[SOLVED] Need some help here.

Let me be more accurate, use Window menu and search for Windows Security, you want to right click the search result to get to its app settings, from there you can reset it.
1653418882964.png
 
Is it the same things that are populating?
 
Are these populations from before the reset or after?
 
While we're still troubleshooting this problem, do you have any other problems? I noticed multiple TEMP.jccruz user folders.
 
Hi axe0, no my only “problem” is that populated page…everything else is running fine.
 
I would like you to try something, but this will be a step-by-step procedure over a few posts.

Run FRST Fix
Warning: This script was created for this specific system. Attempting to use the fix on another system may cause damage to the system
  • Right-click FRST64.exe then click "Run as administrator".
  • Select the entire content of the code below including "Start::" and "End::", right click and select "Copy"
  • Click Fix button once and wait
  • When finished, it will produce a log called Fixlog.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Code: 
Start::
cmd: net user administrator /active:yes
cmd: dir /b c:\users
End::

===============================================

In your next post
In your next post, please include the following. Make sure to copy and paste any requested logs unless asked to attach it.
  • Content of fixlog.txt
 
Thanks axe0, here is the content of fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-05-2022
Ran by Utilizador (30-05-2022 19:44:10) Run:3
Running from C:\FRST
Loaded Profiles: Utilizador
Boot Mode: Normal
==============================================

fixlist content:
*****************
cmd: net user administrator /active:yes
cmd: dir /b c:\users

*****************


========= net user administrator /active:yes =========


NÆo foi poss¡vel encontrar o nome do utilizador.

Para mais ajuda, escreva NET HELPMSG 2221.


========= End of CMD: =========


========= dir /b c:\users =========

Administrador
jcruz
Public
Utilizador


========= End of CMD: =========
 
Let's try that again. Please also check in the C:\users directory and let me know if you see any TEMP directories or any other odd looking directories.

Run FRST Fix
Warning: This script was created for this specific system. Attempting to use the fix on another system may cause damage to the system
  • Right-click FRST64.exe then click "Run as administrator".
  • Select the entire content of the code below including "Start::" and "End::", right click and select "Copy"
  • Click Fix button once and wait
  • When finished, it will produce a log called Fixlog.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Code: 
Start::
exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
cmd: net user administrador /active:yes
End::

===============================================

In your next post
In your next post, please include the following. Make sure to copy and paste any requested logs unless asked to attach it.
  • Content of fixlog.txt
 
Hi axe0, thanks for your support, here are the content of fixlog.txt and a screen shot of C:\users "utilizadores" everything appears to be fine, no "odd looking directories."


Fix result of Farbar Recovery Scan Tool (x64) Version: 31-05-2022 01
Ran by Utilizador (01-06-2022 17:49:28) Run:4
Running from C:\FRST
Loaded Profiles: Utilizador
Boot Mode: Normal
==============================================

fixlist content:
*****************
exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
cmd: net user administrador /active:yes

*****************

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]
"Default"="%SystemDrive%\Users\Default"
"ProfilesDirectory"="%SystemDrive%\Users"
"ProgramData"="%SystemDrive%\ProgramData"
"Public"="%SystemDrive%\Users\Public"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags"="12"
"ProfileImagePath"="%systemroot%\system32\config\systemprofile"
"RefCount"="1"
"Sid"="010100000000000512000000"
"State"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"Flags"="0"
"ProfileImagePath"="%systemroot%\ServiceProfiles\LocalService"
"State"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"Flags"="0"
"ProfileImagePath"="%systemroot%\ServiceProfiles\NetworkService"
"State"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3653589094-3565606866-458211961-1001]
"ProfileImagePath"="C:\Users\Utilizador"
"Flags"="0"
"FullProfile"="1"
"State"="0"
"Sid"="0105000000000005150000006658c5d9d2d786d479c24f1be9030000"
"LocalProfileLoadTimeLow"="-808288198"
"LocalProfileLoadTimeHigh"="30963158"
"ProfileAttemptedProfileDownloadTimeLow"="0"
"ProfileAttemptedProfileDownloadTimeHigh"="0"
"ProfileLoadTimeLow"="0"
"ProfileLoadTimeHigh"="0"
"LocalProfileUnloadTimeLow"="1856759704"
"LocalProfileUnloadTimeHigh"="30962195"
"RunLogonScriptSync"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3653589094-3565606866-458211961-1002]
"ProfileImagePath"="C:\Users\jcruz"
"Flags"="0"
"FullProfile"="1"
"State"="516"
"Sid"="0105000000000005150000006658c5d9d2d786d479c24f1bea030000"
"LocalProfileLoadTimeLow"="-1553827880"
"LocalProfileLoadTimeHigh"="30882821"
"ProfileAttemptedProfileDownloadTimeLow"="0"
"ProfileAttemptedProfileDownloadTimeHigh"="0"
"ProfileLoadTimeLow"="0"
"ProfileLoadTimeHigh"="0"
"RunLogonScriptSync"="0"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3653589094-3565606866-458211961-500]
"ProfileImagePath"="C:\Users\Administrador"
"Flags"="0"
"FullProfile"="1"
"State"="33024"
"Sid"="0105000000000005150000006658c5d9d2d786d479c24f1bf4010000"
"LocalProfileLoadTimeLow"="1862657860"
"LocalProfileLoadTimeHigh"="30882895"
"ProfileAttemptedProfileDownloadTimeLow"="0"
"ProfileAttemptedProfileDownloadTimeHigh"="0"
"ProfileLoadTimeLow"="0"
"ProfileLoadTimeHigh"="0"
"RunLogonScriptSync"="0"
"LocalProfileUnloadTimeLow"="-2115353072"
"LocalProfileUnloadTimeHigh"="30960126"

=== End of ExportKey ===

========= net user administrador /active:yes =========

O comando foi conclu¡do com ˆxito.



========= End of CMD: =========


==== End of Fixlog 17:49:29 ====
 

Attachments

  • Captura de ecrã 2022-06-01 174631.png
    Captura de ecrã 2022-06-01 174631.png
    98.9 KB · Views: 6
Please log out, or reboot your computer, and login into the administrador account. From the administrador account, do the following.

Run FRST Fix
Warning: This script was created for this specific system. Attempting to use the fix on another system may cause damage to the system
  • Right-click FRST64.exe then click "Run as administrator".
  • Select the entire content of the code below including "Start::" and "End::", right click and select "Copy"
  • Click Fix button once and wait
  • When finished, it will produce a log called Fixlog.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Code: 
Start::
CloseProcesses:
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service
powershell: Get-MpThreatDetection
End::

----------------------------------------------

Fresh FRST logs
  • Right-click FRST64.exe then click "Run as administrator".
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply. Due to the size of the logs, you might need to copy and paste the content of FRST.txt into one post, and copy and paste the content of Addition.txt into another post.

===============================================

In your next post
In your next post, please include the following. Make sure to copy and paste any requested logs unless asked to attach it.
  • Content of fixlog.txt
  • Content of FRST.txt
  • Content of Addition.txt
 
Hi axe0, here are the logs, i´m getting trouble, i can't find the Addition.txt which should be in the same directory of FRST (???)

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-05-2022 01
Ran by Administrador (01-06-2022 20:08:50) Run:6
Running from C:\FRST
Loaded Profiles: Utilizador & Administrador
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service
powershell: Get-MpThreatDetection

*****************

Processes closed successfully.
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service => moved successfully

========= Get-MpThreatDetection =========


========= End of Powershell: =========



The system needed a reboot.

==== End of Fixlog 20:08:58 ====



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2022 01
Ran by Administrador (administrator) on JCCRUZ (Hewlett-Packard HP EliteBook 840 G2) (01-06-2022 20:16:22)
Running from C:\FRST
Loaded Profiles: Administrador <==== ATTENTION (Temporary Profile?)
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1706 (X64) Language: Português (Portugal)
Default browser: Edge
Boot Mode: Normal

========================================================
 
I suspect you may have been too fast and copied the FRST log while the scan was still running.

FRST will let you know when it has finished, and automatically open both logs. Open FRST, click scan and wait for FRST to finish. Once FRST finished, copy both logs in your post.
 
Hi axe0, thanks for your support, i´m getting a bit ‎annoyed,‎ don't Know if i'm doing the things right, when i tried to use the Farbar tool from the "Administrador" account the extension of Farbar64.exe disapears as shown in the image attached if i run the tool from "jccruz" account it creates the FRST and Addition files but only for the first time, if i scan it for a second time the FRST is almost automatic and no Addition.txt, i'm sending you the contents from "jccruz" account.

Thanks once again for your help:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-06-2022 01
Ran by Utilizador (administrator) on JCCRUZ (Hewlett-Packard HP EliteBook 840 G2) (02-06-2022 14:08:57)
Running from C:\Users\Utilizador\Desktop
Loaded Profiles: Utilizador & Administrador
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1706 (X64) Language: Português (Portugal)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe <2>
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <2>
(DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HPHotkeyNotification.exe <2>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe <2>
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <67>
(MiniTool Software Limited -> ) C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe <2>
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe <2>
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8515832 2015-08-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [225280 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
HKLM\...\Run: [MTPW] => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632096 2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [Free Download Manager] => C:\Users\Utilizador\AppData\Local\Softdeluxe\Free Download Manager\fdm.exe [4960768 2021-04-16] (Softdeluxe) [File not signed]
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36836592 2022-05-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Utilizador\AppData\Local\Microsoft\Teams\Update.exe [2489016 2022-02-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [pteid] => C:\Program Files\Portugal Identity Card\pteidguiV2.exe [2286080 2021-12-15] (Portuguese Government) [File not signed]
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [MicrosoftEdgeAutoLaunch_275433059902538E565B89FC49C29F5C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3547064 2022-05-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3653589094-3565606866-458211961-500\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632096 2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3653589094-3565606866-458211961-500\...\Run: [MicrosoftEdgeAutoLaunch_FB8D4600C819C56C049D36FCF4727107] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3547064 2022-05-19] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\Windows\system32\WSPDFelementMonitor.dll [286264 2020-10-23] (Wondershare Technology Co.,Ltd -> Wondershare Software)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005C202E-0885-4188-B8AC-6A925A54C883} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4215192 2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {16A0587B-723F-49E5-9E2E-F3246627130C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8304592 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {1B338406-3BA9-41D4-9F05-D1A8F96BF74E} - System32\Tasks\MiniToolPartitionWizard => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
Task: {264FD1E4-2C6C-46E5-BD97-4DC5152B65C0} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4215192 2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {3817E056-FF10-4B90-AB97-32A0F597CEFE} - System32\Tasks\CCleanerSkipUAC - Utilizador => C:\Program Files\CCleaner\CCleaner.exe [30924528 2022-05-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3B20CB15-895B-4ACF-9D1C-F829DCBABE99} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144792 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DDF37A1-97B9-4ECB-9665-E59E3C164A1E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NoUACCheck
Task: {459025F3-B602-4E75-9283-85B92B41D801} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23244744 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {4913F685-99DD-49FE-96A2-A5F0266B2E17} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe /Register (No File)
Task: {54CFA062-30AA-4BAC-8E64-9A99B87F81E8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8304592 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {59147023-3086-4AD5-8EE7-930946F9D499} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [67472 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {6169AD00-B12D-4F5B-9645-0CAFB7FB427F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {74475F4C-AFA7-4C3E-A2DC-F4CCA54A7CDE} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDeviceCheck.exe /Register (No File)
Task: {8D2D9D08-C9B6-4CF3-9B4A-C88E13D2EF97} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-04-21] () [File not signed]
Task: {8E6DCF0C-5403-41E8-88BE-D842C786DBFA} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4105880 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {9506887D-2646-4E79-8651-3C5625A0C162} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4215192 2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {9EFA6245-610B-4981-9A53-D5F4B5BD5EC1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A4E7D534-1000-4CD8-A452-63218C369020} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-05-11] (Piriform Software Ltd -> Piriform)
Task: {A66AB6D9-1A00-40EF-8867-3F1C7A610961} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23244744 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {A68E1010-68E9-461E-800E-35910285CC79} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8720 => C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPCustPartic.exe [6439048 2018-04-06] (Hewlett Packard -> HP Inc.)
Task: {B96476D5-33F9-4795-92D2-B70D419A00AA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144792 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {E046D0FE-BF84-4E92-9CE3-74D5507B8E37} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E3BB00B2-85D6-42F7-9259-3737BF357B39} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {E90634D2-4FFA-4C01-8455-5A3A1B16675B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EF8D890C-29EC-48B4-8831-78FABAC2B788} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {FAFD1677-4F6B-482A-99FC-13DFA4AFA3B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3653589094-3565606866-458211961-1001] => proxyserver:80
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3eb7cafb-a097-4484-8ad7-d5df78a7ca12}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ada72b8e-5dad-49e0-a430-a36d8abc07b6}: [NameServer] 8.8.8.8,8.8.4.4,1.1.1.1
Tcpip\..\Interfaces\{ada72b8e-5dad-49e0-a430-a36d8abc07b6}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Utilizador\AppData\Local\Microsoft\Edge\User Data\Default [2022-06-02]
Edge HomePage: Default -> hxxp://www.netacad.com/
Edge StartupUrls: Default -> "hxxp://www.netacad.com/","hxxps://skillsforall.com/","hxxps://mail.google.com/"
Edge Extension: (Boomerang for Gmail) - C:\Users\Utilizador\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdpaoopmnbhmhpnpplpdanjigencjjje [2022-01-05]
Edge Profile: C:\Users\Utilizador\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-06-02]

FireFox:
========
FF DefaultProfile: 0erzjgf7.default
FF ProfilePath: C:\Users\Utilizador\AppData\Roaming\Mozilla\Firefox\Profiles\0erzjgf7.default [2021-07-27]
FF ProfilePath: C:\Users\Utilizador\AppData\Roaming\Mozilla\Firefox\Profiles\ljb7c2qe.default-release-1649860381996 [2022-06-02]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [789744 2022-05-11] (Piriform Software Ltd -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11988424 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncHelper.exe [3401112 2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
R2 HotKeyServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe [819856 2019-05-14] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [223904 2022-04-28] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 LanWlanWwanSwitchingServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe [731072 2019-05-14] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-17] (Malwarebytes Inc. -> Malwarebytes)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.099.0508.0001\OneDriveUpdaterService.exe [3842464 2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254856 2022-05-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746728 2021-11-22] (Oracle Corporation -> Oracle Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-06-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-05-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239560 2022-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [74744 2021-04-21] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [74744 2021-04-21] (Insecure.Com LLC -> Insecure.Com LLC.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń -> USBPcap)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239672 2021-11-22] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249584 2021-11-22] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [174776 2021-11-22] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2022-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [443664 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-06-02 14:08 - 2022-06-02 14:09 - 000021640 _____ C:\Users\Utilizador\Desktop\FRST.txt
2022-06-02 14:03 - 2022-06-02 14:00 - 002368000 _____ (Farbar) C:\Users\Utilizador\Desktop\EnglishFRST64.exe
2022-06-02 14:01 - 2022-06-02 14:09 - 000000000 ____D C:\FRST
2022-06-02 14:00 - 2022-06-02 14:00 - 002368000 _____ (Farbar) C:\Users\Utilizador\Downloads\FRST64.exe
2022-06-02 13:59 - 2022-06-02 13:59 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-06-02 13:36 - 2022-06-02 13:36 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Adobe
2022-06-02 13:36 - 2022-06-02 13:36 - 000000000 ____D C:\Users\TEMP\AppData\Local\SolidDocuments
2022-06-02 13:36 - 2022-06-02 13:36 - 000000000 ____D C:\Users\TEMP\AppData\Local\PlaceholderTileLogoFolder
2022-06-02 13:36 - 2022-06-02 13:36 - 000000000 ____D C:\Users\TEMP\AppData\Local\CEF
2022-06-02 13:36 - 2022-06-02 13:36 - 000000000 ____D C:\Users\TEMP\AppData\Local\Adobe
2022-06-02 13:24 - 2022-06-02 13:36 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2022-06-02 13:24 - 2022-06-02 13:36 - 000000000 ____D C:\Users\TEMP\AppData\Local\Packages
2022-06-02 13:24 - 2022-06-02 13:25 - 000002348 _____ C:\Users\TEMP\Desktop\Microsoft Edge.lnk
2022-06-02 13:24 - 2022-06-02 13:24 - 000000020 ___SH C:\Users\TEMP\ntuser.ini
2022-06-02 13:24 - 2022-06-02 13:24 - 000000000 _SHDL C:\Users\TEMP\Os Meus Documentos
2022-06-02 13:24 - 2022-06-02 13:24 - 000000000 _SHDL C:\Users\TEMP\Modelos
2022-06-02 13:24 - 2022-06-02 13:24 - 000000000 _SHDL C:\Users\TEMP\Menu Iniciar
2022-06-02 13:24 - 2022-06-02 13:24 - 000000000 _SHDL C:\Users\TEMP\Documents\Os Meus Vídeos
2022-06-02 13:24 - 2022-06-02 13:24 - 000000000 _SHDL C:\Users\TEMP\Documents\As Minhas Imagens
2022-06-02 13:24 - 2022-06-02 13:24 - 000000000 _SHDL C:\Users\TEMP\Documents\A Minha Música
2022-06-02 13:24 - 2022-06-02 13:24 - 000000000 _SHDL C:\Users\TEMP\Definições Locais
2022-06-02 13:24 - 2022-06-02 13:24 - 000000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2022-06-02 13:24 - 2022-06-02 13:24 - 000000000 _SHDL C:\Users\TEMP\AppData\Local\Histórico
2022-06-02 13:24 - 2022-06-02 13:24 - 000000000 ___RD C:\Users\TEMP\3D Objects
2022-06-02 13:24 - 2022-06-02 13:24 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\hpqLog
2022-06-02 13:24 - 2022-06-02 13:24 - 000000000 ____D C:\Users\TEMP\AppData\Local\ConnectedDevicesPlatform
2022-06-02 13:24 - 2022-06-02 13:24 - 000000000 ____D C:\Users\TEMP
2022-06-02 13:24 - 2022-05-16 20:49 - 000000000 ___RD C:\Users\TEMP\OneDrive
2022-06-02 11:48 - 2022-06-02 11:48 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-05-31 16:59 - 2022-06-01 18:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-05-22 21:22 - 2022-05-24 19:37 - 000000000 ____D C:\Users\Utilizador\VirtualBox VMs
2022-05-22 21:20 - 2022-05-31 18:11 - 000000000 ____D C:\Users\Utilizador\.VirtualBox
2022-05-22 21:19 - 2021-11-22 08:43 - 000188208 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2022-05-22 21:19 - 2021-11-22 08:42 - 001045368 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2022-05-22 19:00 - 2022-05-22 19:00 - 108383472 _____ (Oracle Corporation) C:\Users\Utilizador\Downloads\VirtualBox-6.1.30-148432-Win.exe
2022-05-17 18:30 - 2022-05-17 18:30 - 000239560 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-05-17 18:30 - 2022-05-17 18:30 - 000103888 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-05-17 18:30 - 2022-05-17 18:30 - 000021480 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-05-17 18:30 - 2022-05-17 18:30 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-05-17 18:30 - 2022-05-17 18:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-05-17 18:29 - 2022-05-17 18:30 - 000000000 ____D C:\Program Files\Malwarebytes
2022-05-17 16:43 - 2022-05-17 16:43 - 000000000 ____D C:\SFCFix
2022-05-17 14:52 - 2022-05-26 18:37 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-500
2022-05-16 20:49 - 2022-05-27 22:35 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-05-16 20:49 - 2022-05-26 18:37 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-05-16 20:49 - 2022-05-26 18:37 - 000002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-05-16 20:49 - 2022-05-16 20:49 - 000000000 ___RD C:\Users\Default\OneDrive
2022-05-16 17:25 - 2022-05-16 17:30 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2022-05-15 21:29 - 2022-06-01 23:04 - 105381888 _____ C:\Windows\system32\config\SOFTWARE
2022-05-14 23:10 - 2022-05-14 23:10 - 000000000 ___HD C:\$SysReset
2022-05-12 22:13 - 2022-05-12 22:13 - 000000000 ____D C:\ProgramData\Piriform
2022-05-11 17:06 - 2022-05-11 17:06 - 000188928 _____ C:\Windows\system32\uwfcfgmgmt.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 000093696 _____ C:\Windows\system32\Drivers\cimfs.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 000011799 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-05-11 17:02 - 2022-05-11 17:02 - 000001809 _____ C:\Users\Public\Desktop\Stellarium.lnk
2022-05-11 16:56 - 2022-05-11 16:56 - 000000000 ___HD C:\$WinREAgent
2022-05-04 20:07 - 2021-11-30 18:23 - 000000000 ____D C:\Program Files\jcryptool
2022-05-04 19:47 - 2022-05-04 19:47 - 000000000 ____D C:\Users\Utilizador\.eclipse

