (1).exe
2020-07-14 07:00 - 2020-07-14 08:24 - 000003975 _____ C:\Users\cabec\Desktop\exame 2015.txt
2020-07-14 05:17 - 2020-07-14 06:59 - 000002184 _____ C:\Users\cabec\Desktop\exame 2016.txt
2020-07-13 15:19 - 2020-07-14 07:19 - 000090168 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
2020-07-13 15:19 - 2020-07-13 15:19 - 001567005 _____ C:\Users\cabec\Downloads\ProcessMonitor.zip
2020-07-13 15:19 - 2020-07-13 15:19 - 000000000 ____D C:\Users\cabec\Downloads\ProcessMonitor
2020-07-13 15:19 - 2019-12-10 22:42 - 002181504 ____N (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\Procmon.exe
2020-07-13 15:19 - 2019-12-10 22:42 - 000063582 ____N C:\Users\cabec\Desktop\procmon.chm
2020-07-13 15:19 - 2019-12-10 22:38 - 001177168 ____N (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\Procmon64.exe
2020-07-13 15:19 - 2018-09-28 01:55 - 000007490 ____N C:\Users\cabec\Desktop\Eula.txt
2020-07-13 14:51 - 2020-07-13 19:15 - 000003527 _____ C:\Users\cabec\Desktop\exame 2017.txt
2020-07-13 12:06 - 2020-07-13 12:06 - 000000027 _____ C:\Users\cabec\Desktop\exame 2014.txt
2020-07-13 11:45 - 2020-07-13 11:45 - 002101330 _____ C:\Users\cabec\Desktop\Resumos HCA.pdf
2020-07-12 16:22 - 2020-07-12 16:22 - 002101330 _____ C:\Users\cabec\Downloads\Resumos HCA.pdf
2020-07-10 13:54 - 2020-07-10 13:54 - 000758323 _____ C:\Users\cabec\Downloads\Archive-69bc.zip
2020-07-10 13:54 - 2020-07-10 13:54 - 000758128 _____ C:\Users\cabec\Downloads\2020-07-10 13.51.58.heic
2020-07-10 13:54 - 2020-07-10 13:54 - 000000000 ____D C:\Users\cabec\Downloads\Archive-69bc
2020-07-09 13:21 - 2020-07-09 13:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2020-07-09 13:14 - 2020-07-09 13:22 - 000000000 ____D C:\Program Files (x86)\Overwatch
2020-07-07 09:47 - 2020-03-04 13:54 - 001804784 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2020-07-07 09:47 - 2020-03-04 13:54 - 000050592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\Users\cabec\AppData\LocalLow\Blizzard Entertainment
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\Users\cabec\AppData\Local\Blizzard
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2020-07-05 20:46 - 2020-07-05 20:48 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2020-06-29 20:44 - 2020-06-29 20:44 - 806409556 _____ C:\Users\cabec\Downloads\VIDEO RENDER.mp4
2020-06-28 21:39 - 2020-07-10 12:14 - 000000000 ____D C:\Users\cabec\AppData\Local\Battle.net
2020-06-28 21:39 - 2020-07-05 20:44 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Battle.net
2020-06-28 21:39 - 2020-06-28 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2020-06-28 21:34 - 2020-06-28 21:34 - 004902896 _____ (Blizzard Entertainment) C:\Users\cabec\Downloads\Battle.net-Setup (1).exe
2020-06-26 01:23 - 2020-06-26 01:24 - 006088416 _____ (Cfx.re) C:\Users\cabec\Downloads\FiveM.exe
2020-06-26 01:23 - 2020-06-26 01:23 - 008556152 _____ (cfx-collective) C:\Users\cabec\Downloads\FiveM (1).exe
2020-06-25 02:06 - 2020-06-25 02:06 - 004902896 _____ (Blizzard Entertainment) C:\Users\cabec\Downloads\Battle.net-Setup.exe
2020-06-23 15:19 - 2020-06-23 15:22 - 000000000 ____D C:\ProgramData\Epic
2020-06-23 15:19 - 2020-06-23 15:19 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2020-06-23 15:19 - 2020-06-23 15:19 - 000000000 ____D C:\Program Files (x86)\Epic Games
2020-06-23 15:16 - 2020-06-23 15:16 - 044257280 _____ C:\Users\cabec\Downloads\EpicInstaller-10.17.0.msi
2020-06-21 03:12 - 2020-06-21 03:12 - 071170399 _____ C:\Users\cabec\Downloads\y2mate.com - David Carreira - A Força Está em Nós (Ft. Snoop Dogg) - Videoclip Oficial_Mc8IgVWpdeo_1080p (1).mp4
2020-06-21 03:11 - 2020-06-21 03:11 - 071170399 _____ C:\Users\cabec\Downloads\y2mate.com - David Carreira - A Força Está em Nós (Ft. Snoop Dogg) - Videoclip Oficial_Mc8IgVWpdeo_1080p.mp4
2020-06-21 02:41 - 2020-06-21 02:41 - 000474573 _____ C:\Users\cabec\Downloads\y2mate.com - É o Conan!!!_MREH0EYn47g_360p.mp4
2020-06-19 20:15 - 2020-06-19 20:15 - 001397166 _____ C:\Users\cabec\Downloads\Shui hua piou piou bei feng shou shou tian de yi pian cheng mao.mp4