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-06-02 13:59 - 2021-03-31 09:10 - 000000000 ___RD C:\Users\Utilizador\OneDrive
2022-06-02 13:40 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2022-06-02 13:40 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-06-02 13:24 - 2020-11-19 00:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-06-02 13:24 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-06-02 12:47 - 2021-04-28 21:26 - 000000000 ____D C:\Users\Utilizador\Desktop\SCRIPTS DIVS
2022-06-02 12:36 - 2021-03-31 10:51 - 000000000 __SHD C:\Users\Utilizador\IntelGraphicsProfiles
2022-06-02 12:33 - 2021-07-27 12:54 - 000000000 ____D C:\Users\Utilizador\AppData\LocalLow\Mozilla
2022-06-02 12:32 - 2020-11-19 00:48 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-06-02 12:12 - 2021-06-08 20:24 - 000000000 ____D C:\Program Files\CCleaner
2022-06-02 11:52 - 2021-03-31 09:11 - 001671696 _____ C:\Windows\system32\PerfStringBackup.INI
2022-06-02 11:52 - 2019-12-07 16:10 - 000732130 _____ C:\Windows\system32\prfh0816.dat
2022-06-02 11:52 - 2019-12-07 16:10 - 000144484 _____ C:\Windows\system32\prfc0816.dat
2022-06-02 11:52 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2022-06-02 11:49 - 2021-04-06 16:03 - 000000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2022-06-02 11:47 - 2021-04-06 15:58 - 000001134 _____ C:\Windows\system32\config\VSMIDK
2022-06-02 11:47 - 2021-03-31 09:03 - 000008192 ___SH C:\DumpStack.log.tmp
2022-06-02 11:47 - 2020-11-19 00:46 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-06-01 23:04 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2022-06-01 23:03 - 2020-11-19 00:46 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-06-01 18:21 - 2022-04-13 15:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-06-01 18:15 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-06-01 17:49 - 2021-06-24 16:24 - 000004174 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{B6D416E1-DBCA-4835-B3A8-104A008BDE7D}
2022-06-01 17:48 - 2022-04-13 15:32 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-06-01 17:48 - 2022-04-13 15:32 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-05-31 16:59 - 2022-04-13 15:32 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-05-31 16:49 - 2021-09-19 13:29 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\draw.io
2022-05-31 16:48 - 2022-01-03 22:14 - 000000000 ____D C:\Program Files\draw.io
2022-05-31 14:52 - 2021-04-07 10:57 - 000000000 ____D C:\ProgramData\VirtualBox
2022-05-30 16:42 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\registration
2022-05-29 16:40 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2022-05-27 22:44 - 2021-04-06 15:45 - 000000000 ____D C:\Program Files\Microsoft Office
2022-05-27 22:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\NDF
2022-05-27 17:29 - 2021-08-25 17:29 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\Wise Uninstaller
2022-05-27 17:29 - 2021-08-24 23:24 - 000001361 _____ C:\Users\Public\Desktop\Wise Program Uninstaller.lnk
2022-05-27 17:29 - 2021-08-24 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Program Uninstaller
2022-05-26 19:44 - 2021-04-07 15:36 - 000000000 ____D C:\Users\Utilizador\AppData\Local\CrashDumps
2022-05-26 18:37 - 2021-12-12 04:48 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-1001
2022-05-26 18:36 - 2021-06-08 20:25 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-05-25 16:50 - 2021-04-07 09:23 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\Stellarium
2022-05-24 20:11 - 2021-03-31 09:07 - 000000000 ____D C:\Users\Utilizador\AppData\Local\Packages
2022-05-22 21:22 - 2021-03-31 09:07 - 000000000 ____D C:\Users\Utilizador
2022-05-19 16:43 - 2021-04-07 08:38 - 000000724 _____ C:\Users\Utilizador\.packettracer
2022-05-17 21:46 - 2021-04-07 10:00 - 000000000 ____D C:\Users\Utilizador\AppData\Local\D3DSCache
2022-05-17 18:30 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-05-17 16:43 - 2021-08-25 17:31 - 000000000 ____D C:\Users\Utilizador\AppData\Local\niemiro
2022-05-17 16:39 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2022-05-17 14:50 - 2021-03-31 10:51 - 000000000 ____D C:\Intel
2022-05-15 21:29 - 2021-04-07 22:37 - 000000000 ____D C:\Windows\Microsoft Antimalware
2022-05-13 19:31 - 2021-04-06 13:55 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\hpqLog
2022-05-12 22:33 - 2021-04-07 09:18 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\Notepad++
2022-05-12 22:20 - 2021-04-07 09:28 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\FileZilla
2022-05-12 15:53 - 2021-12-14 18:59 - 000001370 _____ C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-05-12 15:53 - 2021-12-14 18:59 - 000000000 ____D C:\Users\Utilizador\AppData\Local\PCHealthCheck
2022-05-11 17:34 - 2021-12-20 01:22 - 000000000 ____D C:\Users\Utilizador\Cisco Packet Tracer 8.1.0
2022-05-11 17:33 - 2021-07-22 22:45 - 000000000 ____D C:\Users\Utilizador\Cisco Packet Tracer 8.0.1
2022-05-11 17:15 - 2020-11-19 00:46 - 000446280 _____ C:\Windows\system32\FNTCACHE.DAT
2022-05-11 17:14 - 2021-04-06 15:57 - 000000000 ____D C:\Program Files\Hyper-V
2022-05-11 17:14 - 2019-12-07 16:13 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-05-11 17:02 - 2022-03-31 19:08 - 000000958 _____ C:\Users\Public\Desktop\Stellarium User Guide.lnk
2022-05-11 17:02 - 2021-04-07 09:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2022-05-11 17:02 - 2021-04-07 09:23 - 000000000 ____D C:\Program Files\Stellarium
2022-05-11 16:55 - 2021-04-08 12:03 - 000000000 ____D C:\Windows\system32\MRT
2022-05-11 16:54 - 2021-09-19 13:29 - 000000000 ____D C:\Users\Utilizador\AppData\Local\draw.io-updater
2022-05-11 16:53 - 2021-04-08 12:03 - 145501456 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-05-10 13:26 - 2020-11-19 00:48 - 000003674 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-05-10 13:26 - 2020-11-19 00:48 - 000003550 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-05-04 18:30 - 2022-02-17 13:36 - 000000000 ____D C:\Users\Utilizador\Desktop\NETWORK DEFENSE

==================== Files in the root of some directories ========

2021-07-27 15:46 - 2022-01-12 14:09 - 000000128 _____ () C:\Users\Utilizador\AppData\Local\PUTTY.RND
2021-05-05 18:37 - 2021-05-05 18:37 - 000007602 _____ () C:\Users\Utilizador\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2022 01
Ran by Utilizador (02-06-2022 14:10:31)
Running from C:\Users\Utilizador\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1706 (X64) (2021-03-31 08:06:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrador (S-1-5-21-3653589094-3565606866-458211961-500 - Administrator - Enabled) => C:\Users\TEMP
Convidado (S-1-5-21-3653589094-3565606866-458211961-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-3653589094-3565606866-458211961-503 - Limited - Disabled)
Utilizador (S-1-5-21-3653589094-3565606866-458211961-1001 - Administrator - Enabled) => C:\Users\Utilizador
WDAGUtilityAccount (S-1-5-21-3653589094-3565606866-458211961-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Autenticação.Gov 3.7.0 (4491) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F204491}) (Version: 3.7.4491 - Portuguese Government)
CCleaner (HKLM\...\CCleaner) (Version: 6.00 - Piriform)
Cisco Packet Tracer 8.0.1 64Bit (HKLM\...\Cisco Packet Tracer 8.0.1 64Bit_is1) (Version: - Cisco Systems, Inc.)
Cisco Packet Tracer 8.1.0 64Bit (HKLM\...\Cisco Packet Tracer 8.1.0 64Bit_is1) (Version: - Cisco Systems, Inc.)
CPUID CPU-Z 2.01 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.01 - CPUID, Inc.)
draw.io 18.1.3 (HKLM\...\27a75bf3-be48-5c35-934f-8491cf108abe) (Version: 18.1.3 - JGraph)
Estudo de aprimoramento de produto para HP OfficeJet Pro 8720 (HKLM\...\{F0BE764B-DFC9-453C-9515-12C63FB176AB}) (Version: 40.12.1161.1896 - HP Inc.)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.59.0 (HKLM-x32\...\FileZilla Client) (Version: 3.59.0 - Tim Kosse)
Free Download Manager (HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\{0C1D4CF2-5575-4786-834C-B0FC977E9714}}_is1) (Version: 6.14.1.3935 - Softdeluxe)
I.R.I.S. OCR (HKLM-x32\...\{09D14594-ADFA-49A0-BB36-3D685611DDFC}) (Version: 12.3.7.0 - HP)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Malwarebytes version 4.5.9.198 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes)
Microsoft Teams (HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Teams) (Version: 1.5.00.2164 - Microsoft Corporation)
MiniTool Partition Wizard Free 12.6 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.6 - MiniTool Software Limited)
Mozilla Firefox (x64 pt-PT) (HKLM\...\Mozilla Firefox 101.0 (x64 pt-PT)) (Version: 101.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 99.0.1 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.3.3 - Notepad++ Team)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.31 - Nmap Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20194 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 6.1.30 (HKLM\...\{9F1FFDC2-9B49-41F3-B6F1-18DC368D6CA2}) (Version: 6.1.30 - Oracle Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7561 - Realtek Semiconductor Corp.)
Stellarium 0.22.1 (HKLM\...\Stellarium_is1) (Version: 0.22.1 - Stellarium team)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.2781 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
USBPcap 1.5.4.0 (HKLM\...\USBPcap) (Version: 1.5.4.0 - Tomasz Mon)
Verificação do estado de funcionamento do PC Windows (HKLM\...\{50323A6F-77C1-4136-B3C6-AFF46C3E1CF8}) (Version: 3.7.2204.15001 - Microsoft Corporation)
Verificação do estado de funcionamento do PC Windows (HKLM\...\{ABFE1296-80CE-4FDD-924F-BEF8625C6351}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Verificação do estado de funcionamento do PC Windows (HKLM\...\{D8BFA63F-BE37-4D9F-9001-541D74D74488}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Wireshark 3.4.8 64-bit (HKLM-x32\...\Wireshark) (Version: 3.4.8 - The Wireshark developer community, hxxps://www.wireshark.org)
Wise Program Uninstaller 3.0.2 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 3.0.2 - WiseCleaner.com, Inc.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement(Build 7.6.8) (HKLM-x32\...\{77078E40-A92E-47FD-A0F6-168A4BF6CF3A}_is1) (Version: 7.6.8.5031 - Wondershare Software Co.,Ltd.)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-06-01] (HP Inc.)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.29.0_x64__v10z8vjag6ke6 [2022-06-01] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.5120.0_x64__8wekyb3d8bbwe [2022-06-01] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0 [2021-08-18] (Spotify AB) [Startup Task]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0 [2022-05-27] (Spotify AB) [Startup Task]
Suplemento do Motor Multimédia da Aplicação Fotografias -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-05-19] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3653589094-3565606866-458211961-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Utilizador\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21348.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-03-14] (Notepad++ -> )
ContextMenuHandlers1: [PeContextMenuExtension] -> {098A124A-AA1C-38C8-A65E-D1199A14516A} => C:\Program Files (x86)\Common Files\Wondershare\PDFelement\AddIns\PEShellExt_x64.dll [2020-10-23] (Wondershare Technology Co.,Ltd -> Wondershare)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\sharepoint.com -> hxxps://formacaoiefp-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2021-04-06 16:03 - 2022-06-02 11:49 - 000000436 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.27.128.1 JCCRUZ.mshome.net # 2027 6 2 1 10 49 50 708

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3653589094-3565606866-458211961-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Utilizador\Pictures\Camera Roll\632692.jpg
HKU\S-1-5-21-3653589094-3565606866-458211961-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Rede móvel 9: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Wi-Fi): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
vEthernet (Wi-Fi): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Rede móvel): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Rede móvel): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Rede móvel 6: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 10: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Rede móvel 13: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 11: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 4: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
VirtualBox Host-Only Network: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 5: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 17: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 15: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 7: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Rede móvel 12: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 16: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Ethernet): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
vEthernet (Ethernet): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (VirtualBox Host): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
vEthernet (VirtualBox Host): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Default Switch): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
vEthernet (Default Switch): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 14: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "Free Download Manager"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_275433059902538E565B89FC49C29F5C"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "pteid"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{74AE69D5-D89C-454A-8AC4-26D8D11A5A39}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{7CC5D478-D598-4E39-9390-D2A1BD923A7B}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{72B60262-0758-4D08-A96A-99D9ED2685ED}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5BAAEDB6-FCE0-4315-A5D9-2CA525095932}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{64581E9E-A039-4241-99C9-EC71EB9D07CE}C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{5008711B-ECBD-4690-9683-3A25632F191E}C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B7DB7215-A07D-4C5D-ABFD-A22BB9C231C5}] => (Block) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{62D3E442-1BD1-4D85-9351-818690D404A4}] => (Block) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{96B1D973-28E3-4495-948D-90B3A6E12873}C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe] => (Allow) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [UDP Query User{38F4C825-003E-47DC-A47A-76FF4D9B3CB6}C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe] => (Allow) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{72B2087F-3053-42F1-AB96-BAF565A434F3}] => (Block) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{0A2861DA-8B05-4C75-B88A-9F554285A0DA}] => (Block) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{64AE16CF-1417-4D37-9850-6F8E39ED7059}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{E2907D1C-B844-43BC-9BB1-FE30EE1652DE}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{443A76B7-FC38-4DA6-A1BE-8B2D421EEEAD}C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe] => (Allow) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [UDP Query User{916FEE1E-2367-4C9C-896F-24664157B9A9}C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe] => (Allow) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{298182D2-90F8-4D03-8306-2CEA91E2176C}] => (Block) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{90520ACA-F751-45C1-AA64-EDA8A83F2284}] => (Block) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{8B606F76-B19A-486D-91AD-8C558A85E247}] => (Block) C:\Program Files\Cisco Packet Tracer 8.0.1\bin\PacketTracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [TCP Query User{EADD1FC6-DEB7-438C-86B9-506C7E4C3757}C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe] => (Block) C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe (HP Inc. -> )
FirewallRules: [UDP Query User{295F0BBF-CDCB-41B3-B92E-88863A7E635B}C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe] => (Block) C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe (HP Inc. -> )
FirewallRules: [{CA196E5D-52ED-43C9-B831-4956DEC5768B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5A13EFE3-1DD2-4880-AEE5-317CA4FB84CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2BB27DF6-FB7A-43E5-A395-0D1EBF5114D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C2E05D5C-131E-4B02-802E-0C89ED774886}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5084AEC8-A322-4449-9A4F-7B13216DDACC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F91FC57F-E301-4067-A2A7-16422653E843}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{949D43D7-E767-4791-9592-343F70B7E47A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{645B5184-7EC4-4C40-AA23-EFCEDCC53164}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{10D38250-A4BA-4457-8B90-2E411F54F364}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{683B112A-3CB9-4290-8362-2C0A77AAB64E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C0F1BA87-5564-4BEB-A71B-F30E708D0C33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5EF1FDC0-D19D-4246-88B7-83518B1652FC}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxApplications.exe (HP Inc. -> HP Inc.)
FirewallRules: [{0EFFAF90-F386-46BC-BFB8-AB9B6B8AA0F7}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\DigitalWizards.exe (HP Inc. -> HP Inc.)
FirewallRules: [{AECD2D3B-36DA-4E21-8A02-E7492FE8088E}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\SendAFax.exe (HP Inc. -> HP Inc.)
FirewallRules: [{A886C570-E63D-4CCF-84F3-72B008B97547}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxPrinterUtility.exe (HP Inc. -> HP Inc.)
FirewallRules: [{331849D3-C637-4E29-8504-1436B7F72FB0}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{BB91CDD8-4F94-4856-8FDF-0C2719F7CB61}] => (Allow) LPort=5357
FirewallRules: [{5713FCB8-0613-4FBC-97D8-A1E0490BBC17}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{B6CE44D0-706C-4B2D-8B9A-5A3DC11B1678}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0139D0C4-40FB-40FF-BC1F-1B2C28BFF7BC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0BA6CDCD-C503-4B66-8515-CF1187CB5968}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\101.0.1210.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8236C1B-FB92-4E5C-9DCD-3E3B917350ED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{83182DAB-2871-40B2-AFD5-5D0D1D3F2CB7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D82ACAB9-0862-4D42-8724-7755370536DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DA4FD7B2-3729-4808-9983-0EEBD83A1580}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C4F5F11A-EA45-4493-8536-893E37BA6C0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{56B7B454-F946-495D-AA94-720202DE7A06}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3F6BDBA7-44BF-4B6D-9863-5E1B7BF0AD01}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{455C342C-044C-46BA-B074-0C4655753DDC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BA58DB51-DDCB-4B6C-AAFC-A8EC5E4A3301}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D4CB27C2-30D3-4460-B416-D1474305708B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0F8241E8-C52F-4599-B16A-9B50DEF909C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F1F0834F-ADF6-429D-87EA-1B0EC2EAF9B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Controlador de comunicações simples PCI
Description: Controlador de comunicações simples PCI
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP hs3110 HSPA+ Mobile Broadband Device
Description: HP hs3110 HSPA+ Mobile Broadband Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (06/02/2022 01:24:12 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: JCCRUZ)
Description: O Windows não consegue localizar o perfil local, pelo que está a iniciar sessão para o utilizador com um perfil temporário. As alterações efetuadas a este perfil serão perdidas quando o utilizador terminar sessão.

Error: (06/02/2022 01:24:12 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: JCCRUZ)
Description: O Windows fez uma cópia de segurança deste perfil de utilizador. O Windows irá automaticamente tentar utilizar o perfil guardado em cópia de segurança da próxima vez que este utilizador iniciar sessão.

Error: (06/02/2022 01:07:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: O otimizador de armazenamento não conseguiu concluir reotimizar em PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\1943ff7e-c2b1-4784-ae8d-a544b86e069a\BaseLayer) porque: A operação de mover ficheiros falhou. (0x89000016)

Error: (06/02/2022 01:07:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: O otimizador de armazenamento não conseguiu concluir consolidação de secções em PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\1943ff7e-c2b1-4784-ae8d-a544b86e069a\BaseLayer) porque: A operação de consolidação de secções foi abortada porque não foi possível recuperar um número suficiente de secções recuperadas (com base nos limites especificados no registo). (0x89000028)

Error: (06/02/2022 01:00:56 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: JCCRUZ)
Description: O Windows não consegue localizar o perfil local, pelo que está a iniciar sessão para o utilizador com um perfil temporário. As alterações efetuadas a este perfil serão perdidas quando o utilizador terminar sessão.

Error: (06/02/2022 01:00:56 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: JCCRUZ)
Description: O Windows fez uma cópia de segurança deste perfil de utilizador. O Windows irá automaticamente tentar utilizar o perfil guardado em cópia de segurança da próxima vez que este utilizador iniciar sessão.

Error: (06/02/2022 12:53:35 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: JCCRUZ)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy-2147024662

Error: (06/02/2022 12:50:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: svchost.exe_FrameServer, versão: 10.0.19041.1566, carimbo de data/hora: 0x1f37eb46
Nome do módulo com falha: combase.dll, versão: 10.0.19041.1682, carimbo de data/hora: 0x33a10505
Código de exceção: 0xc0000005
Desvio de falha: 0x0000000000042b28
ID do processo com falha: 0xa98
Hora de início da aplicação com falha: 0x01d87676e87382c3
Caminho da aplicação com falha: C:\Windows\System32\svchost.exe
Caminho do módulo com falha: C:\Windows\System32\combase.dll
ID do Relatório: b302fe22-d2bc-4597-b033-3880a6fabde1
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:


System errors:
=============
Error: (06/02/2022 01:10:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9WZDNCRDTBVB-MICROSOFT.WINDOWSMAPS.

Error: (06/02/2022 01:10:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9WZDNCRFJ3PT-MICROSOFT.ZUNEMUSIC.

Error: (06/02/2022 01:10:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9WZDNCRD29V9-MICROSOFT.MICROSOFTOFFICEHUB.