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-19 21:29 - 2018-12-07 00:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-07-19 21:27 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-19 21:23 - 2018-12-07 00:39 - 000840852 _____ C:\Windows\system32\PerfStringBackup.INI
2020-07-19 21:23 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2020-07-19 21:22 - 2019-11-26 22:37 - 000000000 ____D C:\Program Files (x86)\Google
2020-07-19 21:19 - 2020-03-11 21:06 - 000000000 ____D C:\Users\cabec\AppData\LocalLow\Mozilla
2020-07-19 21:19 - 2019-05-15 12:00 - 000000000 ____D C:\ProgramData\NVIDIA
2020-07-19 21:18 - 2020-05-28 17:56 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Spotify
2020-07-19 21:18 - 2020-05-28 17:56 - 000000000 ____D C:\Users\cabec\AppData\Local\Spotify
2020-07-19 21:18 - 2019-11-26 22:30 - 000000000 ___RD C:\Users\cabec\OneDrive
2020-07-19 21:17 - 2019-11-27 14:52 - 000012166 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1
2020-07-19 21:17 - 2019-11-27 01:17 - 000016896 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
2020-07-19 21:17 - 2019-11-27 01:17 - 000014856 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
2020-07-19 21:17 - 2018-12-07 00:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-07-19 21:17 - 2018-09-15 07:09 - 000786432 _____ C:\Windows\system32\config\BBI
2020-07-19 21:06 - 2019-11-27 01:17 - 000001206 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1
2020-07-18 15:04 - 2020-03-13 17:46 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2020-07-18 15:04 - 2020-03-13 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2020-07-18 15:03 - 2019-05-15 11:58 - 000000000 ____D C:\ProgramData\Package Cache
2020-07-18 14:57 - 2018-09-15 08:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-07-18 14:46 - 2019-12-02 21:37 - 000000000 ____D C:\Users\cabec\AppData\Roaming\audacity
2020-07-18 14:29 - 2019-11-27 01:05 - 000000000 ____D C:\Users\cabec\AppData\Roaming\.minecraft
2020-07-17 23:35 - 2019-11-26 22:27 - 000000000 ____D C:\Users\cabec
2020-07-17 21:48 - 2019-11-26 23:15 - 000000000 ____D C:\Users\cabec\AppData\Local\D3DSCache
2020-07-17 20:41 - 2019-11-28 19:05 - 000000000 ____D C:\Users\cabec\AppData\Local\CrashDumps
2020-07-17 20:23 - 2019-12-22 19:53 - 000000000 ___HD C:\temp
2020-07-17 20:23 - 2019-12-02 18:32 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-07-17 20:23 - 2019-12-02 18:30 - 000000000 ____D C:\Program Files\Adobe
2020-07-17 20:23 - 2019-12-02 18:29 - 000000000 ____D C:\Program Files (x86)\Adobe
2020-07-17 20:22 - 2019-11-26 22:28 - 000000000 ____D C:\Users\cabec\AppData\Local\Packages
2020-07-17 20:22 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-17 20:22 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2020-07-17 19:52 - 2020-01-30 19:47 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Adobe
2020-07-17 18:06 - 2018-12-07 00:33 - 000257904 _____ C:\Windows\system32\FNTCACHE.DAT
2020-07-17 14:23 - 2018-09-15 07:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-07-16 15:47 - 2019-11-26 22:30 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3266803249-1906538077-2635784554-1001
2020-07-16 15:47 - 2019-11-26 22:27 - 000002374 _____ C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-07-14 18:58 - 2019-11-27 23:23 - 000000000 ____D C:\Program Files\Rockstar Games
2020-07-14 18:58 - 2019-11-27 23:23 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-07-14 16:14 - 2019-12-22 17:11 - 000000000 ___RD C:\Users\cabec\Creative Cloud Files
2020-07-14 08:04 - 2020-04-19 19:38 - 000000000 ____D C:\AdwCleaner
2020-07-13 15:08 - 2019-12-02 18:31 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-07-13 15:08 - 2019-12-02 18:31 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-07-13 14:52 - 2019-11-27 01:27 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Discord
2020-07-13 14:08 - 2020-06-05 11:33 - 000000000 ____D C:\Users\cabec\AppData\Local\Adobe
2020-07-13 14:07 - 2020-06-05 11:33 - 000000000 ____D C:\ProgramData\Adobe
2020-07-13 14:03 - 2019-12-01 17:35 - 000000000 ____D C:\Users\cabec\AppData\Roaming\WhatsApp
2020-07-11 11:48 - 2020-06-17 00:26 - 000000000 ____D C:\Users\cabec\Desktop\Jogos
2020-07-08 16:48 - 2020-04-07 07:27 - 000000000 ____D C:\Users\cabec\AppData\Local\WhatsApp
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:01 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-07-01 01:14 - 2019-11-27 01:17 - 000012150 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1
2020-06-28 21:49 - 2020-03-15 18:02 - 000000000 ____D C:\Program Files (x86)\Battle.net
2020-06-28 18:14 - 2019-12-02 21:42 - 000000000 ____D C:\Users\cabec\AppData\Roaming\obs-studio
2020-06-27 01:39 - 2020-03-15 14:57 - 000000000 ____D C:\Users\cabec\AppData\Local\FiveM
2020-06-26 01:52 - 2020-03-15 15:02 - 000000000 ____D C:\Users\cabec\AppData\Local\DigitalEntitlements
2020-06-25 02:32 - 2019-11-26 22:30 - 000000000 ____D C:\Users\cabec\AppData\Local\NVIDIA Corporation
2020-06-25 01:36 - 2020-04-21 16:14 - 000000000 ____D C:\Users\cabec\Desktop\Escola
2020-06-25 01:36 - 2020-03-26 19:02 - 000000000 ____D C:\Users\cabec\Desktop\Photoshop
2020-06-25 00:20 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\LiveKernelReports
2020-06-23 21:38 - 2019-11-27 23:24 - 000000000 ____D C:\Users\cabec\AppData\Local\Rockstar Games
2020-06-23 21:18 - 2019-11-27 23:23 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2020-06-23 15:44 - 2019-11-26 23:13 - 000000000 ____D C:\Users\cabec\AppData\Local\UnrealEngine
2020-06-23 15:29 - 2019-11-26 23:15 - 000000000 ____D C:\Program Files\Epic Games
2020-06-23 15:20 - 2019-05-15 12:01 - 002754024 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2020-06-23 15:20 - 2019-05-15 12:01 - 002122216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2020-06-23 15:20 - 2019-05-15 12:01 - 001295848 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2020-06-23 15:19 - 2020-04-23 15:32 - 000000000 ____D C:\Users\cabec\AppData\Local\EpicGamesLauncher
2020-06-21 17:01 - 2020-01-01 21:13 - 000000000 ____D C:\Users\cabec\Desktop\fotos