Error: (06/02/2022 01:10:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9WZDNCRDTBJJ-MICROSOFT.GETSTARTED.

Error: (06/02/2022 01:10:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9WZDNCRFJBD8-Microsoft.XboxApp.

Error: (06/02/2022 01:10:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9MTW6RN84LVM-Microsoft.NET.Native.Runtime.1.7.

Error: (06/02/2022 01:10:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9NZM7B1BB5TR-Microsoft.NET.Native.Framework.1.7.

Error: (06/02/2022 01:10:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9NBLGGH4LS1F-Microsoft.StorePurchaseApp.


Windows Defender:
================
Date: 2022-06-01 18:57:55
Description:
A análise de Antivírus do Microsoft Defender foi parada antes de ser concluída.
ID de Análise: {A03C5FE7-DB4D-402B-BF10-698D91D15C16}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2022-05-31 16:53:31
Description:
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe foi impedido de modificar %userprofile%\Documents pelo Acesso Controlado a Pastas.
Hora da deteção: 2022-05-31T15:53:31.092Z
Utilizador: JCCRUZ\Utilizador
Caminho: %userprofile%\Documents
Nome do Processo: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Versão das informações segurança: 1.367.779.0
Versão do Motor: 1.1.19200.6
Versão do Produto: 4.18.2203.5

Date: 2022-05-30 19:51:14
Description:
A análise de Antivírus do Microsoft Defender foi parada antes de ser concluída.
ID de Análise: {ADB212E0-52C2-499B-AEB1-2A42D6120FD3}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2022-05-30 16:55:56
Description:
A análise de Antivírus do Microsoft Defender foi parada antes de ser concluída.
ID de Análise: {365FD562-1E6A-4136-AA37-B6A4B0DFD571}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2022-05-26 18:58:30
Description:
A análise de Antivírus do Microsoft Defender foi parada antes de ser concluída.
ID de Análise: {F4BC38A0-ADDB-485B-95E2-E9B9C18B5587}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2022-06-01 19:34:45
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Hewlett-Packard M71 Ver. 01.13 01/18/2016
Motherboard: Hewlett-Packard 2216
Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
Percentage of memory in use: 42%
Total physical RAM: 16259.11 MB
Available physical RAM: 9412.7 MB
Total Virtual: 18691.11 MB
Available Virtual: 11005 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.93 GB) (Free:66.68 GB) (Model: SAMSUNG MZ7PD256HCGM-000H7) NTFS

\\?\Volume{6ef376e0-0000-0000-0000-100000000000}\ (Sistema Reservado) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.51 GB) NTFS
\\?\Volume{6ef376e0-0000-0000-0000-707e3b000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 6EF376E0)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Attachments

  • Capturar.PNG
    Capturar.PNG
    23.5 KB · Views: 11
Hi jccruz,

In Windows Explorer, if you click on "Ver" in the menu you can see something that, translated to English, shows "File name extensions" checkbox. Check that and the extension will be displayed. This is a configuration that is per user, so if you switch between accounts it is by default not checked and you have to check it for every account.

Has there been any change in the Windows Defender history detections?
 
Thanks axe0 even with the file extension displayed as you mentioned, the tool doesn't open, still i managed to download an older version that runs (Free Software Downloads and Reviews for Windows, Android, Mac, and iOS – CNET Download)

Here are the contents of the logs... by the way, if i want to scan again it only scripts a dozen of lines (weird), as for the Windows Defender History Detections still the same (populated)...

Thanks in advance once again.


PS. every time i log out from the "administrador" account when i log back in the screen shows ("Preparing Windows" as it was the first time - ???)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2017 01 (ATTENTION: ====> FRSTversion is 1873 days old and could be outdated)
Ran by Administrador (administrator) on JCCRUZ (03-06-2022 19:09:55)
Running from C:\Users\TEMP\Downloads
Loaded Profiles: Utilizador & Administrador (Available Profiles: Utilizador & Administrador) <==== ATTENTION (Temporary Profile?)
Platform: Windows 10 Pro Version 2009 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument %1)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

========================================================

C:\FRST\EnglishFRST64.exe => Win32/Suweezy? - moved successfully

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Secure System
Failed to access process -> Registry
(Microsoft Corporation) C:\Windows\System32\LsaIso.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe
(HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HPHotkeyNotification.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
() C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
Failed to access process -> vmmem
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Windows\System32\SgrmBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HPHotkeyNotification.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe
() C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Windows\system32\SecurityHealthSystray.exe [86016 2019-12-07] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8515832 2015-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [225280 2017-03-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MTPW] => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632096 2022-05-26] (Microsoft Corporation)
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [Free Download Manager] => C:\Users\Utilizador\AppData\Local\Softdeluxe\Free Download Manager\fdm.exe [4960768 2021-04-16] (Softdeluxe)
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36836592 2022-05-11] (Piriform Software Ltd)
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Utilizador\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [pteid] => C:\Program Files\Portugal Identity Card\pteidguiV2.exe [2286080 2021-12-15] (Portuguese Government)
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [MicrosoftEdgeAutoLaunch_275433059902538E565B89FC49C29F5C] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [3595192 2022-05-31] (Microsoft Corporation)
HKU\S-1-5-21-3653589094-3565606866-458211961-500\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632096 2022-05-26] (Microsoft Corporation)
HKU\S-1-5-21-3653589094-3565606866-458211961-500\...\Run: [MicrosoftEdgeAutoLaunch_FB8D4600C819C56C049D36FCF4727107] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [3595192 2022-05-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\i386\FileSyncShell.dll [2022-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\i386\FileSyncShell.dll [2022-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\i386\FileSyncShell.dll [2022-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\i386\FileSyncShell.dll [2022-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\i386\FileSyncShell.dll [2022-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\i386\FileSyncShell.dll [2022-05-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\i386\FileSyncShell.dll [2022-05-26] (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3653589094-3565606866-458211961-1001] => proxyserver:80
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3eb7cafb-a097-4484-8ad7-d5df78a7ca12}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ada72b8e-5dad-49e0-a430-a36d8abc07b6}: [NameServer] 8.8.8.8,8.8.4.4,1.1.1.1
Tcpip\..\Interfaces\{ada72b8e-5dad-49e0-a430-a36d8abc07b6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\102.0.1245.30\BHO\ie_to_edge_bho_64.dll [2022-05-31] (Microsoft Corporation)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-04-05] (Microsoft Corporation)
BHO-x32: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\102.0.1245.30\BHO\ie_to_edge_bho.dll [2022-05-31] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-02] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation)