==================== Files in the root of some directories ========

2020-03-31 17:48 - 2020-06-04 15:52 - 000000132 _____ () C:\Users\cabec\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2019-12-02 18:29 - 2020-06-17 11:53 - 000001435 _____ () C:\Users\cabec\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

addition:
Recovery Scan Tool (x64) Version: 19-07-2020
Ran by cabec (19-07-2020 21:50:40)
Running from C:\Users\cabec\Desktop
Windows 10 Home Version 1809 17763.914 (X64) (2019-11-26 21:06:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3266803249-1906538077-2635784554-500 - Administrator - Disabled)
cabec (S-1-5-21-3266803249-1906538077-2635784554-1001 - Administrator - Enabled) => C:\Users\cabec
DefaultAccount (S-1-5-21-3266803249-1906538077-2635784554-503 - Limited - Disabled)
Guest (S-1-5-21-3266803249-1906538077-2635784554-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3266803249-1906538077-2635784554-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CPUID ASUS CPU-Z 1.86 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)
Discord (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Discord) (Version: 0.0.306 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{0EE6DDEF-E36B-45EB-9E03-5A266EC8A8F8}) (Version: 1.1.279.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FiveM (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\CitizenFX_FiveM) (Version: - The CitizenFX Collective)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.89 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Chipset Device Software (HKLM-x32\...\{eb0d4a41-3065-42b0-a868-c60d42d3ea98}) (Version: 10.1.17695.8086 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1829.12.0.1154 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.369.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{aa81bdf2-96a6-4400-a596-c7d1916ce9f7}) (Version: 1.50.369.0 - Intel Corporation) Hidden
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 78.0.2 (x64 pt-PT) (HKLM\...\Mozilla Firefox 78.0.2 (x64 pt-PT)) (Version: 78.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.2 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Graphics Driver 442.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.38.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.38.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 24.0.3 - OBS Project)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.25.260 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.6.1 - Rockstar Games)
Spotify (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Spotify) (Version: 1.1.37.690.g8f3b16fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.24.2 (HKLM\...\TAP-Windows) (Version: 9.24.2 - OpenVPN Technologies, Inc.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
WhatsApp (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\WhatsApp) (Version: 2.2027.10 - WhatsApp)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
ASUS Product Registration Program (APRP) -> C:\Program Files\WindowsApps\B9ECED6F.ASUSProductRegistrationProgramAPRP_2.1.7.0_x86__qmba6cd70vzyy [2019-05-15] (ASUSTeK COMPUTER INC.) [Startup Task]
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.4.4.0_x86__kgqvnymyfvs32 [2019-12-10] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.27.6.0_x86__kgqvnymyfvs32 [2019-12-12] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1660.4.0_x86__kgqvnymyfvs32 [2019-12-13] (king.com)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-11-26] (LinkedIn)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-11-26] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2019-11-26] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\cabec\AppData\Local\Temp:$DATA​ [16]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cabec\Desktop\fotos\425000.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B4EB1566-E2AE-4438-9BC2-0A308CB11AF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C3A391E5-7C5B-4258-9426-EA8C43613E9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{AC5E0D92-DB13-4376-9EEF-5DE28D7DD632}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{BB38DA3A-C591-41B8-9CC9-49A86CEE0886}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{6FA27901-58B4-4E40-AE8A-2BA5CAC223FA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20332.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{48334160-DE2B-4B88-88AB-3249E06F4E4D}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{4D4A3834-B4E1-4A7C-91A0-383FEA139E31}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{916E4580-6205-446F-9960-84887A81011A}C:\users\cabec\appdata\local\fivem\fivem.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [UDP Query User{95C77CB8-221F-4F37-8379-14EBAE17D948}C:\users\cabec\appdata\local\fivem\fivem.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [TCP Query User{14D99437-3139-460D-A634-AC2A55EF54C0}C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [File not signed]
FirewallRules: [UDP Query User{D12AB444-51FF-48BC-9FE5-8FCCB115FB6E}C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [File not signed]
FirewallRules: [{89D90CFD-45D9-406C-94C8-8A3ADEF122F9}] => (Allow) C:\Users\cabec\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{FAB40BAE-028D-489A-8B2C-D6590F2CAEB6}C:\users\cabec\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cabec\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{9820688A-9299-4459-9F9E-36C28974E0AE}C:\users\cabec\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cabec\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3439D8EB-6502-4613-ADD2-431CEC0460CD}] => (Allow) C:\Users\cabec\Pictures\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{EF73778D-5753-4482-B650-D53A14B3ABF5}] => (Allow) C:\Users\cabec\Pictures\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6D35C2A8-87DD-4AC6-8F69-14CF0B2CAC24}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D4CBF99F-F0E8-4585-A813-3492720ED181}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0FF9790B-D8A8-43C5-9AF2-E30DC4467436}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{33AA7470-9092-44D2-8818-6E85988D0124}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{64F23525-3A54-4E61-AC1C-4326A8E18AB3}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{41A45A20-6F0E-418E-AAA1-C6669BA35AB9}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{999F86F6-527B-4C61-9801-0BD6CBD9D937}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{2B776A8B-F6C8-4700-B36E-593BB60A20A5}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{D8FC0FE3-8EBD-4EC7-B311-E1D75C49D126}C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{FA131442-74CB-457B-989A-8C5188B009B3}C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{C6FADD75-C65D-457C-B72C-DA534512A88D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{FB8467D7-5D74-4DF2-A9EA-6D338788158F}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{C0A61DBC-2E0B-45E7-B8FE-CA489B065BE0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{25C0C7D0-8F13-4DCC-A995-A4DA608992AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DEB01ED7-2EF4-4F0C-A5AD-72976FF64542}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3F0A00FF-02E4-4F96-9C72-C73ACDC9C529}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CCDA7A30-E535-4EC7-A420-EDA70AE37F2C}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F0F90CB4-C3BD-4024-974F-B46938DE3A46}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{CACEE9EB-3C5F-44E3-AD51-245CF3FE13F4}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{2B46F0F2-3E6B-4F24-98DA-B5EA32F4502D}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{4EA3E7AE-0C47-4D12-A62A-CDF1FB341FA5}] => (Allow) C:\Users\cabec\AppData\Local\Programs\Opera\69.0.3686.77\opera.exe => No File
FirewallRules: [{DE8036BA-D9FA-4FED-83CC-E4566BA08B96}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{778B148C-6D5B-4D77-AEAF-5E906B268D2B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D6E89E61-C224-47E2-AA13-86D396F0F749}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{82A030CA-FD97-4AA7-B1F3-8FD28E9993FD}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{5CFC7882-599F-4564-B55F-A4680C9A2750}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{0DEDC982-1C7E-404A-BD4F-0AAAD167E60E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

09-07-2020 12:14:52 Scheduled Checkpoint
18-07-2020 14:59:12 Removed Avira Software Updater

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/19/2020 09:17:39 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/19/2020 09:17:01 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (07/19/2020 09:16:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/19/2020 09:16:55 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {3600f831-bf1e-48ab-8c25-18ddd5f8651f}