FireFox:
========
FF Extension: (DoH Roll-Out) - C:\Program Files\Mozilla Firefox\browser\features\doh-rollout@mozilla.org.xpi [2022-05-27] [not signed]
FF Extension: (Picture-In-Picture) - C:\Program Files\Mozilla Firefox\browser\features\pictureinpicture@mozilla.org.xpi [2022-05-27] [not signed]
FF Extension: (Firefox Screenshots) - C:\Program Files\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi [2022-05-27] [not signed]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2022-05-27] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-05] (Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-04-07] (Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-02] (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AarSvc; C:\Windows\System32\AarSvc.dll [461824 2022-04-13] (Microsoft Corporation)
S3 AarSvc; C:\Windows\SysWOW64\AarSvc.dll [352256 2022-04-13] (Microsoft Corporation)
S3 AarSvc_33b8b; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 AarSvc_33b8b; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 AarSvc_426aa3; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 AarSvc_426aa3; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 AssignedAccessManagerSvc; C:\Windows\System32\assignedaccessmanagersvc.dll [896000 2022-03-09] (Microsoft Corporation)
S3 autotimesvc; C:\Windows\System32\autotimesvc.dll [114176 2021-04-06] (Microsoft Corporation)
S3 BcastDVRUserService; C:\Windows\System32\BcastDVRUserService.dll [1387520 2022-05-11] (Microsoft Corporation)
S3 BcastDVRUserService_33b8b; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 BcastDVRUserService_33b8b; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 BcastDVRUserService_426aa3; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 BcastDVRUserService_426aa3; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 BluetoothUserService; C:\Windows\System32\Microsoft.Bluetooth.UserService.dll [500736 2021-04-06] (Microsoft Corporation)
S3 BluetoothUserService_33b8b; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 BluetoothUserService_33b8b; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 BluetoothUserService_426aa3; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 BluetoothUserService_426aa3; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
R2 BrokerInfrastructure; C:\Windows\System32\psmsrv.dll [247296 2021-04-06] (Microsoft Corporation)
S3 BTAGService; C:\Windows\System32\BTAGService.dll [1023488 2021-04-06] (Microsoft Corporation)
S3 BTAGService; C:\Windows\SysWOW64\BTAGService.dll [733696 2021-04-06] (Microsoft Corporation)
S3 BthAvctpSvc; C:\Windows\System32\BthAvctpSvc.dll [391168 2022-04-13] (Microsoft Corporation)
R3 camsvc; C:\Windows\system32\CapabilityAccessManager.dll [391168 2021-04-06] (Microsoft Corporation)
S3 CaptureService; C:\Windows\System32\CaptureService.dll [130560 2021-04-06] (Microsoft Corporation)
S3 CaptureService_33b8b; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 CaptureService_33b8b; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 CaptureService_426aa3; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 CaptureService_426aa3; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 cbdhsvc; C:\Windows\System32\cbdhsvc.dll [1025024 2022-02-09] (Microsoft Corporation)
R3 cbdhsvc_33b8b; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
R3 cbdhsvc_33b8b; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
R3 cbdhsvc_426aa3; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
R3 cbdhsvc_426aa3; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [789744 2022-05-11] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11988424 2022-05-27] (Microsoft Corporation)
S3 cloudidsvc; C:\Windows\system32\cloudidsvc.dll [107520 2021-11-16] (Microsoft Corporation)
R2 CmService; C:\Windows\System32\CmService.dll [1036112 2022-04-05] (Microsoft Corporation)
S3 ConsentUxUserSvc; C:\Windows\System32\ConsentUxClient.dll [170496 2021-04-06] (Microsoft Corporation)
S3 ConsentUxUserSvc_33b8b; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 ConsentUxUserSvc_33b8b; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 ConsentUxUserSvc_426aa3; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 ConsentUxUserSvc_426aa3; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 CredentialEnrollmentManagerUserSvc; C:\Windows\system32\CredentialEnrollmentManager.exe [382696 2021-09-17] (Microsoft Corporation)
S3 CredentialEnrollmentManagerUserSvc_33b8b; C:\Windows\system32\CredentialEnrollmentManager.exe [382696 2021-09-17] (Microsoft Corporation)
S3 CredentialEnrollmentManagerUserSvc_426aa3; C:\Windows\system32\CredentialEnrollmentManager.exe [382696 2021-09-17] (Microsoft Corporation)
S3 DeviceAssociationBrokerSvc; C:\Windows\System32\deviceaccess.dll [240688 2021-04-06] (Microsoft Corporation)
S3 DeviceAssociationBrokerSvc; C:\Windows\SysWOW64\deviceaccess.dll [188536 2021-04-06] (Microsoft Corporation)
S3 DeviceAssociationBrokerSvc_33b8b; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 DeviceAssociationBrokerSvc_33b8b; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 DeviceAssociationBrokerSvc_426aa3; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 DeviceAssociationBrokerSvc_426aa3; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\Windows\System32\Windows.Devices.Picker.dll [482816 2021-04-14] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\Windows\SysWOW64\Windows.Devices.Picker.dll [342016 2021-04-14] (Microsoft Corporation)
S3 DevicePickerUserSvc_33b8b; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 DevicePickerUserSvc_33b8b; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 DevicePickerUserSvc_426aa3; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 DevicePickerUserSvc_426aa3; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 DevicesFlowUserSvc; C:\Windows\System32\DevicesFlowBroker.dll [598016 2021-05-10] (Microsoft Corporation)
S3 DevicesFlowUserSvc_33b8b; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 DevicesFlowUserSvc_33b8b; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 DevicesFlowUserSvc_426aa3; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 DevicesFlowUserSvc_426aa3; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 diagsvc; C:\Windows\system32\DiagSvc.dll [205824 2021-07-07] (Microsoft Corporation)
S4 DialogBlockingService; C:\Windows\System32\DialogBlockingService.dll [76288 2021-04-06] (Microsoft Corporation)
R2 DispBrokerDesktopSvc; C:\Windows\System32\DispBroker.Desktop.dll [379392 2022-03-09] (Microsoft Corporation)
R3 DisplayEnhancementService; C:\Windows\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [1192448 2021-04-14] (Microsoft Corporation)
R2 DusmSvc; C:\Windows\System32\dusmsvc.dll [341504 2019-12-07] (Microsoft Corporation)
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [213392 2020-11-19] (Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [213392 2020-11-19] (Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncHelper.exe [3401112 2022-05-26] (Microsoft Corporation)
S3 gcs; C:\Windows\system32\vmcomputeagent.exe [1282912 2022-05-11] (Microsoft Corporation)
S3 GraphicsPerfSvc; C:\Windows\System32\GraphicsPerfSvc.dll [106496 2021-04-06] (Microsoft Corporation)
S3 HgClientService; C:\Windows\system32\hgclientservice.dll [143872 2021-04-06] (Microsoft Corporation)
R3 hns; C:\Windows\System32\HostNetSvc.dll [3373056 2022-05-11] (Microsoft Corporation)
R2 HotKeyServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe [819856 2019-05-14] (HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [223904 2022-04-28] (HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP)
R2 hvsics; C:\Windows\System32\hvsicontainerservice.dll [1249608 2022-04-05] (Microsoft Corporation)
R2 hvsics; C:\Windows\SysWOW64\hvsicontainerservice.dll [26952 2022-04-05] (Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [372320 2020-06-04] (Intel Corporation)
R3 InstallService; C:\Windows\system32\InstallService.dll [2430976 2022-05-11] (Microsoft Corporation)
R3 InstallService; C:\Windows\SysWOW64\InstallService.dll [1839616 2022-05-11] (Microsoft Corporation)
S3 IpxlatCfgSvc; C:\Windows\System32\IpxlatCfg.dll [66048 2019-12-07] (Microsoft Corporation)
R2 LanWlanWwanSwitchingServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe [731072 2019-05-14] (HP Inc.)
S3 LxpSvc; C:\Windows\System32\LanguageOverlayServer.dll [302080 2021-04-06] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-17] (Malwarebytes)
S3 MicrosoftEdgeElevationService; C:\Program Files (x86)\Microsoft\Edge\Application\102.0.1245.30\elevation_service.exe [1656760 2022-05-31] (Microsoft Corporation)
S3 MixedRealityOpenXRSvc; C:\Windows\System32\MixedRealityRuntime.dll [134768 2021-04-06] (Microsoft Corporation)
S3 MixedRealityOpenXRSvc; C:\Windows\SysWOW64\MixedRealityRuntime.dll [104824 2021-04-06] (Microsoft Corporation)
S3 NaturalAuthentication; C:\Windows\System32\NaturalAuth.dll [454656 2021-04-06] (Microsoft Corporation)
R3 nvagent; C:\Windows\System32\NvAgent.dll [41784 2021-04-06] (Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.099.0508.0001\OneDriveUpdaterService.exe [3842464 2022-05-26] (Microsoft Corporation)
S3 perceptionsimulation; C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe [106496 2021-04-06] (Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\Windows\System32\PrintWorkflowService.dll [182272 2021-04-06] (Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\Windows\SysWOW64\PrintWorkflowService.dll [138752 2021-04-06] (Microsoft Corporation)
S3 PrintWorkflowUserSvc_33b8b; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 PrintWorkflowUserSvc_33b8b; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 PrintWorkflowUserSvc_426aa3; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 PrintWorkflowUserSvc_426aa3; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 PushToInstall; C:\Windows\system32\PushToInstall.dll [340480 2022-03-09] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312064 2015-08-19] (Realtek Semiconductor)
R3 SecurityHealthService; C:\Windows\system32\SecurityHealthService.exe [988104 2022-03-09] (Microsoft Corporation)
S3 SEMgrSvc; C:\Windows\system32\SEMgrSvc.dll [1223680 2021-04-06] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254856 2022-05-11] (Microsoft Corporation)
R2 SgrmBroker; C:\Windows\system32\SgrmBroker.exe [329504 2020-11-19] (Microsoft Corporation)
S3 SharedRealitySvc; C:\Windows\System32\SharedRealitySvc.dll [307200 2021-04-06] (Microsoft Corporation)
S3 spectrum; C:\Windows\system32\spectrum.exe [877568 2021-08-16] (Microsoft Corporation)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [382976 2021-05-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256224 2017-09-06] (Synaptics Incorporated)
R3 TokenBroker; C:\Windows\System32\TokenBroker.dll [1522176 2022-03-09] (Microsoft Corporation)
R3 TokenBroker; C:\Windows\SysWOW64\TokenBroker.dll [1235456 2022-03-09] (Microsoft Corporation)
S3 TroubleshootingSvc; C:\Windows\system32\MitigationClient.dll [487936 2021-07-07] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\SysWOW64\tzautoupdate.dll [73728 2021-04-06] (Microsoft Corporation)
S3 UdkUserSvc; C:\Windows\System32\windowsudk.shellcommon.dll [2240000 2022-02-09] (Microsoft Corporation)
S3 UdkUserSvc_33b8b; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 UdkUserSvc_33b8b; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S3 UdkUserSvc_426aa3; C:\Windows\system32\svchost.exe [59952 2022-03-09] (Microsoft Corporation)
S3 UdkUserSvc_426aa3; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-09] (Microsoft Corporation)
S4 uhssvc; C:\Program Files\Microsoft Update Health Tools\uhssvc.exe [346448 2022-03-23] (Microsoft Corporation)
R2 UsoSvc; C:\Windows\system32\usosvc.dll [569856 2022-05-11] (Microsoft Corporation)
S3 VacSvc; C:\Windows\System32\vac.dll [382720 2021-04-06] (Microsoft Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746728 2021-11-22] (Oracle Corporation)
R3 vmcompute; C:\Windows\system32\vmcompute.exe [3221856 2022-05-11] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14207824 2022-05-11] (Microsoft Corporation)
S3 WaaSMedicSvc; C:\Windows\System32\WaaSMedicSvc.dll [433152 2022-05-11] (Microsoft Corporation)
S3 WarpJITSvc; C:\Windows\System32\Windows.WARP.JITService.dll [65536 2019-12-07] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-08] (Microsoft Corporation)
S3 WFDSConMgrSvc; C:\Windows\System32\wfdsconmgrsvc.dll [677888 2021-09-17] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-08] (Microsoft Corporation)
S3 wisvc; C:\Windows\SysWOW64\flightsettings.dll [753584 2022-04-13] (Microsoft Corporation)
S3 wlpasvc; C:\Windows\System32\lpasvc.dll [1253888 2021-04-06] (Microsoft Corporation)
S3 WManSvc; C:\Windows\system32\Windows.Management.Service.dll [811520 2022-05-11] (Microsoft Corporation)
S3 WpcMonSvc; C:\Windows\System32\WpcDesktopMonSvc.dll [1870848 2022-05-11] (Microsoft Corporation)
S3 XboxGipSvc; C:\Windows\System32\XboxGipSvc.dll [72704 2021-04-06] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\System32\ibtsiva [X]
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\System32\drivers\Accelerometer.sys [57392 2022-03-24] (HP)
S3 Acx01000; C:\Windows\System32\drivers\Acx01000.sys [694272 2022-02-09] (Microsoft Corporation)
R1 afunix; C:\Windows\system32\drivers\afunix.sys [48128 2022-03-09] (Microsoft Corporation)
R1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [34304 2022-03-09] (Microsoft Corporation)
S3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [18432 2019-12-07] (Advanced Micro Devices, Inc)
S3 amdi2c; C:\Windows\System32\drivers\amdi2c.sys [45568 2019-12-07] (Advanced Micro Devices, Inc)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (Apple Inc.)
R1 bam; C:\Windows\System32\drivers\bam.sys [78136 2019-12-07] (Microsoft Corporation)
R1 BasicDisplay; C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys [68608 2021-04-14] (Microsoft Corporation)
R1 BasicRender; C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys [38912 2021-04-14] (Microsoft Corporation)
R2 bindflt; C:\Windows\system32\drivers\bindflt.sys [145760 2022-05-11] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [106496 2020-11-19] (Microsoft Corporation)
S3 BthMini; C:\Windows\System32\drivers\BTHMINI.sys [45568 2022-05-11] (Microsoft Corporation)
S0 bttflt; C:\Windows\System32\drivers\bttflt.sys [43832 2019-12-07] (Microsoft Corporation)
R3 CAD; C:\Windows\System32\drivers\CAD.sys [66576 2019-12-07] (Microsoft Corporation)
R1 CimFS; C:\Windows\System32\Drivers\CimFS.sys [93696 2022-05-11] ()
R2 CldFlt; C:\Windows\System32\drivers\cldflt.sys [495616 2022-05-11] (Microsoft Corporation)
R3 cxwmbclass; C:\Windows\System32\drivers\cxwmbclass.sys [131072 2021-04-06] (Microsoft Corporation)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [548848 2016-01-23] (Intel Corporation)
S3 e1i65x64; C:\Windows\System32\drivers\e1i65x64.sys [553984 2019-12-07] (Intel Corporation)
S3 genericusbfn; C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys [23040 2019-12-07] (Microsoft Corporation)
S3 hidspi; C:\Windows\System32\drivers\hidspi.sys [66560 2019-12-07] (Microsoft Corporation)
S3 hnswfpdriver; C:\Windows\System32\drivers\hnswfpdriver.sys [21328 2021-04-06] (Microsoft Corporation)
R0 hpdskflt; C:\Windows\System32\drivers\hpdskflt.sys [67120 2022-03-24] (HP)
R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr.sys [50752 2019-05-14] (HP Inc.)
S4 hvcrash; C:\Windows\System32\drivers\hvcrash.sys [35128 2019-12-07] (Microsoft Corporation)
R1 hvsifltr; C:\Windows\System32\drivers\hvsifltr.sys [66896 2022-04-05] (Microsoft Corporation)
R3 hvsocketcontrol; C:\Windows\system32\drivers\hvsocketcontrol.sys [36176 2021-04-06] (Microsoft Corporation)
S3 HwNClx0101; C:\Windows\System32\Drivers\mshwnclx.sys [30208 2019-12-07] (Microsoft Corporation)
S3 iaLPSS2i_GPIO2_BXT_P; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [93184 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_GPIO2_CNL; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [175104 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys [177152 2019-12-07] (Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2019-12-07] (Intel Corporation)
S0 iaStorAVC; C:\Windows\System32\drivers\iaStorAVC.sys [884752 2019-12-07] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DriverStore\FileRepository\ibtusb.inf_amd64_da5167bdd66ed8f1\ibtusb.sys [302368 2020-07-10] (Intel Corporation)
S3 intelpmax; C:\Windows\System32\drivers\intelpmax.sys [30720 2019-12-07] (Microsoft Corporation)
S3 IPT; C:\Windows\System32\drivers\ipt.sys [59704 2019-12-07] (Microsoft Corporation)
S0 ItSas35i; C:\Windows\System32\drivers\ItSas35i.sys [172344 2019-12-07] (Avago Technologies)
S3 l2bridge; C:\Windows\System32\drivers\l2bridge.sys [58888 2021-04-06] (Microsoft Corporation)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [35856 2021-04-06] (Microsoft Corporation)
S3 mausbhost; C:\Windows\System32\drivers\mausbhost.sys [537608 2019-12-07] (Microsoft Corporation)
S3 mausbip; C:\Windows\System32\drivers\mausbip.sys [64016 2019-12-07] (Microsoft Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-06-03] (Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-05-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239560 2022-05-17] (Malwarebytes)
R3 MbbCx; C:\Windows\System32\drivers\MbbCx.sys [386048 2022-04-13] (Microsoft Corporation)
S0 megasas35i; C:\Windows\System32\drivers\megasas35i.sys [105480 2019-12-07] (Avago Technologies)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [65024 2019-12-07] (Microsoft Corporation)
R3 MpKslcb6df97a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{898E975D-4DD8-42C3-A7B3-42070E75A9F8}\MpKslDrv.sys [137464 2022-06-03] (Microsoft Corporation)
R3 MsQuic; C:\Windows\System32\drivers\msquic.sys [322376 2020-11-19] (Microsoft Corporation)
S3 NDKPing; C:\Windows\System32\drivers\NDKPing.sys [72720 2019-12-07] (Microsoft Corporation)
R3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [210944 2022-04-13] (Microsoft Corporation)
R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [6824656 2018-10-12] (Intel Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [74744 2021-04-21] (Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [74744 2021-04-21] (Insecure.Com LLC.)
S0 nvdimm; C:\Windows\System32\drivers\nvdimm.sys [168464 2019-12-07] (Microsoft Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [39440 2021-04-06] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [78680 2022-04-13] (Microsoft Corporation)
S3 PktMon; C:\Windows\System32\drivers\PktMon.sys [131424 2022-05-11] (Microsoft Corporation)
S0 pmem; C:\Windows\System32\drivers\pmem.sys [142184 2022-05-11] (Microsoft Corporation)
S3 portcfg; C:\Windows\System32\drivers\portcfg.sys [27136 2019-12-07] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [62288 2022-04-13] (Microsoft Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [37336 2021-03-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] ()
S0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [42296 2019-12-07] (Microsoft Corporation)
S3 ramparser; C:\Windows\System32\drivers\ramparser.sys [44040 2021-04-06] (Microsoft Corporation)
S3 rhproxy; C:\Windows\System32\drivers\rhproxy.sys [115712 2019-12-07] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [772336 2015-08-27] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3222016 2017-03-09] (Realtek Semiconductor Corp.)
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [35128 2019-12-07] (Microsoft Corporation)
R0 SgrmAgent; C:\Windows\System32\drivers\SgrmAgent.sys [88080 2019-12-07] (Microsoft Corporation)
S0 SmartSAMD; C:\Windows\System32\drivers\SmartSAMD.sys [209720 2019-12-07] (Microsemi Corportation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [172544 2019-12-07] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51936 2017-09-06] (Synaptics Incorporated)
S3 spaceparser; C:\Windows\System32\drivers\spaceparser.sys [26624 2019-12-07] (Microsoft Corporation)
S3 SpatialGraphFilter; C:\Windows\System32\drivers\SpatialGraphFilter.sys [90936 2019-12-07] (Microsoft Corporation)
R3 Synth3dVsp; C:\Windows\System32\drivers\Synth3dVsp.sys [6656 2021-04-14] (Microsoft Corporation)
R0 Telemetry; C:\Windows\System32\drivers\IntelTA.sys [26608 2020-11-19] (Microsoft Corporation)
S3 UcmUcsiAcpiClient; C:\Windows\System32\drivers\UcmUcsiAcpiClient.sys [36864 2019-12-07] (Microsoft Corporation)
S3 UcmUcsiCx0101; C:\Windows\System32\Drivers\UcmUcsiCx.sys [113152 2020-11-19] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys [34104 2019-12-07] (Microsoft Corporation)
S3 UfxChipidea; C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\UfxChipidea.sys [110608 2019-12-07] (Microsoft Corporation)
R3 umbus; C:\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys [58368 2019-12-07] (Microsoft Corporation)
S3 UrsChipidea; C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys [32056 2019-12-07] (Microsoft Corporation)
S3 UrsSynopsys; C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys [29496 2019-12-07] (Microsoft Corporation)
S3 usbaudio2; C:\Windows\System32\drivers\usbaudio2.sys [260608 2019-12-07] (Microsoft Corporation)
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (USBPcap)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239672 2021-11-22] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249584 2021-11-22] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [174776 2021-11-22] (Oracle Corporation)
R1 VfpExt; C:\Windows\System32\drivers\vfpext.sys [1507840 2022-04-13] (Microsoft Corporation)
R3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [49192 2021-04-06] (Microsoft Corporation)
S3 VirtualRender; C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys [11264 2019-12-07] (Microsoft Corporation)
S3 vkrnlintvsc; C:\Windows\System32\drivers\vkrnlintvsc.sys [41264 2022-04-05] (Microsoft Corporation)
R3 vkrnlintvsp; C:\Windows\System32\drivers\vkrnlintvsp.sys [44344 2022-04-05] (Microsoft Corporation)
R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [2491232 2022-05-11] (Microsoft Corporation)
R0 VMSNPXY; C:\Windows\System32\drivers\VmsProxyHNic.sys [40280 2022-05-11] (Microsoft Corporation)
R3 VMSNPXYMP; C:\Windows\System32\drivers\VmsProxyHNic.sys [40280 2022-05-11] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [2491232 2022-05-11] (Microsoft Corporation)
R0 VmsProxy; C:\Windows\System32\drivers\VmsProxy.sys [52072 2022-05-11] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [2491232 2022-05-11] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [2491232 2022-05-11] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2022-04-08] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [443664 2022-04-08] (Microsoft Corporation)
S3 WdmCompanionFilter; C:\Windows\System32\drivers\WdmCompanionFilter.sys [23560 2019-12-07] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-08] (Microsoft Corporation)
R3 WinNat; C:\Windows\System32\drivers\winnat.sys [261120 2022-03-09] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: InstallService -> C:\Windows\system32\InstallService.dll (Microsoft Corporation)
NETSVC: PushToInstall -> C:\Windows\system32\PushToInstall.dll (Microsoft Corporation)
NETSVC: TroubleshootingSvc -> C:\Windows\system32\MitigationClient.dll (Microsoft Corporation)
NETSVC: LxpSvc -> C:\Windows\System32\LanguageOverlayServer.dll (Microsoft Corporation)
NETSVC: WManSvc -> C:\Windows\system32\Windows.Management.Service.dll (Microsoft Corporation)
NETSVC: TokenBroker -> C:\Windows\System32\TokenBroker.dll (Microsoft Corporation)
NETSVC: NaturalAuthentication -> C:\Windows\System32\NaturalAuth.dll (Microsoft Corporation)
NETSVC: XboxGipSvc -> C:\Windows\System32\XboxGipSvc.dll (Microsoft Corporation)
NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation)
NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation)
NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)
NETSVCx32: TokenBroker -> C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-06-03 19:09 - 2022-06-03 19:10 - 00047824 _____ C:\Users\TEMP\Downloads\FRST.txt
2022-06-03 19:09 - 2022-06-03 19:09 - 02424832 _____ (Farbar) C:\Users\TEMP\Downloads\FRST64.exe
2022-06-03 19:03 - 2022-06-03 19:03 - 00000000 ____D C:\Users\TEMP\AppData\Local\mbam
2022-06-03 18:26 - 2022-06-03 18:26 - 00000000 ____D C:\Users\TEMP\AppData\LocalLow\Adobe
2022-06-03 18:26 - 2022-06-03 18:26 - 00000000 ____D C:\Users\TEMP\AppData\Local\SolidDocuments
2022-06-03 18:26 - 2022-06-03 18:26 - 00000000 ____D C:\Users\TEMP\AppData\Local\CEF
2022-06-03 18:26 - 2022-06-03 18:26 - 00000000 ____D C:\Users\TEMP\AppData\Local\Adobe
2022-06-03 18:20 - 2022-06-03 19:09 - 00000000 ____D C:\FRST
2022-06-03 18:15 - 2022-06-03 18:15 - 00000000 ____D C:\Users\TEMP\AppData\Local\PlaceholderTileLogoFolder
2022-06-03 18:14 - 2022-06-03 19:01 - 00002348 _____ C:\Users\TEMP\Desktop\Microsoft Edge.lnk
2022-06-03 18:14 - 2022-06-03 18:26 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2022-06-03 18:14 - 2022-06-03 18:26 - 00000000 ____D C:\Users\TEMP\AppData\Local\Packages
2022-06-03 18:14 - 2022-06-03 18:14 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2022-06-03 18:14 - 2022-06-03 18:14 - 00000000 _SHDL C:\Users\TEMP\Os Meus Documentos
2022-06-03 18:14 - 2022-06-03 18:14 - 00000000 _SHDL C:\Users\TEMP\Modelos
2022-06-03 18:14 - 2022-06-03 18:14 - 00000000 _SHDL C:\Users\TEMP\Menu Iniciar
2022-06-03 18:14 - 2022-06-03 18:14 - 00000000 _SHDL C:\Users\TEMP\Documents\Os Meus Vídeos
2022-06-03 18:14 - 2022-06-03 18:14 - 00000000 _SHDL C:\Users\TEMP\Documents\As Minhas Imagens
2022-06-03 18:14 - 2022-06-03 18:14 - 00000000 _SHDL C:\Users\TEMP\Documents\A Minha Música
2022-06-03 18:14 - 2022-06-03 18:14 - 00000000 _SHDL C:\Users\TEMP\Definições Locais
2022-06-03 18:14 - 2022-06-03 18:14 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2022-06-03 18:14 - 2022-06-03 18:14 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Histórico
2022-06-03 18:14 - 2022-06-03 18:14 - 00000000 ___RD C:\Users\TEMP\3D Objects
2022-06-03 18:14 - 2022-06-03 18:14 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\hpqLog
2022-06-03 18:14 - 2022-06-03 18:14 - 00000000 ____D C:\Users\TEMP\AppData\Local\ConnectedDevicesPlatform
2022-06-03 18:14 - 2022-06-03 18:14 - 00000000 ____D C:\Users\TEMP
2022-06-03 18:14 - 2022-05-16 20:49 - 00000000 ___RD C:\Users\TEMP\OneDrive
2022-06-03 18:08 - 2022-06-03 18:08 - 00223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-06-02 14:55 - 2022-06-02 14:55 - 02368000 _____ (Farbar) C:\Users\Utilizador\Downloads\EnglishFRST64.exe
2022-05-31 16:59 - 2022-06-02 15:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2022-05-22 21:22 - 2022-05-24 19:37 - 00000000 ____D C:\Users\Utilizador\VirtualBox VMs
2022-05-22 21:20 - 2022-05-31 18:11 - 00000000 ____D C:\Users\Utilizador\.VirtualBox
2022-05-22 21:19 - 2021-11-22 08:43 - 00188208 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2022-05-22 21:19 - 2021-11-22 08:42 - 01045368 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2022-05-22 19:00 - 2022-05-22 19:00 - 108383472 _____ (Oracle Corporation) C:\Users\Utilizador\Downloads\VirtualBox-6.1.30-148432-Win.exe
2022-05-17 18:30 - 2022-05-17 18:30 - 00239560 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-05-17 18:30 - 2022-05-17 18:30 - 00103888 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-05-17 18:30 - 2022-05-17 18:30 - 00021480 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-05-17 18:30 - 2022-05-17 18:30 - 00002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-05-17 18:30 - 2022-05-17 18:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2022-05-17 18:29 - 2022-05-17 18:30 - 00000000 ____D C:\Program Files\Malwarebytes
2022-05-17 16:43 - 2022-05-17 16:43 - 00000000 ____D C:\SFCFix
2022-05-17 14:52 - 2022-05-26 18:37 - 00003588 _____ C:\Windows\System32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-500
2022-05-16 20:49 - 2022-05-27 22:35 - 00000000 ____D C:\Program Files\Microsoft OneDrive
2022-05-16 20:49 - 2022-05-26 18:37 - 00003194 _____ C:\Windows\System32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-05-16 20:49 - 2022-05-26 18:37 - 00002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-05-16 20:49 - 2022-05-16 20:49 - 00000000 ___RD C:\Users\Default\OneDrive
2022-05-16 19:18 - 2022-05-11 17:05 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthA2dp.sys
2022-05-16 19:18 - 2022-04-13 17:04 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthHfEnum.sys
2022-05-16 17:25 - 2022-05-16 17:30 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2022-05-14 23:10 - 2022-05-14 23:10 - 00000000 ___HD C:\$SysReset
2022-05-12 22:13 - 2022-05-12 22:13 - 00000000 ____D C:\ProgramData\Piriform
2022-05-11 17:06 - 2022-05-11 17:06 - 26268672 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 24272384 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 23447040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 19865600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 18768384 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 18080256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 14207824 _____ (Microsoft Corporation) C:\Windows\system32\vmms.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 08249344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 07703552 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 07548648 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 07120384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 06559072 _____ (Microsoft Corporation) C:\Windows\system32\vmchipset.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 06490624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 05820928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 05355624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 04801952 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 03656704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 03562768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 03373056 _____ (Microsoft Corporation) C:\Windows\system32\HostNetSvc.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 03336192 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 03221856 _____ (Microsoft Corporation) C:\Windows\system32\vmcompute.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 02692096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 02520056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 02491232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmswitch.sys
2022-05-11 17:06 - 2022-05-11 17:06 - 02454424 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2022-05-11 17:06 - 2022-05-11 17:06 - 02432000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 02404688 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.AppAgent.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 02401752 _____ (Microsoft Corporation) C:\Windows\system32\vmwp.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 02340304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 02221568 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppAgent.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 02138304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2022-05-11 17:06 - 2022-05-11 17:06 - 02024280 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01983328 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01957576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01722200 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01645928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.AppAgent.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01635840 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 01507680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01504104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01440504 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01353312 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01315664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01302648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01282912 _____ (Microsoft Corporation) C:\Windows\system32\VmComputeAgent.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 01264640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 01262296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01260904 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\AgentService.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 01217536 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CommonBridge.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01138024 _____ (Microsoft Corporation) C:\Windows\system32\DolbyDecMFT.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01134080 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01129600 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 01092096 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 01015944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00966656 _____ (Microsoft Corporation) C:\Windows\system32\WFS.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 00960160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DolbyDecMFT.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\CustomShellHost.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\HolographicExtensions.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00803152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2022-05-11 17:06 - 2022-05-11 17:06 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00771584 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.PrinterCustomActions.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Office2013CustomActions.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00669696 _____ (Microsoft Corporation) C:\Windows\system32\WFSR.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00614400 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2022-05-11 17:06 - 2022-05-11 17:06 - 00561152 _____ (Microsoft Corporation) C:\Windows\system32\authfwcfg.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 00539192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00532992 _____ (Microsoft Corporation) C:\Windows\system32\IESettingSync.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 00532032 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00520704 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00512000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMPOSE.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00425472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00424272 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00415232 _____ (Microsoft Corporation) C:\Windows\system32\AcGenral.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00408576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00387464 _____ (Microsoft Corporation) C:\Windows\system32\SIHClient.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 00373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authfwcfg.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00363128 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2022-05-11 17:06 - 2022-05-11 17:06 - 00344456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2022-05-11 17:06 - 2022-05-11 17:06 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 00310120 _____ (Microsoft Corporation) C:\Windows\system32\HvsiSettingsProvider.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00292712 _____ (Microsoft Corporation) C:\Windows\system32\nvspinfo.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 00268056 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_AnalogShell.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\IndexedDbLegacy.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2022-05-11 17:06 - 2022-05-11 17:06 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00214864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmsvcext.sys
2022-05-11 17:06 - 2022-05-11 17:06 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2022-05-11 17:06 - 2022-05-11 17:06 - 00188928 _____ C:\Windows\system32\uwfcfgmgmt.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\FXSUTILITY.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00150856 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Profile.HardwareId.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00149328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocket.sys
2022-05-11 17:06 - 2022-05-11 17:06 - 00146776 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 00131424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PktMon.sys
2022-05-11 17:06 - 2022-05-11 17:06 - 00130160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00098128 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00095184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys
2022-05-11 17:06 - 2022-05-11 17:06 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iemigplugin.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\fwcfg.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00052072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VmsProxy.sys
2022-05-11 17:06 - 2022-05-11 17:06 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwcfg.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00040280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VmsProxyHNic.sys
2022-05-11 17:06 - 2022-05-11 17:06 - 00038176 _____ (Microsoft Corporation) C:\Windows\system32\sbresources.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMPOSERES.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00032600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2022-05-11 17:06 - 2022-05-11 17:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\CheckNetIsolation.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CheckNetIsolation.exe
2022-05-11 17:06 - 2022-05-11 17:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TSErrRedir.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 17543168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 14760448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 10848616 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 10345720 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 09037312 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 08890016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 08022840 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 07984592 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 07650392 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 06417920 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 06375144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 06190080 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 06016696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 05114880 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 05107712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 05107712 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 04748288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 04684160 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 04630368 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 04491448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 04461528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 03945472 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 03904512 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 03828872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 03814400 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 03750912 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 03574784 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 03503896 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 03406336 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 03063296 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02992464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 02977792 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02946624 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02852176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 02844672 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02813440 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02753024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 02652672 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02632704 _____ (Microsoft Corporation) C:\Windows\system32\MapGeocoder.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02630496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02539520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02461696 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02430976 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02378752 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 02308096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.3D.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02272656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02250240 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02200768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02142208 _____ (Microsoft Corporation) C:\Windows\system32\MdmDiagnostics.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02026296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 02008400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 01949184 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01880576 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01870848 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01839616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01831424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01828984 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2022-05-11 17:05 - 2022-05-11 17:05 - 01785544 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01768960 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01752472 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01709056 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01698824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01681744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01680896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01677312 _____ (Microsoft Corporation) C:\Windows\system32\MoUsoCoreWorker.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 01657344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01580544 _____ (Microsoft Corporation) C:\Windows\system32\SpeechPal.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01572192 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 01561872 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 01511344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01506816 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01449984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01434112 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\usocoreworker.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 01396624 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2022-05-11 17:05 - 2022-05-11 17:05 - 01395040 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01335808 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01334784 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01328128 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01316704 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2022-05-11 17:05 - 2022-05-11 17:05 - 01272832 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01269080 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 01207040 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 01200888 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 01196272 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01187176 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostCommon.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01171456 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01126912 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01088864 _____ (Microsoft Corporation) C:\Windows\system32\pidgenx.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01087736 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01076928 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01053696 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2022-05-11 17:05 - 2022-05-11 17:05 - 01047040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01026560 _____ (Microsoft Corporation) C:\Windows\system32\refsutil.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 01026560 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 01011040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00964096 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00923656 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00897112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00896104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2022-05-11 17:05 - 2022-05-11 17:05 - 00889704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pidgenx.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00889424 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00885248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00885248 _____ (Microsoft Corporation) C:\Windows\system32\agentactivationruntimewindows.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00875520 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00841216 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00825344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00822224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Service.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00809344 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00776824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00766040 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00745952 _____ (Microsoft Corporation) C:\Windows\system32\BioIso.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\d3d9on12.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00737792 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00706568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00699872 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00685568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00681472 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00680784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00679424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00674040 _____ (Microsoft Corporation) C:\Windows\system32\GenValObj.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00646688 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00637744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00601944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00596992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Desktop.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2022-05-11 17:05 - 2022-05-11 17:05 - 00580960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00576336 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\usosvc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00558080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00556032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9on12.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\SettingsEnvironment.Desktop.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00546816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\InputSwitch.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00531992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2022-05-11 17:05 - 2022-05-11 17:05 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00503648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2022-05-11 17:05 - 2022-05-11 17:05 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00496360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00496352 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cldflt.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00489320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00480768 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00477040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00470536 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00468992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\PhoneOm.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2022-05-11 17:05 - 2022-05-11 17:05 - 00448000 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00445952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2022-05-11 17:05 - 2022-05-11 17:05 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\wincorlib.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00436560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00431616 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00431104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputSwitch.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00419440 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00418888 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00416840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00415344 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00403936 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00402944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00363064 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicCapsule.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneOm.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00347648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2022-05-11 17:05 - 2022-05-11 17:05 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00343488 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00330752 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00330752 _____ (Microsoft Corporation) C:\Windows\system32\dmenterprisediagnostics.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00329728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00329728 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00315048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00307984 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00306512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00302080 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00294920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.AppDefaults.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00276864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00272744 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00271872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00271648 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00266080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00264192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00255488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00254056 _____ (Microsoft Corporation) C:\Windows\system32\weretw.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00252256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00236904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00229848 _____ (Microsoft Corporation) C:\Windows\system32\dmcmnutils.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00229712 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\PeopleBand.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00223592 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00220008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spacedump.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\fwbase.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtutil.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\L2SecHC.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00202600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00199952 _____ (Microsoft Corporation) C:\Windows\system32\KerbClientShared.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00199352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00198496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00196736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\weretw.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\cimfs.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00181600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\fwmdmcsp.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00181096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00174048 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00173144 _____ (Microsoft Corporation) C:\Windows\system32\vertdll.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwbase.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00172072 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00165728 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00164240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmcmnutils.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\L2SecHC.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00152936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00147232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KerbClientShared.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\slc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00145760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00142184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pmem.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00141536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wldp.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00139600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2022-05-11 17:05 - 2022-05-11 17:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\CustomInstallExec.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00136016 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00134776 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00133800 _____ (Microsoft Corporation) C:\Windows\system32\win32u.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00125776 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicAgent.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2022-05-11 17:05 - 2022-05-11 17:05 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\vds_ps.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00105320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\bindfltapi.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00094072 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00094008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32u.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00093696 _____ C:\Windows\system32\Drivers\cimfs.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\efslsaext.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00083792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\uaspstor.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00082136 _____ (Microsoft Corporation) C:\Windows\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\autopilot.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00078024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00074432 _____ (Microsoft Corporation) C:\Windows\system32\SortWindows62.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00072032 _____ (Microsoft Corporation) C:\Windows\system32\GameInput.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00068728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SortWindows62.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00065048 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00064848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storufs.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00062800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GameInput.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\MdmDiagnosticsTool.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\WiredNetworkCSP.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthMini.SYS
2022-05-11 17:05 - 2022-05-11 17:05 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.Common.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\WiFiConfigSP.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00041296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\enrollmentapi.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00040784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00038240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpstorport.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\FaxPrinterInstaller.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicPS.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\vdsldr.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\kdcpw.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\slcext.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dmpusbstor.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\pacjsworker.exe
2022-05-11 17:05 - 2022-05-11 17:05 - 00011799 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-05-11 17:05 - 2022-05-11 17:05 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\DMAlertListener.ProxyStub.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DMAlertListener.ProxyStub.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCertResources.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\TpmCertResources.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\PhoneServiceRes.dll
2022-05-11 17:02 - 2022-05-11 17:02 - 00001809 _____ C:\Users\Public\Desktop\Stellarium.lnk
2022-05-11 16:56 - 2022-05-11 16:56 - 00000000 ___HD C:\$WinREAgent
2022-05-11 16:56 - 2022-04-26 05:07 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2022-05-11 16:56 - 2022-04-26 04:32 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2022-05-04 20:07 - 2021-11-30 18:23 - 00000000 ____D C:\Program Files\jcryptool
2022-05-04 19:47 - 2022-05-04 19:47 - 00000000 ____D C:\Users\Utilizador\.eclipse

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-06-03 19:00 - 2020-11-19 00:46 - 00000000 ____D C:\Windows\system32\SleepStudy
2022-06-03 18:35 - 2019-12-07 10:14 - 00000000 ____D C:\Windows\AppReadiness
2022-06-03 18:17 - 2021-06-08 20:24 - 00000000 ____D C:\Program Files\CCleaner
2022-06-03 18:14 - 2020-11-19 00:49 - 00000000 __RHD C:\Users\Public\AccountPictures
2022-06-03 18:14 - 2019-12-07 10:14 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2022-06-03 18:13 - 2021-03-31 09:11 - 01671696 _____ C:\Windows\system32\PerfStringBackup.INI
2022-06-03 18:13 - 2019-12-07 16:10 - 00732130 _____ C:\Windows\system32\prfh0816.dat
2022-06-03 18:13 - 2019-12-07 16:10 - 00144484 _____ C:\Windows\system32\prfc0816.dat
2022-06-03 18:13 - 2019-12-07 10:13 - 00000000 ____D C:\Windows\INF
2022-06-03 18:10 - 2021-04-06 16:03 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2022-06-03 18:10 - 2019-12-07 10:14 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-06-03 18:09 - 2021-03-31 10:51 - 00000000 __SHD C:\Users\Utilizador\IntelGraphicsProfiles
2022-06-03 18:09 - 2021-03-31 09:10 - 00000000 ___RD C:\Users\Utilizador\OneDrive
2022-06-03 18:08 - 2022-04-13 15:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-06-03 18:08 - 2021-04-06 15:58 - 00001134 _____ C:\Windows\system32\config\VSMIDK
2022-06-03 18:08 - 2021-03-31 09:03 - 00008192 ___SH C:\DumpStack.log.tmp
2022-06-03 18:08 - 2020-11-19 00:46 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2022-06-03 18:08 - 2019-12-07 10:03 - 01048576 _____ C:\Windows\system32\config\BBI
2022-06-03 16:26 - 2021-06-24 16:24 - 00004174 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B6D416E1-DBCA-4835-B3A8-104A008BDE7D}
2022-06-02 16:01 - 2022-04-13 15:32 - 00000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-06-02 15:36 - 2022-04-13 15:32 - 00001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-06-02 15:36 - 2022-04-13 15:32 - 00000000 ____D C:\Windows\System32\Tasks\Mozilla
2022-06-02 12:47 - 2021-04-28 21:26 - 00000000 ____D C:\Users\Utilizador\Desktop\SCRIPTS DIVS
2022-06-02 12:33 - 2021-07-27 12:54 - 00000000 ____D C:\Users\Utilizador\AppData\LocalLow\Mozilla
2022-06-02 12:32 - 2020-11-19 00:48 - 00002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-06-01 18:15 - 2020-11-19 00:49 - 00000000 ____D C:\ProgramData\Packages
2022-06-01 18:15 - 2019-12-07 10:14 - 00000000 ___HD C:\Program Files\WindowsApps
2022-05-31 16:49 - 2021-09-19 13:29 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\draw.io
2022-05-31 16:48 - 2022-01-03 22:14 - 00000000 ____D C:\Program Files\draw.io
2022-05-31 14:52 - 2021-04-07 10:57 - 00000000 ____D C:\ProgramData\VirtualBox
2022-05-30 16:42 - 2019-12-07 10:14 - 00000000 ____D C:\Windows\registration
2022-05-29 16:40 - 2019-12-07 10:14 - 00000000 ____D C:\Windows\LiveKernelReports
2022-05-27 22:44 - 2021-04-06 15:45 - 00000000 ____D C:\Program Files\Microsoft Office
2022-05-27 22:37 - 2019-12-07 10:14 - 00000000 ____D C:\Windows\system32\NDF
2022-05-27 17:29 - 2021-08-25 17:29 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\Wise Uninstaller
2022-05-27 17:29 - 2021-08-24 23:24 - 00001361 _____ C:\Users\Public\Desktop\Wise Program Uninstaller.lnk
2022-05-27 17:29 - 2021-08-24 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Program Uninstaller
2022-05-26 19:44 - 2021-04-07 15:36 - 00000000 ____D C:\Users\Utilizador\AppData\Local\CrashDumps
2022-05-26 18:37 - 2021-12-12 04:48 - 00003592 _____ C:\Windows\System32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-1001
2022-05-26 18:36 - 2021-06-08 20:25 - 00004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2022-05-25 16:50 - 2021-04-07 09:23 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\Stellarium
2022-05-24 20:11 - 2021-03-31 09:07 - 00000000 ____D C:\Users\Utilizador\AppData\Local\Packages
2022-05-22 21:22 - 2021-03-31 09:07 - 00000000 ____D C:\Users\Utilizador
2022-05-19 16:43 - 2021-04-07 08:38 - 00000724 _____ C:\Users\Utilizador\.packettracer
2022-05-17 21:46 - 2021-04-07 10:00 - 00000000 ____D C:\Users\Utilizador\AppData\Local\D3DSCache
2022-05-17 18:30 - 2019-12-07 10:14 - 00000000 ___HD C:\Windows\ELAMBKUP
2022-05-17 16:43 - 2021-08-25 17:31 - 00000000 ____D C:\Users\Utilizador\AppData\Local\niemiro
2022-05-17 16:39 - 2019-12-07 10:03 - 00000000 ____D C:\Windows\CbsTemp
2022-05-17 14:50 - 2021-03-31 10:51 - 00000000 ____D C:\Intel
2022-05-15 21:29 - 2021-04-07 22:37 - 00000000 ____D C:\Windows\Microsoft Antimalware
2022-05-13 19:31 - 2021-04-06 13:55 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\hpqLog
2022-05-12 22:33 - 2021-04-07 09:18 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\Notepad++
2022-05-12 22:20 - 2021-04-07 09:28 - 00000000 ____D C:\Users\Utilizador\AppData\Roaming\FileZilla
2022-05-12 15:53 - 2021-12-14 18:59 - 00001370 _____ C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-05-12 15:53 - 2021-12-14 18:59 - 00000000 ____D C:\Users\Utilizador\AppData\Local\PCHealthCheck
2022-05-11 17:34 - 2021-12-20 01:22 - 00000000 ____D C:\Users\Utilizador\Cisco Packet Tracer 8.1.0
2022-05-11 17:33 - 2021-07-22 22:45 - 00000000 ____D C:\Users\Utilizador\Cisco Packet Tracer 8.0.1
2022-05-11 17:15 - 2020-11-19 00:46 - 00446280 _____ C:\Windows\system32\FNTCACHE.DAT
2022-05-11 17:14 - 2021-04-06 15:57 - 00000000 ____D C:\Program Files\Hyper-V
2022-05-11 17:14 - 2019-12-07 16:13 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-05-11 17:14 - 2019-12-07 10:14 - 00000000 ___SD C:\Windows\system32\UNP
2022-05-11 17:14 - 2019-12-07 10:14 - 00000000 ____D C:\Windows\SystemResources
2022-05-11 17:14 - 2019-12-07 10:14 - 00000000 ____D C:\Windows\system32\migwiz
2022-05-11 17:14 - 2019-12-07 10:14 - 00000000 ____D C:\Windows\bcastdvr
2022-05-11 17:14 - 2019-12-07 10:14 - 00000000 ____D C:\Program Files\Common Files\System
2022-05-11 17:02 - 2022-03-31 19:08 - 00000958 _____ C:\Users\Public\Desktop\Stellarium User Guide.lnk
2022-05-11 17:02 - 2021-04-07 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2022-05-11 17:02 - 2021-04-07 09:23 - 00000000 ____D C:\Program Files\Stellarium
2022-05-11 16:55 - 2021-04-08 12:03 - 00000000 ____D C:\Windows\system32\MRT
2022-05-11 16:54 - 2021-09-19 13:29 - 00000000 ____D C:\Users\Utilizador\AppData\Local\draw.io-updater
2022-05-11 16:53 - 2021-04-08 12:03 - 145501456 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-05-10 13:26 - 2020-11-19 00:48 - 00003674 _____ C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-05-10 13:26 - 2020-11-19 00:48 - 00003550 _____ C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-05-04 18:30 - 2022-02-17 13:36 - 00000000 ____D C:\Users\Utilizador\Desktop\NETWORK DEFENSE

==================== Files in the root of some directories =======

2022-01-31 23:01 - 2022-01-31 23:01 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01
Ran by Administrador (03-06-2022 19:10:42)
Running from C:\Users\TEMP\Downloads
Windows 10 Pro Version 2009 (X64) (2021-03-31 08:06:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3653589094-3565606866-458211961-500 - Administrator - Enabled) => C:\Users\TEMP
Convidado (S-1-5-21-3653589094-3565606866-458211961-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-3653589094-3565606866-458211961-503 - Limited - Disabled)
Utilizador (S-1-5-21-3653589094-3565606866-458211961-1001 - Administrator - Enabled) => C:\Users\Utilizador
WDAGUtilityAccount (S-1-5-21-3653589094-3565606866-458211961-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1046-1033-7760-BC15014EA700}) (Version: 22.001.20117 - Adobe)
Autenticação.Gov 3.7.0 (4491) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F204491}) (Version: 3.7.4491 - Portuguese Government)
CCleaner (HKLM\...\CCleaner) (Version: 6.00 - Piriform)
Cisco Packet Tracer 8.0.1 64Bit (HKLM\...\Cisco Packet Tracer 8.0.1 64Bit_is1) (Version: - Cisco Systems, Inc.)
Cisco Packet Tracer 8.1.0 64Bit (HKLM\...\Cisco Packet Tracer 8.1.0 64Bit_is1) (Version: - Cisco Systems, Inc.)
CPUID CPU-Z 2.01 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.01 - CPUID, Inc.)
draw.io 18.1.3 (HKLM\...\27a75bf3-be48-5c35-934f-8491cf108abe) (Version: 18.1.3 - JGraph)
Estudo de aprimoramento de produto para HP OfficeJet Pro 8720 (HKLM\...\{F0BE764B-DFC9-453C-9515-12C63FB176AB}) (Version: 40.12.1161.1896 - HP Inc.)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.59.0 (HKLM-x32\...\FileZilla Client) (Version: 3.59.0 - Tim Kosse)
Free Download Manager (HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\{0C1D4CF2-5575-4786-834C-B0FC977E9714}}_is1) (Version: 6.14.1.3935 - Softdeluxe)
HP Dropbox Plugin (HKLM-x32\...\{58D6D905-7706-4362-BA48-3002C4134AF8}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{EEB862D4-D8FD-4D1A-A747-2AC05CA9CC22}) (Version: 36.0.41.58587 - HP)
HP OfficeJet Pro 8720 Ajuda (HKLM-x32\...\{86AB0465-84DB-450C-A598-8BAFDA029956}) (Version: 38.0.0 - HP)
HP OfficeJet Pro 8720 Software básico do dispositivo (HKLM\...\{AA3D7B68-6B47-4AE3-A3FC-DE9014A29450}) (Version: 40.15.1230.21319 - HP Inc.)
HP Software Framework (HKLM-x32\...\{4ECF8609-54CA-47E7-A462-789AC2A3A78A}) (Version: 7.1.13.1 - HP)
I.R.I.S. OCR (HKLM-x32\...\{09D14594-ADFA-49A0-BB36-3D685611DDFC}) (Version: 12.3.7.0 - HP)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Malwarebytes version 4.5.9.198 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes)
Microsoft 365 Apps para Grandes Empresas - pt-pt (HKLM\...\O365ProPlusRetail - pt-pt) (Version: 16.0.15225.20204 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 102.0.1245.30 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.161.35 - )
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 101.0.1210.53 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.099.0508.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Teams) (Version: 1.5.00.2164 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30040 (HKLM-x32\...\{5c6cccca-61ec-4667-a8d9-e133a59a5a73}) (Version: 14.29.30040.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 12.6 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.6 - MiniTool Software Limited)
Mozilla Firefox (x64 pt-PT) (HKLM\...\Mozilla Firefox 101.0 (x64 pt-PT)) (Version: 101.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 101.0 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.3.3 - Notepad++ Team)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.31 - Nmap Project)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.15225.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.15225.20194 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 6.1.30 (HKLM\...\{9F1FFDC2-9B49-41F3-B6F1-18DC368D6CA2}) (Version: 6.1.30 - Oracle Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7561 - Realtek Semiconductor Corp.)
Stellarium 0.22.1 (HKLM\...\Stellarium_is1) (Version: 0.22.1 - Stellarium team)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.2781 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
USBPcap 1.5.4.0 (HKLM\...\USBPcap) (Version: 1.5.4.0 - Tomasz Mon)
Verificação do estado de funcionamento do PC Windows (HKLM\...\{50323A6F-77C1-4136-B3C6-AFF46C3E1CF8}) (Version: 3.7.2204.15001 - Microsoft Corporation)
Verificação do estado de funcionamento do PC Windows (HKLM\...\{ABFE1296-80CE-4FDD-924F-BEF8625C6351}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Verificação do estado de funcionamento do PC Windows (HKLM\...\{D8BFA63F-BE37-4D9F-9001-541D74D74488}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Wireshark 3.4.8 64-bit (HKLM-x32\...\Wireshark) (Version: 3.4.8 - The Wireshark developer community, hxxps://www.wireshark.org)
Wise Program Uninstaller 3.0.2 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 3.0.2 - WiseCleaner.com, Inc.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement(Build 7.6.8) (HKLM-x32\...\{77078E40-A92E-47FD-A0F6-168A4BF6CF3A}_is1) (Version: 7.6.8.5031 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3653589094-3565606866-458211961-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Utilizador\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21348.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005C202E-0885-4188-B8AC-6A925A54C883} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2022-05-26] (Microsoft Corporation)
Task: {008539BF-83F9-4483-9E0A-EEEE6EAC0A08} - System32\Tasks\Microsoft\Windows\Shell\UpdateUserPictureTask
Task: {077333D6-06BA-4EA4-BDF4-1CD1439558F2} - System32\Tasks\Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask
Task: {0CBABB27-6DFC-4155-BAE7-AE919B92FEF2} - System32\Tasks\Microsoft\Windows\DirectX\DXGIAdapterCache => C:\Windows\system32\dxgiadaptercache.exe [2021-04-14] (Microsoft Corporation)
Task: {0CEC0B91-4AE9-4E8A-ACB2-3B4C811F442C} - System32\Tasks\Microsoft\Windows\WaaSMedic\PerformRemediation
Task: {0E2DCCB3-7B11-40CF-B973-90F22732E317} - System32\Tasks\Microsoft\Windows\EDP\EDP Inaccessible Credentials Task
Task: {12DF3F8A-9612-48CA-AE38-2818FA70CA73} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2021-10-14] ()
Task: {1350ACEF-5E76-4459-8E4A-6B27F80E35EA} - System32\Tasks\Microsoft\Windows\WwanSvc\OobeDiscovery
Task: {14247632-188C-44F8-A589-BE6D7041BE30} - System32\Tasks\Microsoft\Windows\Application Experience\PcaPatchDbTask => Rundll32.exe %windir%\system32\PcaSvc.dll,PcaPatchSdbTask
Task: {16A0587B-723F-49E5-9E2E-F3246627130C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2022-05-27] (Microsoft Corporation)
Task: {1AD73E95-0931-4E28-A3D5-A8B30F67052C} - System32\Tasks\Agent Activation Runtime\S-1-5-21-3653589094-3565606866-458211961-1001 => C:\Windows\System32\AgentActivationRuntimeStarter.exe [2021-05-10] ()
Task: {1B338406-3BA9-41D4-9F05-D1A8F96BF74E} - System32\Tasks\MiniToolPartitionWizard => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [2020-02-19] ()
Task: {231C7F6D-6D98-4294-8305-E21D0B822BEF} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => Firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {24BA466B-D257-47B4-B792-B6B3C6EB134F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {264FD1E4-2C6C-46E5-BD97-4DC5152B65C0} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2022-05-26] (Microsoft Corporation)
Task: {2DF04991-9FD1-4FEE-AC58-5C07E6B03043} - System32\Tasks\Microsoft\Windows\AppListBackup\Backup
Task: {304D2127-E6ED-4C82-B9B3-63B3B54A4D66} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Check And Scan
Task: {34ADEFE8-89DB-43BC-8C0B-14BB34D69F6D} - System32\Tasks\Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives
Task: {35525E8D-FD60-47BF-8D11-FA4F778C57C3} - System32\Tasks\Microsoft\Windows\Printing\EduPrintProv => C:\Windows\system32\eduprintprov.exe [2019-12-07] (Microsoft Corporation)
Task: {3817E056-FF10-4B90-AB97-32A0F597CEFE} - System32\Tasks\CCleanerSkipUAC - Utilizador => C:\Program Files\CCleaner\CCleaner.exe [2022-05-11] (Piriform Software Ltd)
Task: {3B20CB15-895B-4ACF-9D1C-F829DCBABE99} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [2022-05-27] (Microsoft Corporation)
Task: {3DDF37A1-97B9-4ECB-9665-E59E3C164A1E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NoUACCheck
Task: {3FC4BE91-4A96-48F5-8858-1628CB88EFB5} - System32\Tasks\Microsoft\Windows\Chkdsk\SyspartRepair => C:\Windows\system32\bcdboot.exe [2021-09-17] (Microsoft Corporation)
Task: {44AF7ADA-1C0D-43B1-A063-9E7581F7730B} - System32\Tasks\Microsoft\Windows\InstallService\SmartRetry
Task: {459025F3-B602-4E75-9283-85B92B41D801} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2022-05-27] (Microsoft Corporation)
Task: {47712B6A-3ADC-468B-A790-4A3C99AB4779} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\Windows\system32\ClipRenew.exe [2019-12-07] (Microsoft Corporation)
Task: {4913F685-99DD-49FE-96A2-A5F0266B2E17} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe
Task: {4A0DEFDA-A2B8-4736-88E1-A578E00D9704} - System32\Tasks\Microsoft\Windows\Input\PenSyncDataAvailable
Task: {4BCE6391-0B05-40B4-B642-910B37FB1CE6} - System32\Tasks\Microsoft\Windows\PushToInstall\Registration => Sc.exe start pushtoinstall registration
Task: {4CE67CB5-F87E-432D-A620-653BDF757189} - System32\Tasks\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner
Task: {4F2030CE-BA8E-4122-B9A8-29AA5858973E} - System32\Tasks\Microsoft\Windows\Flighting\OneSettings\RefreshCache
Task: {50547E5C-E2C7-4E6B-A78F-0683ED9A7417} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {54CFA062-30AA-4BAC-8E64-9A99B87F81E8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2022-05-27] (Microsoft Corporation)
Task: {55B1C85E-5BEF-4EDB-ADD0-ECEAEF261E7C} - System32\Tasks\Microsoft\Windows\DirectX\DirectXDatabaseUpdater => C:\Windows\system32\directxdatabaseupdater.exe [2021-04-14] (Microsoft Corporation)
Task: {571A0A5E-B60E-4A25-BEFB-ABB3C6BB6B78} - System32\Tasks\Microsoft\Windows\Workplace Join\Device-Sync
Task: {58CCC4DA-C86D-4E3D-8FAF-A7B24D8F3950} - System32\Tasks\Microsoft\Windows\StateRepository\MaintenanceTasks => Rundll32.exe %windir%\system32\Windows.StateRepositoryClient.dll,StateRepositoryDoMaintenanceTasks
Task: {59147023-3086-4AD5-8EE7-930946F9D499} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [2022-05-27] (Microsoft Corporation)
Task: {5E351EE7-F0D4-4F41-A05C-907EB1A33CE8} - System32\Tasks\Microsoft\Windows\WlanSvc\CDSSync
Task: {6169AD00-B12D-4F5B-9645-0CAFB7FB427F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [2022-04-08] (Microsoft Corporation)
Task: {66A3F618-0C70-4F70-9BBA-735CCDB43A09} - System32\Tasks\Microsoft\Windows\EDP\StorageCardEncryption Task
Task: {74475F4C-AFA7-4C3E-A2DC-F4CCA54A7CDE} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDeviceCheck.exe
Task: {7C4733D2-81D6-4CA3-B30C-E00B496B9857} - System32\Tasks\Microsoft\Windows\Input\TouchpadSyncDataAvailable
Task: {85BD5169-0606-4D76-B9C0-0E2C197EE4F9} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2020-11-19] (Microsoft Corporation) <==== ATTENTION
Task: {87094343-6C1F-4855-A6B9-305BA74AB761} - System32\Tasks\Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh
Task: {8D2D9D08-C9B6-4CF3-9B4A-C88E13D2EF97} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [2021-04-21] () <==== ATTENTION
Task: {8E6DCF0C-5403-41E8-88BE-D842C786DBFA} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [2022-05-27] (Microsoft Corporation)
Task: {9506887D-2646-4E79-8651-3C5625A0C162} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2022-05-26] (Microsoft Corporation)
Task: {9B29B882-A95C-438B-BF91-E7C31B1D82D1} - System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndContinueUpdates
Task: {9EFA6245-610B-4981-9A53-D5F4B5BD5EC1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [2022-04-08] (Microsoft Corporation)
Task: {A08D6A77-C926-4E78-9ED0-09836E2769AE} - System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdates
Task: {A2F6A24B-20D2-4E80-BD30-EA9BA66E7601} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\UsageDataFlushing
Task: {A2FADBDF-6855-42F7-BDFC-F0C510EDA9BC} - System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdatesAsUser
Task: {A499FA48-7057-4AC1-9702-44C6FD924058} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources
Task: {A4E7D534-1000-4CD8-A452-63218C369020} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2022-05-11] (Piriform)
Task: {A60D9ECB-A6F4-4FE1-9BD7-B049487A67E7} - System32\Tasks\Microsoft\Windows\International\Synchronize Language Settings
Task: {A66AB6D9-1A00-40EF-8867-3F1C7A610961} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2022-05-27] (Microsoft Corporation)
Task: {A68E1010-68E9-461E-800E-35910285CC79} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8720 => C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPCustPartic.exe [2018-04-06] (HP Inc.)
Task: {A74EF9D1-6D6B-4566-8E25-782430F970E5} - System32\Tasks\Microsoft\Windows\PushToInstall\LoginCheck => Sc.exe start pushtoinstall login
Task: {A8D2EB9E-B56D-4B04-B601-6068ADD24324} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback
Task: {AF73DAAA-53AE-4CC8-8671-BE29D886B057} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged
Task: {B480E28F-3FDC-4893-9032-9BD1EC06FEB7} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2020-11-19] (Microsoft Corporation) <==== ATTENTION
Task: {B96476D5-33F9-4795-92D2-B70D419A00AA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [2022-05-27] (Microsoft Corporation)
Task: {C4F0755B-D36A-456D-8FCB-237DC46AAA1F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler => C:\Program Files\RUXIM\PLUGscheduler.exe [2022-01-12] (Microsoft Corporation)
Task: {C5D47392-881C-422A-9BF8-E4916B55CD22} - System32\Tasks\Microsoft\Windows\USB\Usb-Notifications
Task: {CAB76809-EDC0-40D2-A888-AD9BEDF4E88A} - System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr => C:\Windows\System32\UNP\UpdateNotificationMgr.exe [2022-05-11] (Microsoft Corporation)
Task: {CADF1293-5495-426F-8E37-A30F69274AF4} - System32\Tasks\Microsoft\Windows\Input\LocalUserSyncDataAvailable
Task: {D3AFD31F-6E12-4760-AFB9-313F4540A67A} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\UsageDataReporting
Task: {DA42085F-11E4-4EE1-A363-1898204812F5} - System32\Tasks\Microsoft\Windows\Input\MouseSyncDataAvailable
Task: {E046D0FE-BF84-4E92-9CE3-74D5507B8E37} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [2022-04-08] (Microsoft Corporation)
Task: {E90634D2-4FFA-4C01-8455-5A3A1B16675B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [2022-04-08] (Microsoft Corporation)
Task: {EC3EFE4E-A2E4-4C66-975C-CA2EFD0D42CD} - System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndScanForUpdates
Task: {ED513DB2-B737-4595-A83C-6B34F0F6DF1B} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\Windows\system32\ClipRenew.exe [2019-12-07] (Microsoft Corporation)
Task: {F8FEDA28-6261-4385-844A-684E6C988577} - System32\Tasks\Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh
Task: {FAFD1677-4F6B-482A-99FC-13DFA4AFA3B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2021-11-18] (Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2020-11-19 03:49 - 2020-11-19 03:49 - 00064552 _____ () C:\Windows\system32\UMPDC.dll
2020-11-19 03:49 - 2020-11-19 03:49 - 00064552 _____ () c:\windows\system32\UMPDC.dll
2020-11-19 03:49 - 2020-11-19 03:49 - 00064552 _____ () C:\Windows\SYSTEM32\UMPDC.dll
2021-06-13 21:38 - 2021-06-13 21:38 - 00657464 _____ () C:\Windows\System32\windowmanagementapi.dll
2021-10-14 11:20 - 2021-10-14 11:20 - 00706536 _____ () C:\Windows\system32\TextShaping.dll
2021-04-06 14:02 - 2021-04-06 14:02 - 00455168 _____ () c:\windows\system32\SSDM.dll
2020-11-19 03:51 - 2020-11-19 03:51 - 00045880 _____ () C:\Windows\system32\HvSocket.dll
2020-11-19 03:49 - 2020-11-19 03:49 - 00064552 _____ () C:\Windows\System32\UMPDC.dll
2021-10-14 11:20 - 2021-10-14 11:20 - 00706536 _____ () C:\Windows\SYSTEM32\TextShaping.dll
2021-06-13 21:38 - 2021-06-13 21:38 - 00657464 _____ () C:\Windows\System32\WindowManagementAPI.dll
2021-04-06 14:04 - 2021-04-06 14:04 - 00095744 _____ () C:\Windows\System32\VirtualMonitorManager.dll
2021-04-06 14:02 - 2021-04-06 14:02 - 00363520 _____ () C:\Windows\System32\Windows.Internal.UI.Shell.WindowTabManager.dll
2019-12-07 10:08 - 2019-12-07 10:08 - 00499200 _____ () C:\Windows\ShellExperiences\TileControl.dll
2021-08-16 14:36 - 2021-08-16 14:36 - 02158592 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2022-03-14 12:28 - 2022-03-14 12:28 - 00229288 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2022-04-08 15:29 - 2022-04-08 15:29 - 00029184 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2019-12-07 10:08 - 2019-12-07 10:08 - 00039424 _____ () C:\Windows\System32\usocoreps.dll
2022-02-09 13:51 - 2022-02-09 13:51 - 00793416 _____ () C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
2021-06-13 21:38 - 2021-06-13 21:38 - 00657464 _____ () C:\Windows\SYSTEM32\WindowManagementAPI.dll
2022-05-11 17:06 - 2022-05-11 17:06 - 00461312 _____ () C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Search.Core.dll
2022-05-17 18:30 - 2022-05-17 18:30 - 03594936 _____ () C:\Program Files\Malwarebytes\Anti-Malware\libGLESv2.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 06416304 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.AppCore.WinRT.dll
2022-05-21 18:37 - 2022-05-21 18:38 - 00830976 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 03800496 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.ScreenMirroring.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 00536464 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.Background.CX.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 00764848 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.Connectivity.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 01488816 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.Connectivity.YPP.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 00135088 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.Flyouts.WinRT.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 01218992 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.Calling.CX.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 01450928 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.Calling.WinRT.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 00546224 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.Contacts.WinRT.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 01178032 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.ScreenMirroring.WinRT.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 00747440 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.Devices.WinRT.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 01034672 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.Photos.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 03805616 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.Messaging.WinRT.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 00187824 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.Notifications.WinRT.dll
2022-06-01 18:15 - 2022-06-01 18:15 - 01308592 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.Contacts.dll
2022-05-26 18:37 - 2022-05-26 18:37 - 00057248 _____ () C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncRNWin32Lib.dll
2021-04-27 16:25 - 2021-04-27 16:25 - 05013504 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
2021-04-27 16:25 - 2021-04-27 16:25 - 00671232 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\GraphControl.dll
2021-04-27 16:25 - 2021-04-27 16:25 - 00028672 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\TraceLogging.dll
2022-05-21 18:36 - 2022-05-26 19:01 - 01223024 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2020-06-04 18:44 - 2020-06-04 18:44 - 00400256 _____ () C:\Windows\system32\igfxTray.exe
2021-12-01 18:23 - 2020-02-19 13:08 - 00219616 _____ () C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe
2021-12-01 18:23 - 2021-10-20 13:38 - 00025456 _____ () C:\Program Files\MiniTool Partition Wizard 12\idriver.dll
2021-12-01 18:23 - 2021-11-15 17:36 - 03255664 _____ () C:\Program Files\MiniTool Partition Wizard 12\ikernel.dll
2021-12-01 18:23 - 2021-11-15 11:46 - 01406320 _____ () C:\Program Files\MiniTool Partition Wizard 12\PowerDataRecoveryCore.dll
2021-12-01 18:23 - 2019-11-08 11:13 - 00026592 _____ () C:\Program Files\MiniTool Partition Wizard 12\efs.dll
2021-12-01 18:23 - 2020-12-21 15:55 - 00369136 _____ () C:\Program Files\MiniTool Partition Wizard 12\RawObject.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 00288768 _____ () C:\Windows\System32\Windows.Management.InprocObjects.dll
2022-05-11 09:16 - 2022-05-11 09:16 - 00229952 _____ () C:\Program Files\CCleaner\lang\lang-2070.dll
2022-03-09 13:33 - 2022-03-09 13:33 - 02260992 _____ () C:\Windows\system32\TextInputMethodFormatter.dll
2022-06-02 12:32 - 2022-05-31 08:21 - 05856664 _____ () C:\Program Files (x86)\Microsoft\Edge\Application\102.0.1245.30\libglesv2.dll
2022-06-02 12:32 - 2022-05-31 08:21 - 00480648 _____ () C:\Program Files (x86)\Microsoft\Edge\Application\102.0.1245.30\libegl.dll
2022-06-02 12:32 - 2022-05-31 08:18 - 04040632 _____ () C:\Program Files (x86)\Microsoft\Edge\Application\102.0.1245.30\vk_swiftshader.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\TEMP\Downloads\FRST64.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Utilizador\Desktop\putty.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Utilizador\Desktop\SFCFix.exe:SmartScreen [7]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hvsifltr => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsQuic => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcCtnrSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\sharepoint.com -> hxxps://formacaoiefp-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3653589094-3565606866-458211961-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Utilizador\Pictures\Camera Roll\632692.jpg
HKU\S-1-5-21-3653589094-3565606866-458211961-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "Free Download Manager"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_275433059902538E565B89FC49C29F5C"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "pteid"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-DeviceManagement-OmaDmClient-TCP-Out] => (Allow) %SystemRoot%\system32\omadmclient.exe
FirewallRules: [Microsoft-Windows-DeviceManagement-deviceenroller-TCP-Out] => (Allow) %SystemRoot%\system32\deviceenroller.exe
FirewallRules: [Microsoft-Windows-DeviceManagement-CertificateInstall-TCP-Out] => (Allow) %SystemRoot%\system32\dmcertinst.exe
FirewallRules: [{74AE69D5-D89C-454A-8AC4-26D8D11A5A39}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe
FirewallRules: [{7CC5D478-D598-4E39-9390-D2A1BD923A7B}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe
FirewallRules: [{72B60262-0758-4D08-A96A-99D9ED2685ED}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5BAAEDB6-FCE0-4315-A5D9-2CA525095932}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [TCP Query User{64581E9E-A039-4241-99C9-EC71EB9D07CE}C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe
FirewallRules: [UDP Query User{5008711B-ECBD-4690-9683-3A25632F191E}C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe
FirewallRules: [{B7DB7215-A07D-4C5D-ABFD-A22BB9C231C5}] => (Block) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe
FirewallRules: [{62D3E442-1BD1-4D85-9351-818690D404A4}] => (Block) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe
FirewallRules: [HNS Container Networking - DNS (UDP-In) - 8DB1D574-6F63-4657-9747-16782E9CF5E5 - 0] => (Allow) LPort=53
FirewallRules: [TCP Query User{96B1D973-28E3-4495-948D-90B3A6E12873}C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe] => (Allow) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe
FirewallRules: [UDP Query User{38F4C825-003E-47DC-A47A-76FF4D9B3CB6}C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe] => (Allow) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe
FirewallRules: [{72B2087F-3053-42F1-AB96-BAF565A434F3}] => (Block) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe
FirewallRules: [{0A2861DA-8B05-4C75-B88A-9F554285A0DA}] => (Block) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe
FirewallRules: [{64AE16CF-1417-4D37-9850-6F8E39ED7059}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe
FirewallRules: [{E2907D1C-B844-43BC-9BB1-FE30EE1652DE}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{443A76B7-FC38-4DA6-A1BE-8B2D421EEEAD}C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe] => (Allow) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe
FirewallRules: [UDP Query User{916FEE1E-2367-4C9C-896F-24664157B9A9}C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe] => (Allow) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe
FirewallRules: [{298182D2-90F8-4D03-8306-2CEA91E2176C}] => (Block) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe
FirewallRules: [{90520ACA-F751-45C1-AA64-EDA8A83F2284}] => (Block) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe
FirewallRules: [{8B606F76-B19A-486D-91AD-8C558A85E247}] => (Block) %ProgramFiles%\Cisco Packet Tracer 8.0.1\bin\PacketTracer.exe
FirewallRules: [TCP Query User{EADD1FC6-DEB7-438C-86B9-506C7E4C3757}C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe] => (Block) C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe
FirewallRules: [UDP Query User{295F0BBF-CDCB-41B3-B92E-88863A7E635B}C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe] => (Block) C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe
FirewallRules: [{CA196E5D-52ED-43C9-B831-4956DEC5768B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5A13EFE3-1DD2-4880-AEE5-317CA4FB84CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{2BB27DF6-FB7A-43E5-A395-0D1EBF5114D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{C2E05D5C-131E-4B02-802E-0C89ED774886}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5084AEC8-A322-4449-9A4F-7B13216DDACC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F91FC57F-E301-4067-A2A7-16422653E843}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{949D43D7-E767-4791-9592-343F70B7E47A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{645B5184-7EC4-4C40-AA23-EFCEDCC53164}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [HNS Container Networking - DNS (UDP-In) - 18014A47-E5E0-4AC9-8992-DC6A7AA3637B - 0] => (Allow) LPort=53
FirewallRules: [{10D38250-A4BA-4457-8B90-2E411F54F364}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{683B112A-3CB9-4290-8362-2C0A77AAB64E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C0F1BA87-5564-4BEB-A71B-F30E708D0C33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5EF1FDC0-D19D-4246-88B7-83518B1652FC}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxApplications.exe
FirewallRules: [{0EFFAF90-F386-46BC-BFB8-AB9B6B8AA0F7}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\DigitalWizards.exe
FirewallRules: [{AECD2D3B-36DA-4E21-8A02-E7492FE8088E}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\SendAFax.exe
FirewallRules: [{A886C570-E63D-4CCF-84F3-72B008B97547}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxPrinterUtility.exe
FirewallRules: [{331849D3-C637-4E29-8504-1436B7F72FB0}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\DeviceSetup.exe
FirewallRules: [{BB91CDD8-4F94-4856-8FDF-0C2719F7CB61}] => (Allow) LPort=5357
FirewallRules: [{5713FCB8-0613-4FBC-97D8-A1E0490BBC17}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [HNS Container Networking - DNS (UDP-In) - 58FFFF85-1882-48EE-92CB-6E2834E5638A - 0] => (Allow) LPort=53
FirewallRules: [{B6CE44D0-706C-4B2D-8B9A-5A3DC11B1678}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0139D0C4-40FB-40FF-BC1F-1B2C28BFF7BC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0BA6CDCD-C503-4B66-8515-CF1187CB5968}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\101.0.1210.53\msedgewebview2.exe
FirewallRules: [{C8236C1B-FB92-4E5C-9DCD-3E3B917350ED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
FirewallRules: [{83182DAB-2871-40B2-AFD5-5D0D1D3F2CB7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
FirewallRules: [{D82ACAB9-0862-4D42-8724-7755370536DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
FirewallRules: [{DA4FD7B2-3729-4808-9983-0EEBD83A1580}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
FirewallRules: [{C4F5F11A-EA45-4493-8536-893E37BA6C0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{56B7B454-F946-495D-AA94-720202DE7A06}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3F6BDBA7-44BF-4B6D-9863-5E1B7BF0AD01}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{455C342C-044C-46BA-B074-0C4655753DDC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{BA58DB51-DDCB-4B6C-AAFC-A8EC5E4A3301}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{D4CB27C2-30D3-4460-B416-D1474305708B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{0F8241E8-C52F-4599-B16A-9B50DEF909C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F1F0834F-ADF6-429D-87EA-1B0EC2EAF9B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{76E94054-46AC-4700-BA06-D2F1D1C5FB8B}] => (Allow) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
FirewallRules: [HNS Container Networking - DNS (UDP-In) - 8E46A90F-CE39-40DA-B2CD-BCFCCCFA3419 - 0] => (Allow) LPort=53
FirewallRules: [HNS Container Networking - DNS (UDP-In) - 519007CE-7F97-4249-9847-F38DC8B8389B - 0] => (Allow) LPort=53
FirewallRules: [HNS Container Networking - DNS (UDP-In) - 09F95D45-5DA9-41F4-B0AC-EA5F51E0955B - 0] => (Allow) LPort=53
FirewallRules: [HNS Container Networking - DNS (UDP-In) - 8AFFBE92-18BA-4D05-B886-76DF1CB4B8F8 - 0] => (Allow) LPort=53
FirewallRules: [HNS Container Networking - DNS (UDP-In) - 90D3E516-58F8-47FA-995D-F4A37E013275 - 0] => (Allow) LPort=53

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Controlador de comunicações simples PCI
Description: Controlador de comunicações simples PCI
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP hs3110 HSPA+ Mobile Broadband Device
Description: HP hs3110 HSPA+ Mobile Broadband Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2022 06:14:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: bad_module_info, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0x00000000
Desvio de falha: 0x0000000000000000
ID do processo com falha: 0x7a4
Hora de início da aplicação com falha: 0x01d8776d5bc8d77f
Caminho da aplicação com falha: bad_module_info
Caminho do módulo com falha: unknown
ID do Relatório: dfd5f8f8-c4a4-4668-b6c0-e3868db218ac
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:

Error: (06/03/2022 06:14:17 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: JCCRUZ)
Description: O Windows não consegue localizar o perfil local, pelo que está a iniciar sessão para o utilizador com um perfil temporário. As alterações efetuadas a este perfil serão perdidas quando o utilizador terminar sessão.

Error: (06/03/2022 06:14:17 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: JCCRUZ)
Description: O Windows fez uma cópia de segurança deste perfil de utilizador. O Windows irá automaticamente tentar utilizar o perfil guardado em cópia de segurança da próxima vez que este utilizador iniciar sessão.

Error: (06/03/2022 06:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: bad_module_info, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0x00000000
Desvio de falha: 0x0000000000000000
ID do processo com falha: 0xdc8
Hora de início da aplicação com falha: 0x01d8776c92ca25e0
Caminho da aplicação com falha: bad_module_info
Caminho do módulo com falha: unknown
ID do Relatório: 36e4f3f2-0cd3-4891-aab8-75e7e8673a25
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:


System errors:
=============
Error: (06/03/2022 06:04:12 PM) (Source: DCOM) (EventID: 10000) (User: JCCRUZ)
Description: Não foi possível iniciar um Servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. O erro:
"2147942767"
Ocorreu ao iniciar este comando:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (06/03/2022 04:29:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9WZDNCRDTBVB-MICROSOFT.WINDOWSMAPS.

Error: (06/03/2022 04:29:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9WZDNCRFJ3PT-MICROSOFT.ZUNEMUSIC.

Error: (06/03/2022 04:28:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9WZDNCRD29V9-MICROSOFT.MICROSOFTOFFICEHUB.

Error: (06/03/2022 04:28:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9WZDNCRFJBD8-Microsoft.XboxApp.

Error: (06/03/2022 04:28:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9MTW6RN84LVM-Microsoft.NET.Native.Runtime.1.7.

Error: (06/03/2022 04:28:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9NZM7B1BB5TR-Microsoft.NET.Native.Framework.1.7.

Error: (06/03/2022 04:28:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9NBLGGH4QGHW-Microsoft.MicrosoftStickyNotes.

Error: (06/03/2022 04:28:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9NBLGGH4R32N-Microsoft.WindowsFeedbackHub.

Error: (06/03/2022 04:28:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9NG1H8B3ZC7M-Microsoft.MixedReality.Portal.


CodeIntegrity:
===================================
Date: 2022-06-03 18:43:52.7690000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-06-02 19:48:02.6330000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-06-01 19:34:45.8710000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-06-01 18:57:31.0040000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-06-01 18:11:13.0160000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-05-29 17:23:20.5690000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-05-27 22:59:22.4820000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-05-25 19:48:43.7230000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-05-23 02:13:30.4120000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-05-21 18:29:34.3500000Z
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
Percentage of memory in use: 35%
Total physical RAM: 16259.11 MB
Available physical RAM: 10532.63 MB
Total Virtual: 18691.11 MB
Available Virtual: 12366.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.93 GB) (Free:66.6 GB) NTFS
Drive d: (Disco Local) (Fixed) (Total:465.73 GB) (Free:170.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 6EF376E0)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: FDCE466A)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Axe0, finally i got fresh logs with the FARBAR tool updated from their site...



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-06-2022 01
Ran by Administrador (administrator) on JCCRUZ (Hewlett-Packard HP EliteBook 840 G2) (03-06-2022 20:05:37)
Running from C:\Users\TEMP\Desktop
Loaded Profiles: Utilizador & Administrador <==== ATTENTION (Temporary Profile?)
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1706 (X64) Language: Português (Portugal)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe <2>
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <5>
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <2>
(DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HPHotkeyNotification.exe <2>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <50>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe <2>
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(MiniTool Software Limited -> ) C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe <2>
(svchost.exe ->) 0 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe <2>
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8515832 2015-08-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [225280 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
HKLM\...\Run: [MTPW] => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632096 2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [Free Download Manager] => C:\Users\Utilizador\AppData\Local\Softdeluxe\Free Download Manager\fdm.exe [4960768 2021-04-16] (Softdeluxe) [File not signed]
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36836592 2022-05-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Utilizador\AppData\Local\Microsoft\Teams\Update.exe [2489016 2022-02-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [pteid] => C:\Program Files\Portugal Identity Card\pteidguiV2.exe [2286080 2021-12-15] (Portuguese Government) [File not signed]
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [MicrosoftEdgeAutoLaunch_275433059902538E565B89FC49C29F5C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3595192 2022-05-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3653589094-3565606866-458211961-500\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632096 2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3653589094-3565606866-458211961-500\...\Run: [MicrosoftEdgeAutoLaunch_FB8D4600C819C56C049D36FCF4727107] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3595192 2022-05-31] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\Windows\system32\WSPDFelementMonitor.dll [286264 2020-10-23] (Wondershare Technology Co.,Ltd -> Wondershare Software)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005C202E-0885-4188-B8AC-6A925A54C883} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4215192 2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {16A0587B-723F-49E5-9E2E-F3246627130C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8304592 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {1B338406-3BA9-41D4-9F05-D1A8F96BF74E} - System32\Tasks\MiniToolPartitionWizard => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
Task: {231C7F6D-6D98-4294-8305-E21D0B822BEF} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {24BA466B-D257-47B4-B792-B6B3C6EB134F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {264FD1E4-2C6C-46E5-BD97-4DC5152B65C0} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4215192 2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {3817E056-FF10-4B90-AB97-32A0F597CEFE} - System32\Tasks\CCleanerSkipUAC - Utilizador => C:\Program Files\CCleaner\CCleaner.exe [30924528 2022-05-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3B20CB15-895B-4ACF-9D1C-F829DCBABE99} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144792 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DDF37A1-97B9-4ECB-9665-E59E3C164A1E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NoUACCheck
Task: {459025F3-B602-4E75-9283-85B92B41D801} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23244744 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {4913F685-99DD-49FE-96A2-A5F0266B2E17} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe /Register (No File)
Task: {54CFA062-30AA-4BAC-8E64-9A99B87F81E8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8304592 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {59147023-3086-4AD5-8EE7-930946F9D499} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [67472 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {6169AD00-B12D-4F5B-9645-0CAFB7FB427F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {74475F4C-AFA7-4C3E-A2DC-F4CCA54A7CDE} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDeviceCheck.exe /Register (No File)
Task: {8D2D9D08-C9B6-4CF3-9B4A-C88E13D2EF97} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-04-21] () [File not signed]
Task: {8E6DCF0C-5403-41E8-88BE-D842C786DBFA} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4105880 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {9506887D-2646-4E79-8651-3C5625A0C162} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4215192 2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {9EFA6245-610B-4981-9A53-D5F4B5BD5EC1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A4E7D534-1000-4CD8-A452-63218C369020} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-05-11] (Piriform Software Ltd -> Piriform)
Task: {A66AB6D9-1A00-40EF-8867-3F1C7A610961} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23244744 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {A68E1010-68E9-461E-800E-35910285CC79} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8720 => C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPCustPartic.exe [6439048 2018-04-06] (Hewlett Packard -> HP Inc.)
Task: {B96476D5-33F9-4795-92D2-B70D419A00AA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144792 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {E046D0FE-BF84-4E92-9CE3-74D5507B8E37} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E90634D2-4FFA-4C01-8455-5A3A1B16675B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FAFD1677-4F6B-482A-99FC-13DFA4AFA3B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3653589094-3565606866-458211961-1001] => proxyserver:80
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3eb7cafb-a097-4484-8ad7-d5df78a7ca12}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ada72b8e-5dad-49e0-a430-a36d8abc07b6}: [NameServer] 8.8.8.8,8.8.4.4,1.1.1.1
Tcpip\..\Interfaces\{ada72b8e-5dad-49e0-a430-a36d8abc07b6}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\TEMP\AppData\Local\Microsoft\Edge\User Data\Default [2022-06-03]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [789744 2022-05-11] (Piriform Software Ltd -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11988424 2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncHelper.exe [3401112 2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
R2 HotKeyServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe [819856 2019-05-14] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [223904 2022-04-28] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 LanWlanWwanSwitchingServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe [731072 2019-05-14] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-17] (Malwarebytes Inc. -> Malwarebytes)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.099.0508.0001\OneDriveUpdaterService.exe [3842464 2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254856 2022-05-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746728 2021-11-22] (Oracle Corporation -> Oracle Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-05-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239560 2022-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKslcb6df97a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{898E975D-4DD8-42C3-A7B3-42070E75A9F8}\MpKslDrv.sys [137464 2022-06-03] (Microsoft Windows -> Microsoft Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [74744 2021-04-21] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [74744 2021-04-21] (Insecure.Com LLC -> Insecure.Com LLC.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń -> USBPcap)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239672 2021-11-22] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249584 2021-11-22] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [174776 2021-11-22] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2022-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [443664 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-06-03 20:05 - 2022-06-03 20:06 - 000021278 _____ C:\Users\TEMP\Desktop\FRST.txt
2022-06-03 20:05 - 2022-06-03 19:38 - 002368000 _____ (Farbar) C:\Users\TEMP\Desktop\EnglishFRST64.exe
2022-06-03 20:02 - 2022-06-03 20:02 - 000001786 _____ C:\Users\Utilizador\Desktop\Addition.txt
2022-06-03 20:02 - 2022-06-03 20:02 - 000000061 _____ C:\Users\Utilizador\Desktop\FRST.txt
2022-06-03 19:40 - 2022-06-03 19:42 - 000040449 _____ C:\Users\Utilizador\Downloads\Addition.txt
2022-06-03 19:39 - 2022-06-03 20:05 - 000000000 ____D C:\FRST
2022-06-03 19:39 - 2022-06-03 19:42 - 000035685 _____ C:\Users\Utilizador\Downloads\FRST.txt
2022-06-03 19:37 - 2022-06-03 19:38 - 002368000 _____ (Farbar) C:\Users\Utilizador\Desktop\EnglishFRST64.exe
2022-06-03 19:36 - 2022-06-03 19:36 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Mozilla
2022-06-03 19:36 - 2022-06-03 19:36 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Mozilla
2022-06-03 19:36 - 2022-06-03 19:36 - 000000000 ____D C:\Users\TEMP\AppData\Local\Mozilla
2022-06-03 19:18 - 2022-06-03 19:18 - 002368000 _____ (Farbar) C:\Users\TEMP\Downloads\FRST64.exe
2022-06-03 19:03 - 2022-06-03 19:03 - 000000000 ____D C:\Users\TEMP\AppData\Local\mbam
2022-06-03 18:26 - 2022-06-03 18:26 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Adobe
2022-06-03 18:26 - 2022-06-03 18:26 - 000000000 ____D C:\Users\TEMP\AppData\Local\SolidDocuments
2022-06-03 18:26 - 2022-06-03 18:26 - 000000000 ____D C:\Users\TEMP\AppData\Local\CEF
2022-06-03 18:26 - 2022-06-03 18:26 - 000000000 ____D C:\Users\TEMP\AppData\Local\Adobe
2022-06-03 18:15 - 2022-06-03 18:15 - 000000000 ____D C:\Users\TEMP\AppData\Local\PlaceholderTileLogoFolder
2022-06-03 18:14 - 2022-06-03 19:01 - 000002348 _____ C:\Users\TEMP\Desktop\Microsoft Edge.lnk
2022-06-03 18:14 - 2022-06-03 18:26 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2022-06-03 18:14 - 2022-06-03 18:26 - 000000000 ____D C:\Users\TEMP\AppData\Local\Packages
2022-06-03 18:14 - 2022-06-03 18:14 - 000000020 ___SH C:\Users\TEMP\ntuser.ini
2022-06-03 18:14 - 2022-06-03 18:14 - 000000000 _SHDL C:\Users\TEMP\Os Meus Documentos
2022-06-03 18:14 - 2022-06-03 18:14 - 000000000 _SHDL C:\Users\TEMP\Modelos
2022-06-03 18:14 - 2022-06-03 18:14 - 000000000 _SHDL C:\Users\TEMP\Menu Iniciar
2022-06-03 18:14 - 2022-06-03 18:14 - 000000000 _SHDL C:\Users\TEMP\Documents\Os Meus Vídeos
2022-06-03 18:14 - 2022-06-03 18:14 - 000000000 _SHDL C:\Users\TEMP\Documents\As Minhas Imagens
2022-06-03 18:14 - 2022-06-03 18:14 - 000000000 _SHDL C:\Users\TEMP\Documents\A Minha Música
2022-06-03 18:14 - 2022-06-03 18:14 - 000000000 _SHDL C:\Users\TEMP\Definições Locais
2022-06-03 18:14 - 2022-06-03 18:14 - 000000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2022-06-03 18:14 - 2022-06-03 18:14 - 000000000 _SHDL C:\Users\TEMP\AppData\Local\Histórico
2022-06-03 18:14 - 2022-06-03 18:14 - 000000000 ___RD C:\Users\TEMP\3D Objects
2022-06-03 18:14 - 2022-06-03 18:14 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\hpqLog
2022-06-03 18:14 - 2022-06-03 18:14 - 000000000 ____D C:\Users\TEMP\AppData\Local\ConnectedDevicesPlatform
2022-06-03 18:14 - 2022-06-03 18:14 - 000000000 ____D C:\Users\TEMP
2022-06-03 18:14 - 2022-05-16 20:49 - 000000000 ___RD C:\Users\TEMP\OneDrive
2022-06-03 18:08 - 2022-06-03 18:08 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-05-31 16:59 - 2022-06-02 15:36 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-05-22 21:22 - 2022-05-24 19:37 - 000000000 ____D C:\Users\Utilizador\VirtualBox VMs
2022-05-22 21:20 - 2022-05-31 18:11 - 000000000 ____D C:\Users\Utilizador\.VirtualBox
2022-05-22 21:19 - 2021-11-22 08:43 - 000188208 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2022-05-22 21:19 - 2021-11-22 08:42 - 001045368 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2022-05-22 19:00 - 2022-05-22 19:00 - 108383472 _____ (Oracle Corporation) C:\Users\Utilizador\Downloads\VirtualBox-6.1.30-148432-Win.exe
2022-05-17 18:30 - 2022-05-17 18:30 - 000239560 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-05-17 18:30 - 2022-05-17 18:30 - 000103888 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-05-17 18:30 - 2022-05-17 18:30 - 000021480 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-05-17 18:30 - 2022-05-17 18:30 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-05-17 18:30 - 2022-05-17 18:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-05-17 18:29 - 2022-05-17 18:30 - 000000000 ____D C:\Program Files\Malwarebytes
2022-05-17 16:43 - 2022-05-17 16:43 - 000000000 ____D C:\SFCFix
2022-05-17 14:52 - 2022-05-26 18:37 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-500
2022-05-16 20:49 - 2022-05-27 22:35 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-05-16 20:49 - 2022-05-26 18:37 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-05-16 20:49 - 2022-05-26 18:37 - 000002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-05-16 20:49 - 2022-05-16 20:49 - 000000000 ___RD C:\Users\Default\OneDrive
2022-05-16 17:25 - 2022-05-16 17:30 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2022-05-15 21:29 - 2022-06-03 18:08 - 105381888 _____ C:\Windows\system32\config\SOFTWARE
2022-05-14 23:10 - 2022-05-14 23:10 - 000000000 ___HD C:\$SysReset
2022-05-12 22:13 - 2022-05-12 22:13 - 000000000 ____D C:\ProgramData\Piriform
2022-05-11 17:06 - 2022-05-11 17:06 - 000188928 _____ C:\Windows\system32\uwfcfgmgmt.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 000093696 _____ C:\Windows\system32\Drivers\cimfs.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 000011799 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-05-11 17:02 - 2022-05-11 17:02 - 000001809 _____ C:\Users\Public\Desktop\Stellarium.lnk
2022-05-11 16:56 - 2022-05-11 16:56 - 000000000 ___HD C:\$WinREAgent
2022-05-04 20:07 - 2021-11-30 18:23 - 000000000 ____D C:\Program Files\jcryptool
2022-05-04 19:47 - 2022-05-04 19:47 - 000000000 ____D C:\Users\Utilizador\.eclipse

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-06-03 20:01 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-06-03 19:00 - 2020-11-19 00:46 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-06-03 18:35 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2022-06-03 18:17 - 2021-06-08 20:24 - 000000000 ____D C:\Program Files\CCleaner
2022-06-03 18:14 - 2020-11-19 00:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-06-03 18:14 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-06-03 18:13 - 2021-03-31 09:11 - 001671696 _____ C:\Windows\system32\PerfStringBackup.INI
2022-06-03 18:13 - 2019-12-07 16:10 - 000732130 _____ C:\Windows\system32\prfh0816.dat
2022-06-03 18:13 - 2019-12-07 16:10 - 000144484 _____ C:\Windows\system32\prfc0816.dat
2022-06-03 18:13 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2022-06-03 18:10 - 2021-04-06 16:03 - 000000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2022-06-03 18:09 - 2021-03-31 10:51 - 000000000 __SHD C:\Users\Utilizador\IntelGraphicsProfiles
2022-06-03 18:09 - 2021-03-31 09:10 - 000000000 ___RD C:\Users\Utilizador\OneDrive
2022-06-03 18:08 - 2022-04-13 15:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-06-03 18:08 - 2021-04-06 15:58 - 000001134 _____ C:\Windows\system32\config\VSMIDK
2022-06-03 18:08 - 2021-03-31 09:03 - 000008192 ___SH C:\DumpStack.log.tmp
2022-06-03 18:08 - 2020-11-19 00:46 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-06-03 18:08 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2022-06-03 16:26 - 2021-06-24 16:24 - 000004174 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{B6D416E1-DBCA-4835-B3A8-104A008BDE7D}
2022-06-02 16:01 - 2022-04-13 15:32 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-06-02 15:36 - 2022-04-13 15:32 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-06-02 15:36 - 2022-04-13 15:32 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-06-02 12:47 - 2021-04-28 21:26 - 000000000 ____D C:\Users\Utilizador\Desktop\SCRIPTS DIVS
2022-06-02 12:33 - 2021-07-27 12:54 - 000000000 ____D C:\Users\Utilizador\AppData\LocalLow\Mozilla
2022-06-02 12:32 - 2020-11-19 00:48 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-06-01 18:15 - 2020-11-19 00:49 - 000000000 ____D C:\ProgramData\Packages
2022-06-01 18:15 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-05-31 16:49 - 2021-09-19 13:29 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\draw.io
2022-05-31 16:48 - 2022-01-03 22:14 - 000000000 ____D C:\Program Files\draw.io
2022-05-31 14:52 - 2021-04-07 10:57 - 000000000 ____D C:\ProgramData\VirtualBox
2022-05-30 16:42 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\registration
2022-05-29 16:40 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2022-05-27 22:44 - 2021-04-06 15:45 - 000000000 ____D C:\Program Files\Microsoft Office
2022-05-27 22:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\NDF
2022-05-27 17:29 - 2021-08-25 17:29 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\Wise Uninstaller
2022-05-27 17:29 - 2021-08-24 23:24 - 000001361 _____ C:\Users\Public\Desktop\Wise Program Uninstaller.lnk
2022-05-27 17:29 - 2021-08-24 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Program Uninstaller
2022-05-26 19:44 - 2021-04-07 15:36 - 000000000 ____D C:\Users\Utilizador\AppData\Local\CrashDumps
2022-05-26 18:37 - 2021-12-12 04:48 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-1001
2022-05-26 18:36 - 2021-06-08 20:25 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-05-25 16:50 - 2021-04-07 09:23 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\Stellarium
2022-05-24 20:11 - 2021-03-31 09:07 - 000000000 ____D C:\Users\Utilizador\AppData\Local\Packages
2022-05-22 21:22 - 2021-03-31 09:07 - 000000000 ____D C:\Users\Utilizador
2022-05-19 16:43 - 2021-04-07 08:38 - 000000724 _____ C:\Users\Utilizador\.packettracer
2022-05-17 21:46 - 2021-04-07 10:00 - 000000000 ____D C:\Users\Utilizador\AppData\Local\D3DSCache
2022-05-17 18:30 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-05-17 16:43 - 2021-08-25 17:31 - 000000000 ____D C:\Users\Utilizador\AppData\Local\niemiro
2022-05-17 16:39 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2022-05-17 14:50 - 2021-03-31 10:51 - 000000000 ____D C:\Intel
2022-05-15 21:29 - 2021-04-07 22:37 - 000000000 ____D C:\Windows\Microsoft Antimalware
2022-05-13 19:31 - 2021-04-06 13:55 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\hpqLog
2022-05-12 22:33 - 2021-04-07 09:18 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\Notepad++
2022-05-12 22:20 - 2021-04-07 09:28 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\FileZilla
2022-05-12 15:53 - 2021-12-14 18:59 - 000001370 _____ C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-05-12 15:53 - 2021-12-14 18:59 - 000000000 ____D C:\Users\Utilizador\AppData\Local\PCHealthCheck
2022-05-11 17:34 - 2021-12-20 01:22 - 000000000 ____D C:\Users\Utilizador\Cisco Packet Tracer 8.1.0
2022-05-11 17:33 - 2021-07-22 22:45 - 000000000 ____D C:\Users\Utilizador\Cisco Packet Tracer 8.0.1
2022-05-11 17:15 - 2020-11-19 00:46 - 000446280 _____ C:\Windows\system32\FNTCACHE.DAT
2022-05-11 17:14 - 2021-04-06 15:57 - 000000000 ____D C:\Program Files\Hyper-V
2022-05-11 17:14 - 2019-12-07 16:13 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-05-11 17:02 - 2022-03-31 19:08 - 000000958 _____ C:\Users\Public\Desktop\Stellarium User Guide.lnk
2022-05-11 17:02 - 2021-04-07 09:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2022-05-11 17:02 - 2021-04-07 09:23 - 000000000 ____D C:\Program Files\Stellarium
2022-05-11 16:55 - 2021-04-08 12:03 - 000000000 ____D C:\Windows\system32\MRT
2022-05-11 16:54 - 2021-09-19 13:29 - 000000000 ____D C:\Users\Utilizador\AppData\Local\draw.io-updater
2022-05-11 16:53 - 2021-04-08 12:03 - 145501456 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-05-10 13:26 - 2020-11-19 00:48 - 000003674 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-05-10 13:26 - 2020-11-19 00:48 - 000003550 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-05-04 18:30 - 2022-02-17 13:36 - 000000000 ____D C:\Users\Utilizador\Desktop\NETWORK DEFENSE

==================== FLock ==============================

2022-05-12 22:20 C:\Users\Utilizador\AppData\Roaming\FileZilla
2021-08-04 21:25 C:\Users\Utilizador\AppData\Local\FileZilla

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2022 01
Ran by Administrador (03-06-2022 20:06:48)
Running from C:\Users\TEMP\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1706 (X64) (2021-03-31 08:06:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrador (S-1-5-21-3653589094-3565606866-458211961-500 - Administrator - Enabled) => C:\Users\TEMP
Convidado (S-1-5-21-3653589094-3565606866-458211961-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-3653589094-3565606866-458211961-503 - Limited - Disabled)
Utilizador (S-1-5-21-3653589094-3565606866-458211961-1001 - Administrator - Enabled) => C:\Users\Utilizador
WDAGUtilityAccount (S-1-5-21-3653589094-3565606866-458211961-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Autenticação.Gov 3.7.0 (4491) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F204491}) (Version: 3.7.4491 - Portuguese Government)
CCleaner (HKLM\...\CCleaner) (Version: 6.00 - Piriform)
Cisco Packet Tracer 8.0.1 64Bit (HKLM\...\Cisco Packet Tracer 8.0.1 64Bit_is1) (Version: - Cisco Systems, Inc.)
Cisco Packet Tracer 8.1.0 64Bit (HKLM\...\Cisco Packet Tracer 8.1.0 64Bit_is1) (Version: - Cisco Systems, Inc.)
CPUID CPU-Z 2.01 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.01 - CPUID, Inc.)
draw.io 18.1.3 (HKLM\...\27a75bf3-be48-5c35-934f-8491cf108abe) (Version: 18.1.3 - JGraph)
Estudo de aprimoramento de produto para HP OfficeJet Pro 8720 (HKLM\...\{F0BE764B-DFC9-453C-9515-12C63FB176AB}) (Version: 40.12.1161.1896 - HP Inc.)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.59.0 (HKLM-x32\...\FileZilla Client) (Version: 3.59.0 - Tim Kosse)
Free Download Manager (HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\{0C1D4CF2-5575-4786-834C-B0FC977E9714}}_is1) (Version: 6.14.1.3935 - Softdeluxe)
I.R.I.S. OCR (HKLM-x32\...\{09D14594-ADFA-49A0-BB36-3D685611DDFC}) (Version: 12.3.7.0 - HP)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Malwarebytes version 4.5.9.198 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes)
Microsoft Teams (HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Teams) (Version: 1.5.00.2164 - Microsoft Corporation)
MiniTool Partition Wizard Free 12.6 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.6 - MiniTool Software Limited)
Mozilla Firefox (x64 pt-PT) (HKLM\...\Mozilla Firefox 101.0 (x64 pt-PT)) (Version: 101.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 101.0 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.3.3 - Notepad++ Team)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.31 - Nmap Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20194 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 6.1.30 (HKLM\...\{9F1FFDC2-9B49-41F3-B6F1-18DC368D6CA2}) (Version: 6.1.30 - Oracle Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7561 - Realtek Semiconductor Corp.)
Stellarium 0.22.1 (HKLM\...\Stellarium_is1) (Version: 0.22.1 - Stellarium team)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.2781 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
USBPcap 1.5.4.0 (HKLM\...\USBPcap) (Version: 1.5.4.0 - Tomasz Mon)
Verificação do estado de funcionamento do PC Windows (HKLM\...\{50323A6F-77C1-4136-B3C6-AFF46C3E1CF8}) (Version: 3.7.2204.15001 - Microsoft Corporation)
Verificação do estado de funcionamento do PC Windows (HKLM\...\{ABFE1296-80CE-4FDD-924F-BEF8625C6351}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Verificação do estado de funcionamento do PC Windows (HKLM\...\{D8BFA63F-BE37-4D9F-9001-541D74D74488}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Wireshark 3.4.8 64-bit (HKLM-x32\...\Wireshark) (Version: 3.4.8 - The Wireshark developer community, hxxps://www.wireshark.org)
Wise Program Uninstaller 3.0.2 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 3.0.2 - WiseCleaner.com, Inc.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement(Build 7.6.8) (HKLM-x32\...\{77078E40-A92E-47FD-A0F6-168A4BF6CF3A}_is1) (Version: 7.6.8.5031 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3653589094-3565606866-458211961-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Utilizador\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21348.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-03-14] (Notepad++ -> )
ContextMenuHandlers1: [PeContextMenuExtension] -> {098A124A-AA1C-38C8-A65E-D1199A14516A} => C:\Program Files (x86)\Common Files\Wondershare\PDFelement\AddIns\PEShellExt_x64.dll [2020-10-23] (Wondershare Technology Co.,Ltd -> Wondershare)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.099.0508.0001\FileSyncShell64.dll [2022-05-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-27] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\sharepoint.com -> hxxps://formacaoiefp-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2021-04-06 16:03 - 2022-06-03 18:10 - 000000436 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.24.16.1 JCCRUZ.mshome.net # 2027 6 3 2 17 10 33 126

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3653589094-3565606866-458211961-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Utilizador\Pictures\Camera Roll\632692.jpg
HKU\S-1-5-21-3653589094-3565606866-458211961-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Rede móvel 9: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 6: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 10: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
vEthernet (Wi-Fi): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
vEthernet (Wi-Fi): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Default Switch): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
vEthernet (Default Switch): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 13: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Rede móvel): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Rede móvel): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
vEthernet (Ethernet): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
vEthernet (Ethernet): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 11: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 4: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
VirtualBox Host-Only Network: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 5: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 17: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 15: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 7: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 12: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 16: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 14: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (VirtualBox Host): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
vEthernet (VirtualBox Host): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "Free Download Manager"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_275433059902538E565B89FC49C29F5C"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "pteid"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{74AE69D5-D89C-454A-8AC4-26D8D11A5A39}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{7CC5D478-D598-4E39-9390-D2A1BD923A7B}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{72B60262-0758-4D08-A96A-99D9ED2685ED}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5BAAEDB6-FCE0-4315-A5D9-2CA525095932}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{64581E9E-A039-4241-99C9-EC71EB9D07CE}C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{5008711B-ECBD-4690-9683-3A25632F191E}C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B7DB7215-A07D-4C5D-ABFD-A22BB9C231C5}] => (Block) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{62D3E442-1BD1-4D85-9351-818690D404A4}] => (Block) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{96B1D973-28E3-4495-948D-90B3A6E12873}C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe] => (Allow) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [UDP Query User{38F4C825-003E-47DC-A47A-76FF4D9B3CB6}C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe] => (Allow) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{72B2087F-3053-42F1-AB96-BAF565A434F3}] => (Block) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{0A2861DA-8B05-4C75-B88A-9F554285A0DA}] => (Block) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{64AE16CF-1417-4D37-9850-6F8E39ED7059}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{E2907D1C-B844-43BC-9BB1-FE30EE1652DE}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{443A76B7-FC38-4DA6-A1BE-8B2D421EEEAD}C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe] => (Allow) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [UDP Query User{916FEE1E-2367-4C9C-896F-24664157B9A9}C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe] => (Allow) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{298182D2-90F8-4D03-8306-2CEA91E2176C}] => (Block) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{90520ACA-F751-45C1-AA64-EDA8A83F2284}] => (Block) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{8B606F76-B19A-486D-91AD-8C558A85E247}] => (Block) C:\Program Files\Cisco Packet Tracer 8.0.1\bin\PacketTracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [TCP Query User{EADD1FC6-DEB7-438C-86B9-506C7E4C3757}C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe] => (Block) C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe (HP Inc. -> )
FirewallRules: [UDP Query User{295F0BBF-CDCB-41B3-B92E-88863A7E635B}C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe] => (Block) C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe (HP Inc. -> )
FirewallRules: [{CA196E5D-52ED-43C9-B831-4956DEC5768B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5A13EFE3-1DD2-4880-AEE5-317CA4FB84CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2BB27DF6-FB7A-43E5-A395-0D1EBF5114D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C2E05D5C-131E-4B02-802E-0C89ED774886}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5084AEC8-A322-4449-9A4F-7B13216DDACC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F91FC57F-E301-4067-A2A7-16422653E843}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{949D43D7-E767-4791-9592-343F70B7E47A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{645B5184-7EC4-4C40-AA23-EFCEDCC53164}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{10D38250-A4BA-4457-8B90-2E411F54F364}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{683B112A-3CB9-4290-8362-2C0A77AAB64E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C0F1BA87-5564-4BEB-A71B-F30E708D0C33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5EF1FDC0-D19D-4246-88B7-83518B1652FC}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxApplications.exe (HP Inc. -> HP Inc.)
FirewallRules: [{0EFFAF90-F386-46BC-BFB8-AB9B6B8AA0F7}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\DigitalWizards.exe (HP Inc. -> HP Inc.)
FirewallRules: [{AECD2D3B-36DA-4E21-8A02-E7492FE8088E}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\SendAFax.exe (HP Inc. -> HP Inc.)
FirewallRules: [{A886C570-E63D-4CCF-84F3-72B008B97547}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxPrinterUtility.exe (HP Inc. -> HP Inc.)
FirewallRules: [{331849D3-C637-4E29-8504-1436B7F72FB0}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{BB91CDD8-4F94-4856-8FDF-0C2719F7CB61}] => (Allow) LPort=5357
FirewallRules: [{5713FCB8-0613-4FBC-97D8-A1E0490BBC17}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{B6CE44D0-706C-4B2D-8B9A-5A3DC11B1678}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0139D0C4-40FB-40FF-BC1F-1B2C28BFF7BC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0BA6CDCD-C503-4B66-8515-CF1187CB5968}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\101.0.1210.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8236C1B-FB92-4E5C-9DCD-3E3B917350ED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{83182DAB-2871-40B2-AFD5-5D0D1D3F2CB7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D82ACAB9-0862-4D42-8724-7755370536DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DA4FD7B2-3729-4808-9983-0EEBD83A1580}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C4F5F11A-EA45-4493-8536-893E37BA6C0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{56B7B454-F946-495D-AA94-720202DE7A06}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3F6BDBA7-44BF-4B6D-9863-5E1B7BF0AD01}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{455C342C-044C-46BA-B074-0C4655753DDC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BA58DB51-DDCB-4B6C-AAFC-A8EC5E4A3301}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D4CB27C2-30D3-4460-B416-D1474305708B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0F8241E8-C52F-4599-B16A-9B50DEF909C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F1F0834F-ADF6-429D-87EA-1B0EC2EAF9B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.186.857.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Controlador de comunicações simples PCI
Description: Controlador de comunicações simples PCI
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP hs3110 HSPA+ Mobile Broadband Device
Description: HP hs3110 HSPA+ Mobile Broadband Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (06/03/2022 06:14:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: bad_module_info, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0x00000000
Desvio de falha: 0x0000000000000000
ID do processo com falha: 0x7a4
Hora de início da aplicação com falha: 0x01d8776d5bc8d77f
Caminho da aplicação com falha: bad_module_info
Caminho do módulo com falha: unknown
ID do Relatório: dfd5f8f8-c4a4-4668-b6c0-e3868db218ac
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:

Error: (06/03/2022 06:14:17 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: JCCRUZ)
Description: O Windows não consegue localizar o perfil local, pelo que está a iniciar sessão para o utilizador com um perfil temporário. As alterações efetuadas a este perfil serão perdidas quando o utilizador terminar sessão.

Error: (06/03/2022 06:14:17 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: JCCRUZ)
Description: O Windows fez uma cópia de segurança deste perfil de utilizador. O Windows irá automaticamente tentar utilizar o perfil guardado em cópia de segurança da próxima vez que este utilizador iniciar sessão.

Error: (06/03/2022 06:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: bad_module_info, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0x00000000
Desvio de falha: 0x0000000000000000
ID do processo com falha: 0xdc8
Hora de início da aplicação com falha: 0x01d8776c92ca25e0
Caminho da aplicação com falha: bad_module_info
Caminho do módulo com falha: unknown
ID do Relatório: 36e4f3f2-0cd3-4891-aab8-75e7e8673a25
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:


System errors:
=============
Error: (06/03/2022 06:04:12 PM) (Source: DCOM) (EventID: 10000) (User: JCCRUZ)
Description: Não foi possível iniciar um Servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. O erro:
"2147942767"
Ocorreu ao iniciar este comando:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (06/03/2022 04:29:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9WZDNCRDTBVB-MICROSOFT.WINDOWSMAPS.

Error: (06/03/2022 04:29:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9WZDNCRFJ3PT-MICROSOFT.ZUNEMUSIC.

Error: (06/03/2022 04:28:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9WZDNCRD29V9-MICROSOFT.MICROSOFTOFFICEHUB.

Error: (06/03/2022 04:28:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9WZDNCRFJBD8-Microsoft.XboxApp.

Error: (06/03/2022 04:28:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9MTW6RN84LVM-Microsoft.NET.Native.Runtime.1.7.

Error: (06/03/2022 04:28:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9NZM7B1BB5TR-Microsoft.NET.Native.Framework.1.7.

Error: (06/03/2022 04:28:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na instalação: O Windows falhou a instalação da seguinte atualização com o erro 0x80073d23: 9NBLGGH4QGHW-Microsoft.MicrosoftStickyNotes.


Windows Defender:
================
Date: 2022-06-01 18:57:55
Description:
A análise de Antivírus do Microsoft Defender foi parada antes de ser concluída.
ID de Análise: {A03C5FE7-DB4D-402B-BF10-698D91D15C16}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2022-05-31 16:53:31
Description:
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe foi impedido de modificar %userprofile%\Documents pelo Acesso Controlado a Pastas.
Hora da deteção: 2022-05-31T15:53:31.092Z
Utilizador: JCCRUZ\Utilizador
Caminho: %userprofile%\Documents
Nome do Processo: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Versão das informações segurança: 1.367.779.0
Versão do Motor: 1.1.19200.6
Versão do Produto: 4.18.2203.5

Date: 2022-05-30 19:51:14
Description:
A análise de Antivírus do Microsoft Defender foi parada antes de ser concluída.
ID de Análise: {ADB212E0-52C2-499B-AEB1-2A42D6120FD3}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2022-05-30 16:55:56
Description:
A análise de Antivírus do Microsoft Defender foi parada antes de ser concluída.
ID de Análise: {365FD562-1E6A-4136-AA37-B6A4B0DFD571}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2022-05-26 18:58:30
Description:
A análise de Antivírus do Microsoft Defender foi parada antes de ser concluída.
ID de Análise: {F4BC38A0-ADDB-485B-95E2-E9B9C18B5587}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2022-06-03 18:43:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Hewlett-Packard M71 Ver. 01.13 01/18/2016
Motherboard: Hewlett-Packard 2216
Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
Percentage of memory in use: 38%
Total physical RAM: 16259.11 MB
Available physical RAM: 9956.03 MB
Total Virtual: 18691.11 MB
Available Virtual: 11586.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.93 GB) (Free:66.36 GB) (Model: SAMSUNG MZ7PD256HCGM-000H7) NTFS
Drive d: (Disco Local) (Fixed) (Total:465.73 GB) (Free:170.95 GB) (Model: WD Elements 1078 USB Device) NTFS

\\?\Volume{6ef376e0-0000-0000-0000-100000000000}\ (Sistema Reservado) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.51 GB) NTFS
\\?\Volume{6ef376e0-0000-0000-0000-707e3b000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 6EF376E0)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: FDCE466A)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top