Error: (07/19/2020 09:06:15 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/19/2020 09:03:02 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/19/2020 05:58:14 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/19/2020 01:11:28 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (07/19/2020 09:22:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MQCUIRU)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MQCUIRU\cabec SID (S-1-5-21-3266803249-1906538077-2635784554-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/19/2020 09:21:02 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MQCUIRU)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MQCUIRU\cabec SID (S-1-5-21-3266803249-1906538077-2635784554-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/19/2020 09:21:02 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MQCUIRU)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MQCUIRU\cabec SID (S-1-5-21-3266803249-1906538077-2635784554-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/19/2020 09:18:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MQCUIRU)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MQCUIRU\cabec SID (S-1-5-21-3266803249-1906538077-2635784554-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/19/2020 09:18:03 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MQCUIRU)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
and APPID
Unavailable
to the user DESKTOP-MQCUIRU\cabec SID (S-1-5-21-3266803249-1906538077-2635784554-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/19/2020 09:15:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (07/19/2020 09:15:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (07/19/2020 09:13:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.


Windows Defender:
===================================
Date: 2019-12-12 13:59:59.764
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {487BAD9A-C330-4233-BE7B-AE97962EBE50}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-05 09:33:29.113
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {698660BF-F832-4C05-83F8-1D45D12588CB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-04 21:22:33.404
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4A2C9B23-8239-4F5E-A6A4-00DC55AB3123}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-04 20:13:19.227
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {807AA218-8425-4517-B0C0-105137EF48AF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-11-28 17:40:25.666
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9330D0A3-A7E2-4D90-B67C-CDC616EDA42F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-13 16:39:02.212
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2020-07-18 14:54:12.409
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:50:19.458
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:50:19.456
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:23:56.841
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:23:56.838
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:22:58.419
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 14:22:58.416
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-17 12:21:52.441
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 0404 04/12/2019
Motherboard: ASUSTeK COMPUTER INC. WS C246 GS
Processor: Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 9%
Total physical RAM: 32633.93 MB
Available physical RAM: 29408.1 MB
Total Virtual: 34681.93 MB
Available Virtual: 30035.42 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:476.33 GB) (Free:144.26 GB) NTFS
Drive d: (data) (Fixed) (Total:1862.89 GB) (Free:1820.86 GB) NTFS

\\?\Volume{7fb0217e-e2a9-4e88-8f9a-c50f72859aa3}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{783377f8-cd83-45ef-bd0f-bc43b2b24249}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 7FE96090)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 2BBCADC2)

Partition: GPT.

==================== End of Addition.txt =======================

no changes in the pc behaviors when I opne task manager it is still at a very high number and various firefox and explorer tabs are opened altough I only have 1
jhon244
Active Member
 
Posts: 7
Joined: July 17th, 2020, 11:12 am

Re: I have a virus pls help me

Unread postby pgmigg » July 19th, 2020, 10:25 pm

Hello jhon244,

jhon244 wrote:I cannot get frst to work with the fixlist txt on my desktop it only works in the antihack folder.
Thank you that informed me - it is very important detail!
There is another way to run FRST fix.

Let's continue...

Step 1.
Security Check
  1. Please download Security Check from here and save it to your Desktop.
  2. Double-click SecurityCheck.exe
  3. Follow the onscreen instructions inside of the black box.
    • NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    • NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    • NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
  4. A Notepad document should open automatically called checkup.txt - please post the contents of that document.

Step 2.
Farbar Service Scanner (FSS)
  1. Please download Farbar Service Scanner from Here and save FSS.exe to your Desktop.
  2. Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  3. Press Scan button.
  4. It will create a log FSS.txt in the same directory the tool is run - on the Desktop in your case. Please copy and paste the log to your reply.

Step 3.
Sophos Free Virus Removal Tool
  1. Please download Sophos Free Virus Removal Tool from Here after a few simple steps and save the Sophos Free Virus Removal Tool.exe to your desktop.
  2. Double click the icon and select Run
  3. Click Next
  4. Select I accept the terms in this license agreement, then click Next twice
  5. Click Install
  6. After a while click Finish to launch the program
  7. Once the virus database has been updated click Start Scanning
  8. If any threats are found click Details, then View log file... (bottom left hand corner)
  9. Copy and paste the results in your reply
  10. Close the Notepad document, close the Threat Details screen, then click Start cleanup
  11. Click Exit to close the program

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the checkup.txt log file
  3. Contents of the FSS.txt log file
  4. Results of the run of Sophos Free Virus Removal Tool
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I have a virus pls help me

Unread postby jhon244 » July 20th, 2020, 11:18 am

No threats were found in sophos

checkup:

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 251
Java version 32-bit out of Date!
Google Chrome (84.0.4147.89)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


FSS:
Farbar Service Scanner Version: 14-12-2019
Ran by cabec (administrator) on 20-07-2020 at 15:40:47
Running from "C:\Users\cabec\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv: "C:\Windows\system32\svchost.exe -k netsvcs -p".
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

PS: im preety sure still have the virus, the thing with cpu still happens I can provide video or photos if needed
jhon244
Active Member
 
Posts: 7
Joined: July 17th, 2020, 11:12 am

Re: I have a virus pls help me

Unread postby pgmigg » July 20th, 2020, 9:57 pm

Hello jhon244,

jhon244 wrote:im preety sure still have the virus, the thing with cpu still happens I can provide video or photos if needed
Actually, your computer is clean from infections based on the latest set of logs, but the same time your Windows 10 system is not healthy enough and seriously out of date.

Your Windows Defender (the only anti-virus defense software) cannot work by missing components and registry corruption. Even on healthy and clean computers from time to time we can see higher CPU consumption related to internal search indexing, system self-cleaning, backup issues, etc. But when we deal with sick operating system we cannot expect a diseased system to work as well as a healthy one. If something has to be launched at the start, but there are not enough components, the system can start sorting out the possibilities, look for the missing and just stall in place - all this issues precious resources, including the CPU power.

In my opinion, if you update Windows, then the protection will also be updated and fixed, and will start working until you decide that you need something else (or not) - as we already said, one of the best protections today is MBAM.

I may not close this topic, and if after updates and restoration of internal protection the situation remains unchanged, then we will return to research. In the meantime, I highly suggest to eliminate the problems associated with Windows.

Please let me know what you think.

Thank you,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I have a virus pls help me

Unread postby jhon244 » July 21st, 2020, 4:37 am

Hi im glad to know my computer is virus free, thank you so much!

Regardimg the windows issue, when I try to update it it stays loading for about 5 minutes and then a retry button pops up.

Its quite frustrating, any insight would be appreciated
jhon244
Active Member
 
Posts: 7
Joined: July 17th, 2020, 11:12 am

Re: I have a virus pls help me

Unread postby pgmigg » July 21st, 2020, 10:23 am

Hello jhon244,

jhon244 wrote:Hi im glad to know my computer is virus free, thank you so much!
You are very welcome! :D

jhon244 wrote:Regardimg the windows issue, when I try to update it it stays loading for about 5 minutes and then a retry button pops up.

Its quite frustrating, any insight would be appreciated
No, no, the conversation is not at all about that - your Windows Updates utility is corrupted as well as Windows Defender.

We are not talking about updates for the current version (build) of Windows, I mean installing a new version (build) of the entire system and this is done differently, as described below.

Keep in mind that before doing this step, be sure to make a backup of the files that you want not to lose (there is always a chance that something will go wrong), best of all to external drives (just your files like documents, media, etc., - application and Windows itself are easily may be reinstalled). Then, despite the kind suggestion of Microsoft to continue working until the first restart of the computer, I recommend that you close all working windows and do not touch the computer until the end of the process, which can take several hours and several automatic restarts.

I also recommend that you disable all security programs during this process - in your case it is easy, they simply are not there. ;)

Then, when you are ready, please go Here and click on Update now button to download and save on your Desktop the Windows10Upgrade9252.exe assistant utility. Double-click on it and follow all steps...

Please don't hesitate to ask any questions before doing something that is not completely clear, and not after, when it is too late to correct ...

Good luck,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 111 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware