Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    BORN Ontario child registry data breach affects 3.4 million people

Featured Deal: Get started in AI or make your own with this $19.97 course bundle

Latest Buyer's Guide:    Best VPNs to unblock Stan outside Australia in 2023

Generic User Avatar

Windows startup problems and treatments

Started by Kay07 , Sep 11 2023 09:28 AM

  • Please log in to reply
131 replies to this topic

#1 Kay07

Kay07

  • Avatar image
  • Members
  • 61 posts
  • OFFLINE
    •  

Posted 11 September 2023 - 09:28 AM

I have been having startup problems with several notes appearing and files not being deleted. some named installation wizards and others as codes. After that the screen darkens and returns to normal. every time I open a tab in any browser, a tab is added on startup.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-09-2023
Ran by Kaique-Vidal (administrator) on DESKTOP-RTLM44P (Acer Aspire A515-45) (11-09-2023 10:59:07)
Running from C:\Users\Kaique-Vidal\Documents\EnglishFRST64.exe
Loaded Profiles: Kaique-Vidal
Platform: Microsoft Windows 11 Pro Version 22H2 22621.2134 (X64) Language: Portuguese (Brazil)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.141\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.141\BraveCrashHandler64.exe
(C:\Program Files (x86)\HDD Regenerator\hrsrv.exe ->) (Abstradrome -> ) C:\Program Files (x86)\HDD Regenerator\HDD Regenerator.exe <2>
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\msedgewebview 2. exe <12>
(C:\Users\Kaique-Vidal\Documents\FRST-OlderVersion\EnglishFRST64.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2112.32.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(DriverStore\FileRepository͠754.inf_amd64_7d6765da852a002c\B360708\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͠754.inf_amd64_7d 6765da852a002c\B360708\atieclxx.exe
(explorer.exe ->) (Fortect LTD -> Fortect Ltd.) C:\Program Files\Fortect\bin\FortectTray.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) [File not signed] C:\Program Files\Macrium\Common\ReflectUI.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(explorer.exe ->) (RCS LT, UAB -> RCS LT) D:\ComboCleaner.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Driver Booster\10.2.0\Pub\PubPlatform.exe
(Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\Kaique-Vidal\AppData\Local\Temp\Temp059b4614-5d9f-4efa-a2b2-253c87e2c52f_Autoruns.zip\Autoruns.exe
(services.exe ->) (Abstradrome -> ) C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͠754.inf_amd64_7d6765da852a002c\B360708\atiesrxx.exe
(services.exe ->) (Fortect LTD -> Fortect Ltd.) C:\Program Files\Fortect\bin\MainDaemon.exe
(services.exe ->) (Fortect LTD -> Fortect LTD.) C:\Program Files\Fortect\MainService.exe
(services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) [File not signed] C:\Program Files\Macrium\Common\MacriumService.exe
(services.exe ->) (RCS LT, UAB -> RCS LT) D:\ComboCleaner.Guard.exe
(services.exe ->) (RCS LT, UAB -> RCS LT) D:\ComboCleaner.WinService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f7fdb960c5e8ef2a\RtkAudUService64.exe <2>
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(svchost.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
(svchost.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(svchost.exe ->) (FxSound, LLC -> FxSound LLC) C:\Program Files\FxSound LLC\FxSound\FxSound.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\1.0.2306.10002-0\SecurityHealthHost.exe
(svchost.exe ->) (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\Kaique-Vidal\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe
Failed to access process -> Autoruns.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f7fdb960c5e8ef2a\RtkAudUService64.exe [1272664 2021-07-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [9926928 2023-09-06] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) [File not signed]
HKLM\...\Run: [Combo Cleaner] => D:\ComboCleaner.exe [2024064 2021-11-05] (RCS LT, UAB -> RCS LT)
HKLM\...\Run: [Fortect] => C:\Program Files\Fortect\bin\FortectTray.exe [462296 2023-08-17] (Fortect LTD -> Fortect Ltd.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed ]
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126403424 2022-03-21] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [HDD Regenerator] => C:\Program Files (x86)\HDD Regenerator\Shell.exe [89896 2012-11-18] (Abstradrome -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [EnableCdp] 0
HKLM\Software\Policies\...\system: [EnableMmx] 0
HKLM\Software\Policies\...\system: [RSoPLogging] 0
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [2450336 2023-01-17] (Microsoft Corporation -> Microsoft corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [2450336 2023-01-17] (Microsoft Corporation -> Microsoft corporation)
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [MicrosoftEdgeAutoLaunch_90C0C776FC4CC570E7FB3277B161E7B0] => "C:\Program Files (x86)\Microsoft\Edge\Application\ msedge.exe" - -no-startup-window --win-session-start /prefetch:5 [4108344 2023-09-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5878784 2022-12 -03] (Tonec Inc.) [File not signed]
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [ut] => C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe [2258952 2023 -08-06] (Rainberry Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [Opera Stable] => C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\launcher.exe [2730912 2023-08-09] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIYXE.EXE [ 485976 2020-09-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [GoogleChromeAutoLaunch_B7C06C68F464209BF2BA4F21CB7E80AF] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no- startup-window /prefetch:5 [3219744 2023-09-04] (Google LLC -> Google LLC)
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.180\Installer\chrmstp.exe [2023 -09-07] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.62\Installer\chrmstp.exe [2023-09-07] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll, Install
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\.opera [2023-09-11]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\377f1813-90ac-46bd-98fd-0b6a56706b40.tmp [2023-09-11] () [File not signed] [File is in use]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\a6c01e66-0940-451f-90e7-449bcf90d922.tmp [2023-09-11] () [File not signed] [File is in use]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\acrobat_sbx [2023-09-11]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\acrord32_super_sbx [2023-09-11]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\AdobeARM.log [2023-09-11] () [File not signed]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\AMDLinkDriverUpdate.xml [2023-09-11] () [File not signed]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\assistant_installer_20230911104301.log [2023-09-11] () [File not signed]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\b4ad71fd-e723-46ad-bd49-a86db8198c21.tmp [2023-09-11] () [File not signed] [File is in use]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db [2023-09-11] () [File not signed] [File is in use]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-shm [2023-09-11] () [File not signed] [File is in use]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-wal [2023-09-11] () [File not signed] [File is in use]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db.ses [2023-09-11] () [File not signed]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\ce218e5a-fa63-46b2-bebf-94c29f8ef80d.tmp [2023-09-11] () <==== ATTENTION [zero byte? (Error=32)]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\CUsersKaique-VidalAppDataLocalProgramsOpera101.0.4843.43opera_autoupdate.download.lock [2023-09-11] () <==== ATTENTION [zero byte File/Folder]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\ea48e4f1-3c3c-48f5-a461-35f5bfa45db5.tmp [2023-09-11] () <==== ATTENTION [zero byte? (Error=32)]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\f73d967a-6765-4500-b2ec-6e85c436c159.tmp [2023-09-11] () [File not signed] [File is in use]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\InstallManagerApp [2023-09-11]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\iobit-db-license-tmp [2023-09-11]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-12084.log [2023-09-11] () <==== ATTENTION [zero byte? (Error=32)]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-4360.log [2023-09-11] () <==== ATTENTION [zero byte File/Folder]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\native_push_sensors [2023-09-11] () <==== ATTENTION [zero byte File/Folder]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\NotifyIconGeneratedAumid_1897770014230834862.png [2023-09-11] () [File not signed]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\SoftwareUpdate_Temp [2023-09-11]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\Temp059b4614-5d9f-4efa-a2b2-253c87e2c52f_Autoruns.zip [2023-09-11]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\TWAIN.LOG [2023-09-11] () [File not signed]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\Twain001.Mtx [2023-09-11] () [File not signed]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\Twunk001.MTX [2023-09-11] () [File not signed]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\Twunk002.MTX [2023-09-11] () <==== ATTENTION [zero byte File/Folder]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\UpgradeTool [2023-09-11]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\upgrade_sensors [2023-09-11] () <==== ATTENTION [zero byte File/Folder]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\Wondershare [2023-09-11]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\{5D83B375-EF10-419F-8138-8F07A9D3BFD8} - OProcSessId.dat [2023-09-11] () <==== ATTENTION [zero byte File/Folder]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\~DF382F7B16BFFB8278.TMP [2023-09-11] () [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14AEE567-C7D4-46E1-87F3-6AEF309B8C71} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2971808 2021-12-30] (Acer Incorporated - > )
Task: {CBB2F878-4C5E-4040-AE11-47D1DE10B336} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41632 2021-12-30] (Acer Incorporated - > )
Task: {08359467-FAD8-4199-BBC0-8611C01D4970} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4836512 2021-12-30] (Acer Incorporated - > )
Task: {B4154F09-2B8B-443A-947A-A5E6658AE410} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08 -02] (Adobe Inc. -> Adobe Inc.)
Task: {DDFBC36F-DF44-4D42-A7EB-5DD97BB68378} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [183736 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {9F8FD2EA-ECD0-4428-8620-CDDE4B84CCF6} - System32\Tasks\AMDScoSupportTypeUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {E529CBF2-5BB2-4F07-A010-C35078A2A572} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{5526546A-F46A-4B39-AFAE-09CD3A0BC6E0} => C:\Program Files (x86)\BraveSoftware\Update\BraveUp date.exe [174960 2022-12-26] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {BCA047EE-EB7A-4D90-9AFC-74F1E63D38AA} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{F2BA2E6B-E6CD-4C84-BEAF-27766090584E} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-26] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {B11C9E1A-1D4D-46A9-BCBB-FE37FF074470} - System32\Tasks\CareCenter\EEventManager_Reg_HKLMWow6432Run => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] ( Seiko Epson Corporation) [File not signed]
Task: {B7B1CE44-A267-4F96-89F4-A99C9BDF9309} - System32\Tasks\CareCenter\EPPCCMON_Reg_HKLMRun => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08 ] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {92E49C4D-3FD1-4E1F-8658-40AFD59E9108} - System32\Tasks\CareCenter\FxSound.lnk_FolderCommonAppdata => C:\Program Files\FxSound LLC\FxSound\FxSound.exe [4663080 2022-05-30] (FxSound, LLC -> FxSound LLC)
Task: {702A7B7A-80AF-47BA-B5BB-7C180C3C8D91} - System32\Tasks\CareCenter\HDD Regenerator_Reg_HKLMWow6432Run => C:\Program Files (x86)\HDD Regenerator\Shell.exe [89896 2012-11-18] (Abstradrome - > )
Task: {85DB902C-4B78-44CB-948A-C527F482521F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\10.2.0\Scheduler.exe [157784 2022-12- 26] (IObit CO., LTD -> IObit)
Task: {248DB6EE-D58E-4198-B0B2-1D5D0785792A} - System32\Tasks\Driver Booster SkipUAC (Kaique-Vidal) => C:\Program Files (x86)\IObit\Driver Booster\10.2.0\DriverBooster.exe [ 9010648 2023-01-09] (IObit CO., LTD -> IObit)
Task: {949E58BA-2404-45CD-8B8F-66A18791D2B8} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.2.0\AutoUpdate.exe [2516968 2022-12- 26] (IObit CO., LTD -> IObit)
Task: {158EFBA6-94F7-4E98-B4E9-B7298E80EAEF} - System32\Tasks\EPSON L3210 Series Update {27E9C58B-921E-426E-BDF1-F17CF6910AEC} => C:\Windows\system32\spool\DRIVERS\x64\3\ E_YTSYXE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {563D16DF-5EFE-455C-935B-62C4A9120C16} - System32\Tasks\FxSound\Update => C:\Program -> Files\FxSound LLC\FxSound\updater.exe /silent
Task: {3003A339-9983-4759-8C29-9157915A5469} - System32\Tasks\GoogleUpdateTaskMachineCore{620D4915-015F-4E96-A133-34F4C9E04919} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [ 171480 2022-12-23] (Google LLC -> Google LLC)
Task: {48821058-85FB-41C6-BB52-97F4F7E56D80} - System32\Tasks\GoogleUpdateTaskMachineUA{DC447CF9-B338-41E0-8307-81E43C0190AC} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17148 0 2022-12-23] (Google LLC -> Google LLC)
Task: {E97F6AD3-983F-427A-A89F-244B36417B09} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1323333070-3634341992-397913038-1001 => C:\Users\Kaique-Vidal\AppData \Local\MEGAsync\MEGAupdater.exe [2531504 2023-08-07] (Mega Limited -> )
Task: {1FEC71A1-76D5-40F2-8784-26D67B434161} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913464 2023-08 -23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D1571931-E312-441C-B59F-DEDF36E5D0C6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913464 2023-08 -23] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C60FF0F-F0E9-4072-BE9C-5A69EE8FF6D6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-09-06 ] (Microsoft Corporation -> Microsoft Corporation)
Task: {92DCB853-FDE2-4786-9CE4-5B2FE58C1F72} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-09- 06] (Microsoft Corporation -> Microsoft Corporation)
Task: {7C7B57EA-F01B-419C-8EAB-3CF389E94B87} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {4A9B48DC-1623-4063-A701-97D910E53DDE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {8CB6BDE7-EB78-4894-861A-2BDD2979FCA4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {43BE4C09-A64E-412F-8B0C-189479A74B49} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
TASK: {87AF7960-F172-4474-86A6-B442819A7321}-SYSTEM32 \ TASKS \ Microsoft \ Windows \ Windows Defender \ Windows Mainance => C: \ Microsoft \ Windows Defer \ Platform \ 4.1 8.23080.2006-0 \ MPCMDRUN .exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
TASK: {B61512FF-9811-4B29-9F3A-0079792804E4}-SYSTEM32 \ TASKS \ Microsoft \ Windows \ Windows Defender Cleanup => C: \ Microsoft \ Windows Defender \ Platform \ 4.18.2 3080.2006-0 \ MPCMDRUN. exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {917CF0C7-48ED-499B-926F-234293ABE883} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun .exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {046CFE8D-3943-42C1-9898-BA409DFC53BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun. exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {23C54CBE-10F3-4B78-B316-82B583A70653} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {EEF96447-6BEE-485F-9A93-932D6F88AFAC} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [3252640 2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {20B1BC03-3A11-4ED6-9063-21F3EA466028} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1323333070-3634341992-397913038-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater. exe /reporting (No File)
Task: {814B0261-54FE-4ED1-8C30-3A727DB84671} - System32\Tasks\Opera scheduled assistant Autoupdate 1679583569 => C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\launcher.exe [2730912 2023-08 -09] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {CFE31B6A-682E-4321-8F60-E4954BA7B1B7} - System32\Tasks\Opera scheduled Autoupdate 1679583566 => C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\launcher.exe [2730912 2023-08- 09] (Opera Norway AS -> Opera Software)
Task: {1DF39849-D948-4F61-921A-75A3099ACCEF} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-1323333070-3634341992-397913038-1001 => {201600D8-6EFF-48CE-B84 2- E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {112A3C1E-8DC4-4520-BDCC-BB19F73333E4} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2021-12-30] (Acer Incorporated -> Acer Incorporated )
Task: {A68929FF-6C45-41E1-ACE6-0BFA575CE588} - System32\Tasks\StartAUEP => C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe [728504 2023-08-14] (Advanced Micro Devices Inc. -> AMD)
Task: {14600229-3CC7-4F01-9A88-769AB0B513B8} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60344 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {57D0385B-482B-4D8F-AB61-F02EBE62905D} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60344 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {91CF1EAD-4906-44FF-B35B-AF4129C82DC1} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [324024 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {FE3D7372-BFA6-446B-9694-D591C9DF5614} - System32\Tasks\ViGEmBus_Updater => C:\Program Files\Nefarius Software Solutions\ViGEm Bus Driver\ViGEmBus_Updater.exe [1117096 2022-09-27] (Nefarius Software Solutions eu -> Nefarius Software Solutions eu)
Task: {C39F5997-F842-41E9-B7B5-A3B12CC6FA40} - System32\Tasks\VivaldiUpdateCheck-8d8866b1bc2aec07 => C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\update_notifier.exe [3845520 2023-09 -05 ] (Vivaldi Technologies AS -> Vivaldi Technologies AS)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON L3210 Series Update {27E9C58B-921E-426E-BDF1-F17CF6910AEC}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSYXE.EXE:/EXE: {27E9C58B-921E-426E-BDF1-F17CF6910AEC} /F:UpdateWORKGROUP\DESKTOP-RTLM44P$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 186.232.56.22 186.232.56.26
Tcpip\..\Interfaces\{5a704275-a447-4078-a27b-3d9bcb78c2dc}: [DhcpNameServer] 186.232.56.22 186.232.56.26

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Kaique-Vidal\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-10]
Edge Extension: (Offline Google Docs) - C:\Users\Kaique-Vidal\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-08]
Edge Extension: (Edge relevant text changes) - C:\Users\Kaique-Vidal\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-08]
Edge Extension: (IDM Integration Module) - C:\Users\Kaique-Vidal\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2021-12-24]
Edge HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2022-12-03]

Firefox:
========
FF HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\SeaMonkey\Extensions: [ mozilla_cc@internetdownloadmanager.com ] - C:\Users\Kaique-Vidal\AppData\Roaming\IDM\ idmmzcc5
FF Extension: (IDM CC) - C:\Users\Kaique-Vidal\AppData\Roaming\IDM\idmmzcc5 [2023-01-25] [Legacy] [not signed]
FF HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\SeaMonkey\Extensions: [ mozilla_cc2@internetdownloadmanager.com ] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2. xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-08-19] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default [2023-09-11]
CHR Extension: (Back YouTube Dislikes) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2023-08-09]
CHR Extension: (Offline Google Docs) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-29]
CHR Extension: (Volume Master - volume controller) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghecgabfgfdldnmbfkhmffcabddioke [2023-03-06]
CHR Extension: (Morpheon Dark) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2021-12-23]
CHR Extension: (IDM Integration Module) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2023-07-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-12-23]
CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2023-08-18]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2022-12-03]
CHR HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2022-12-03]

Opera:
=======
OPR Profile: C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable [2023-09-11]
OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={searchTerms}&sourceid=opera&ie={inputEncoding}&oe={outputEncoding}
OPR DefaultSearchKeyword: Opera Stable -> g
OPR Extension: (Rich Hints Agent) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-07]
OPR Extension: (Opera Wallet) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-08-31]
OPR Extension: (Aria) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-08-31]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2023-03-23]
OPR Extension: (Cashback Assistant) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\ompjkhnkeoicimmaehlcmgmpghobbjoj [2023-09-09]
OPR Extension: (opera-intro) - C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\101.0.4843.33\resources\opera_intro_extension [2023-08-08]

Brave:
=======
BRA Profile: C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-09-10]
BRA DownloadDir: D:\
BRA DefaultSearchKeyword: Default -> :g
BRA Extension: (Retruco Eliminate Anti AdBlock) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gpkdlgnngkiiphplplodblijekhnjjob [2023-08-09]
BRA Extension: (Volume Master - volume controller) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jghecgabfgfdldnmbfkhmffcabddioke [2023-04-10]
BRA Extension: (Adblock for Twitch) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\mdomkpjejpboocpojfikalapgholajdc [2023-08-05]
BRA Extension: (IDM Integration Module) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2023-07-28]
BRA Extension: (Brave Ad Block Updater (Exception-exceptions (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2023-09-09]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-09-09]
BRA Extension: (Brave NTP background images) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2023-08-18]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2023-09-09]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\bpndlkddhgpmjengabcakadpcabgflca [2023-09-10]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-09-06]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2023-09-09]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2023-08-09]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-08-23]
BRA Extension: (Brave Ad Block Updater (Default (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-09-09]
BRA Extension: (Brave Ad Block Updater (Adguard Spanish/Portuguese (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\meimhmgfbckapkbbbdaoefgnbppmkodp [2023-09-09]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2023-09-09]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-09-06]

Vivaldi:
=======
VIV Profile: C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default [2023-08-08]
VIV Extension: (Torrent Scanner) - C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-03-20]
VIV Extension: (McAfee® WebAdvisor) - C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-07-31]
VIV Extension: (Online Security) - C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok [2023-07-31]
VIV Extension: (IDM Integration Module) - C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2023-07-31]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [259232 2021-12-30] (Acer Incorporated -> Acer Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-08-02] (Adobe Inc. -> Adobe Inc.)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe [527800 2023-08-14] (Advanced Micro Devices Inc. -> AMD)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-26] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-26] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.62\brave_vpn_helper.exe [3171864 2023-09-05] (Brave Software, Inc. -> Brave Software, Inc.)
S3 BraveVpnWireguardService; C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.62\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [2183192 2023-09-05] (Brave Software, Inc. -> Brave Software, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817440 2023-08-19] (Microsoft Corporation -> Microsoft Corporation)
R2 ComboCleaner.Guard; D:\ComboCleaner.Guard.exe [143488 2021-11-05] (RCS LT, UAB -> RCS LT)
R2 ComboCleaner.WinService; D:\ComboCleaner.WinService.exe [151168 2021-11-05] (RCS LT, UAB -> RCS LT)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [206304 2021-06-21] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\FileSyncHelper.exe [2556320 2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
R2 FortectDaemon; C:\Program Files\Fortect\bin\MainDaemon.exe [4670424 2023-08-17] (Fortect LTD -> Fortect Ltd.)
R2 FortectService; C:\Program Files\Fortect\MainService.exe [5171672 2023-08-17] (Fortect LTD -> Fortect LTD.)
R2 hddrsrv; C:\Program Files (x86)\HDD Regenerator\hrsrv.exe [81704 2012-11-18] (Abstradrome -> )
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [11767208 2023-09-06] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) [File not signed]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [874384 2023-09-07] (McAfee, LLC -> McAfee, LLC)
S2 NativePushService; C:\Users\Kaique-Vidal\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [755600 2022-09-17] (Wondershare Technology Group Co.,Ltd -> Wondershare)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\OneDriveUpdaterService.exe [2936224 2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402200 2023-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182328 2023-07-10] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2022-12-23] (LAVASOFT SOFTWARE CANADA INC -> ) <==== ATTENTION
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [36800 2023-07-10] (Acer Incorporated -> Acer Incorporated)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [25584 2023-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R2 AMDRyzenMasterDriverV19; C:\Windows\system32\AMDRyzenMasterDriver.sys [48328 2023-08-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S2 AMDRyzenMasterDriverV20; C:\Windows\system32\AMDRyzenMasterDriver.sys [48328 2023-08-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_54807f69fe156f14\amdsafd.sys [113088 2023-04-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepositoryΕ045.inf_amd64_cb9a543331727801\B394905\amdkmdag.sys [99745312 2023-08-19] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [61888 2023-05-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
R3 FXVAD; C:\WINDOWS\system32\drivers\fxvad.sys [326656 2022-05-30] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [176008 2021-09-30] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)
S3 mpszfilt; C:\WINDOWS\System32\DRIVERS\mpszfilt.sys [20632 2021-12-02] (AlcorMicro, Corp. -> Generic)
R0 mrcbt; C:\WINDOWS\System32\drivers\mrcbt.sys [118528 2023-09-06] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R0 mrigflt; C:\WINDOWS\System32\drivers\mrigflt.sys [75160 2023-09-06] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R3 MTKBTFilterX64; C:\WINDOWS\system32\DRIVERS\mtkbtfilterx.sys [276424 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 mtkwlex; C:\WINDOWS\System32\drivers\mtkwl6ex.sys [1617920 2023-01-17] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
S3 RTCore64; D:\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43368 2023-07-10] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 Truffles; C:\WINDOWS\System32\DRIVERS\Trufos.sys [615840 2021-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [249400 2022-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions eU)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-11 10:59 - 2023-09-11 10:59 - 000045002 _____ C:\Users\Kaique-Vidal\Documents\FRST.txt
2023-09-11 10:59 - 2023-09-11 10:59 - 000000000 ____D C:\Users\Kaique-Vidal\Documents\FRST-OlderVersion
2023-09-11 10:36 - 2023-09-11 10:36 - 000768332 _____ C:\WINDOWS\system32\prfh0416.dat
2023-09-11 10:36 - 2023-09-11 10:36 - 000154460 _____ C:\WINDOWS\system32\prfc0416.dat
2023-09-11 10:31 - 2023-09-11 10:31 - 000000000 ____D C:\Users\Kaique-Vidal\Desktop\FRST-OlderVersion
2023-09-11 08:03 - 2023-09-11 08:14 - 000005028 _____ C:\Users\Kaique-Vidal\Desktop\Rkill.txt
2023-09-10 00:27 - 2023-09-10 00:27 - 000001986 _____ C:\WINDOWS\system32\.crusader
2023-09-10 00:22 - 2023-09-10 00:27 - 000000000 ____D C:\ProgramData\HitmanPro
2023-09-09 22:15 - 2023-09-09 22:15 - 000000000 ____D C:\Users\Kaique-Vidal\Downloads\Kaspersky_Total_Security
2023-09-09 21:52 - 2023-09-09 21:53 - 063565774 _____ C:\Users\Kaique-Vidal\Downloads\Kaspersky_Total_Security.rar
2023-09-09 20:14 - 2023-09-11 08:02 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Fortect
2023-09-09 20:14 - 2023-09-11 07:48 - 000000000 ____D C:\ProgramData\Fortect
2023-09-09 20:14 - 2023-09-09 20:14 - 000000873 _____ C:\Users\Public\Desktop\Fortect.lnk
2023-09-09 20:14 - 2023-09-09 20:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fortect
2023-09-09 20:14 - 2023-09-09 20:14 - 000000000 ____D C:\Program Files\Fortect
2023-09-09 19:04 - 2023-09-09 19:04 - 000007640 _____ C:\Users\Kaique-Vidal\AppData\Local\Resmon.ResmonCfg
2023-09-09 16:07 - 2023-09-09 16:07 - 002969821 _____ C:\Users\Kaique-Vidal\Desktop\Autoruns.zip
2023-09-09 13:14 - 2023-09-11 10:27 - 000000000 ____D C:\Users\Kaique-Vidal\Desktop\w11
2023-09-09 12:42 - 2023-09-09 12:42 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome apps
2023-09-08 08:12 - 2023-09-11 10:59 - 002382848 _____ (Farbar) C:\Users\Kaique-Vidal\Documents\EnglishFRST64.exe
2023-09-08 08:12 - 2023-09-11 10:59 - 000000000 ____D C:\FRST
2023-09-08 06:33 - 2023-09-08 06:33 - 000000000 ____D C:\WINDOWS\pss
2023-09-08 06:10 - 2023-09-08 07:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\RCS_LT
2023-09-08 06:10 - 2023-09-08 06:10 - 000000525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Combo Cleaner.lnk
2023-09-08 05:17 - 2023-09-08 05:17 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-09-08 05:15 - 2023-09-08 05:15 - 000000020 ___SH C:\Users\Kaique-Vidal\ntuser.ini
2023-09-08 05:14 - 2023-09-11 10:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-09-08 05:14 - 2023-09-11 07:56 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-09-08 05:14 - 2023-09-08 05:14 - 000004302 ____N C:\WINDOWS\system32\Tasks\Software Update Application
2023-09-08 05:14 - 2023-09-08 05:14 - 000003852 ____N C:\WINDOWS\system32\Tasks\ACCAgent
2023-09-08 05:14 - 2023-09-08 05:14 - 000003822 ____N C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1679583569
2023-09-08 05:14 - 2023-09-08 05:14 - 000003616 ____N C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{F2BA2E6B-E6CD-4C84-BEAF-27766090584E}
2023-09-08 05:14 - 2023-09-08 05:14 - 000003602 ____N C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-09-08 05:14 - 2023-09-08 05:14 - 000003602 ____N C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{DC447CF9-B338-41E0-8307-81E43C0190AC}
2023-09-08 05:14 - 2023-09-08 05:14 - 000003560 ____N C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1679583566
2023-09-08 05:14 - 2023-09-08 05:14 - 000003500 ____N C:\WINDOWS\system32\Tasks\EPSON L3210 Series Update {27E9C58B-921E-426E-BDF1-F17CF6910AEC}
2023-09-08 05:14 - 2023-09-08 05:14 - 000003392 ____N C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{5526546A-F46A-4B39-AFAE-09CD3A0BC6E0}
2023-09-08 05:14 - 2023-09-08 05:14 - 000003378 ____N C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-09-08 05:14 - 2023-09-08 05:14 - 000003378 ____N C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{620D4915-015F-4E96-A133-34F4C9E04919}
2023-09-08 05:14 - 2023-09-08 05:14 - 000003274 ____N C:\WINDOWS\system32\Tasks\Optimize Push Notification Data File-S-1-5-21-1323333070-3634341992-397913038-1001
2023-09-08 05:14 - 2023-09-08 05:14 - 000003062 ____N C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1323333070-3634341992-397913038-1001
2023-09-08 05:14 - 2023-09-08 05:14 - 000003006 ____N C:\WINDOWS\system32\Tasks\VivaldiUpdateCheck-8d8866b1bc2aec07
2023-09-08 05:14 - 2023-09-08 05:14 - 000002958 ____N C:\WINDOWS\system32\Tasks\ViGEmBus_Updater
2023-09-08 05:14 - 2023-09-08 05:14 - 000002778 ____N C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Kaique-Vidal)
2023-09-08 05:14 - 2023-09-08 05:14 - 000002730 ____N C:\WINDOWS\system32\Tasks\ACC
2023-09-08 05:14 - 2023-09-08 05:14 - 000002728 ____N C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-09-08 05:14 - 2023-09-08 05:14 - 000002706 ____N C:\WINDOWS\system32\Tasks\AMDScoSupportTypeUpdate
2023-09-08 05:14 - 2023-09-08 05:14 - 000002672 ____N C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2023-09-08 05:14 - 2023-09-08 05:14 - 000002586 ____N C:\WINDOWS\system32\Tasks\Driver Booster Scheduler
2023-09-08 05:14 - 2023-09-08 05:14 - 000002572 ____N C:\WINDOWS\system32\Tasks\Driver Booster Update
2023-09-08 05:14 - 2023-09-08 05:14 - 000002504 ____N C:\WINDOWS\system32\Tasks\StartAUEP
2023-09-08 05:14 - 2023-09-08 05:14 - 000002402 ____N C:\WINDOWS\system32\Tasks\AMDRyzenMasterSDKTask
2023-09-08 05:14 - 2023-09-08 05:14 - 000002372 ____N C:\WINDOWS\system32\Tasks\StartCNBM
2023-09-08 05:14 - 2023-09-08 05:14 - 000002328 ____N C:\WINDOWS\system32\Tasks\ACCBackgroundApplication
2023-09-08 05:14 - 2023-09-08 05:14 - 000002194 ____N C:\WINDOWS\system32\Tasks\StartCN
2023-09-08 05:14 - 2023-09-08 05:14 - 000002114 ____N C:\WINDOWS\system32\Tasks\StartDVR
2023-09-08 05:14 - 2023-09-08 05:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\MEGA
2023-09-08 05:14 - 2023-09-08 05:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\FxSound
2023-09-08 05:14 - 2023-09-08 05:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\CareCenter
2023-09-08 05:13 - 2023-09-08 05:14 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2023-09-08 05:13 - 2023-09-08 05:14 - 000011433 _____ C:\WINDOWS\diagerr.xml
2023-09-08 05:11 - 2023-09-11 10:36 - 001773032 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-09-08 05:10 - 2023-09-08 05:10 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2023-09-08 05:09 - 2023-09-11 10:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-09-08 05:09 - 2023-09-10 00:27 - 000472024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-09-08 05:09 - 2023-09-08 05:09 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2023-09-08 05:08 - 2023-09-08 05:14 - 000000000 ____D C:\Windows.old
2023-09-08 04:43 - 2023-09-08 05:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Crypto
2023-09-08 04:43 - 2023-09-08 04:43 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\SystemCertificates
2023-09-08 04:43 - 2023-09-08 04:43 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Network
2023-09-08 04:36 - 2023-09-08 05:08 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2023-09-08 04:35 - 2023-09-08 05:17 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows
2023-09-08 04:35 - 2023-09-08 05:15 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Spelling
2023-09-08 04:35 - 2023-09-08 05:15 - 000000000 ____D C:\Users\Kaique-Vidal
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Models
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\My Documents
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Start Menu
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Documents\My Music
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Documents\My Images
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Documents\My Videos
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Application Data
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Local Settings
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\AppData\Local\History
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\AppData\Local\Application Data
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Network Environment
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Printing Environment
2023-09-08 04:34 - 2023-09-08 05:08 - 000000000 ____D C:\WINDOWS\system32\AMD
2023-09-08 04:34 - 2023-09-08 04:34 - 000000000 ____D C:\WINDOWS\system32\Samsung
2023-09-08 04:34 - 2023-09-08 04:34 - 000000000 ____D C:\WINDOWS\Firmware
2023-09-08 01:21 - 2023-09-08 04:36 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-09-08 01:19 - 2023-09-08 01:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\mde
2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\Program Files\Reference Assemblies
2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\Program Files\MSBuild
2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-09-08 00:57 - 2023-09-08 00:57 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2023-09-08 00:57 - 2023-09-08 00:57 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-09-08 00:57 - 2023-09-08 00:57 - 000000000 ____D C:\WINDOWS\addins
2023-09-08 00:31 - 2023-09-08 00:31 - 000008192 ____N C:\WINDOWS\system32\config\userdiff
2023-09-07 23:30 - 2023-09-10 00:27 - 000000000 ___DC C:\WINDOWS\Panther
2023-09-06 14:53 - 2023-09-06 14:54 - 000000000 ____D C:\Users\Kaique-Vidal\Documents\Reflect
2023-09-06 14:21 - 2023-09-08 04:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2023-09-06 14:21 - 2023-09-06 14:21 - 000001527 _____ C:\Users\Public\Desktop\Macrium Reflect.lnk
2023-09-06 14:21 - 2023-09-06 14:21 - 000000000 ____D C:\Program Files\Macrium
2023-09-06 13:50 - 2023-09-06 16:59 - 000000000 ____D C:\ProgramData\Macrium
2023-09-03 01:09 - 2023-09-03 01:09 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\LocalLow\AMD
2023-09-03 01:05 - 2023-09-08 05:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2023-09-03 01:04 - 2023-09-08 05:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Software꞉ Adrenalin Edition
2023-08-25 10:43 - 2023-08-19 03:11 - 000832952 ____N C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2023-08-25 10:43 - 2023-08-19 03:11 - 000832952 ____N C:\WINDOWS\system32\vulkaninfo.exe
2023-08-25 10:43 - 2023-08-19 03:11 - 000721336 ____N C:\WINDOWS\system32\hiprt0200064.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000715296 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-08-25 10:43 - 2023-08-19 03:11 - 000715296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2023-08-25 10:43 - 2023-08-19 03:11 - 000668696 ____N C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000668696 ____N C:\WINDOWS\system32\vulkan-1.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000653240 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000653240 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000539168 ____N C:\WINDOWS\system32\libsmi_guest.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000532000 ____N C:\WINDOWS\system32\libsmi_host.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000197152 ____N C:\WINDOWS\system32\mantle64.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000176160 ____N C:\WINDOWS\system32\mantleaxl64.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000153632 _____ C:\WINDOWS\SysWOW64\mantle32.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000137760 _____ C:\WINDOWS\SysWOW64\mantleaxl32.dll
2023-08-25 10:43 - 2023-08-19 03:10 - 011746816 ____N C:\WINDOWS\system32\amdsmi.exe
2023-08-25 10:43 - 2023-08-19 03:10 - 002176440 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdsasrv64.dll
2023-08-25 10:43 - 2023-08-19 03:10 - 001305120 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdsacli64.dll
2023-08-25 10:43 - 2023-08-19 03:10 - 001029664 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdsacli32.dll
2023-08-25 10:43 - 2023-08-19 03:09 - 004375584 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdadlx64.dll
2023-08-25 10:43 - 2023-08-19 03:09 - 004180000 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdadlx32.dll
2023-08-25 10:43 - 2023-08-19 02:18 - 103988216 ____N C:\WINDOWS\system32\amdxc64.so
2023-08-25 10:43 - 2023-08-19 02:18 - 031938072 ____N C:\WINDOWS\system32\hiprt02000_amd.hipfb
2023-08-25 10:43 - 2023-08-19 02:18 - 023302232 ____N C:\WINDOWS\system32\hiprt02000_nv.fatbin
2023-08-25 10:43 - 2023-08-19 02:18 - 002433848 ____N C:\WINDOWS\system32\oro_compiled_kernels.hipfb
2023-08-25 10:43 - 2023-08-19 02:18 - 002000584 ____N C:\WINDOWS\system32\oro_compiled_kernels.fatbin
2023-08-25 10:43 - 2023-08-19 02:18 - 000154384 ____N C:\WINDOWS\system32\samu_krnl_ci.sbin
2023-08-25 10:43 - 2023-08-19 02:18 - 000138832 ____N C:\WINDOWS\system32\samu_krnl_isv_ci.sbin
2023-08-25 10:43 - 2023-08-19 02:18 - 000121168 ____N C:\WINDOWS\system32\kapp_si.sbin
2023-08-25 10:43 - 2023-05-24 08:42 - 000061888 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdxe.sys
2023-08-19 00:44 - 2023-08-19 00:44 - 000007300 _____ C:\Users\Kaique-Vidal\Downloads\Windows_Security_Service.reg
2023-08-19 00:01 - 2023-08-19 00:01 - 001048576 ____N C:\WINDOWS\system32\defltbase.sdb
2023-08-19 00:01 - 2023-08-19 00:01 - 000016384 ____N C:\WINDOWS\system32\defltbase.jfm
2023-08-19 00:01 - 2023-08-19 00:01 - 000000008 __RSH C:\ProgramData\ntuser.pol
2023-08-18 23:52 - 2023-08-18 23:52 - 000000000 ____D C:\Users\Kaique-Vidal\Downloads\Ghost Gamer
2023-08-18 23:51 - 2023-08-18 23:51 - 000000448 _____ C:\Users\Kaique-Vidal\Downloads\Ghost Gamer.rar
2023-08-18 18:49 - 2023-09-09 16:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2023-08-18 18:49 - 2023-08-18 18:52 - 000420694 _____ C:\WINDOWS\ntbtlog.txt
2023-08-14 22:35 - 2023-08-14 22:35 - 000856504 ____N (Advanced Micro Devices) C:\WINDOWS\system32\Device.dll
2023-08-14 22:35 - 2023-08-14 22:35 - 000061368 ____N (Advanced Micro Devices) C:\WINDOWS\system32\Platform.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-11 10:59 - 2023-02-17 13:11 - 000000000 ____D C:\ProgramData\TEMP
2023-09-11 10:39 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-09-11 10:36 - 2022-05-07 02:22 - 000000000 ____D C:\WINDOWS\INF
2023-09-11 10:31 - 2022-12-23 20:07 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-11 10:31 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-11 10:30 - 2023-05-31 15:45 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\Wondershare
2023-09-11 10:29 - 2022-12-23 16:58 - 000012288 ___SH C:\DumpStack.log.tmp
2023-09-11 10:28 - 2023-01-25 12:31 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\DMCache
2023-09-11 10:28 - 2022-05-07 02:17 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2023-09-11 08:33 - 2023-01-24 14:27 - 000003446 _____ C:\WINDOWS\SysWOW64\pubfreeware.ini
2023-09-11 08:11 - 2022-12-23 17:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\Packages
2023-09-11 08:11 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-09-11 07:48 - 2022-12-26 12:27 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-09-09 23:32 - 2022-05-07 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2023-09-09 23:32 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2023-09-09 21:48 - 2023-01-25 12:31 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\IDM
2023-09-09 20:16 - 2022-12-23 20:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\D3DSCache
2023-09-09 19:18 - 2023-04-22 18:57 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Zoom
2023-09-09 12:49 - 2022-12-23 23:38 - 000000000 ____D C:\Program Files\WinRAR
2023-09-09 12:49 - 2022-12-23 17:08 - 000000000 ____D C:\ProgramData\Packages
2023-09-09 12:49 - 2022-05-07 02:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-08 12:33 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-09-08 10:49 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-09-08 06:10 - 2022-12-23 19:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-09-08 05:33 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-09-08 05:32 - 2022-05-07 02:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-09-08 05:31 - 2022-05-07 02:17 - 000000000 ____D C:\WINDOWS\servicing
2023-09-08 05:31 - 2022-05-07 02:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-09-08 05:22 - 2022-12-23 20:57 - 000000000 ____D C:\AMD
2023-09-08 05:20 - 2022-12-23 20:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\AMD
2023-09-08 05:17 - 2023-03-07 12:32 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\FxSound
2023-09-08 05:15 - 2022-12-23 17:08 - 000002348 _____ C:\Users\Kaique-Vidal\Desktop\Microsoft Edge.lnk
2023-09-08 05:15 - 2022-12-23 17:08 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-09-08 05:15 - 2022-05-07 02:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-09-08 05:15 - 2022-05-07 02:17 - 000032768 ____N C:\WINDOWS\system32\config\ELAM
2023-09-08 05:14 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-09-08 05:14 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Windows NT
2023-09-08 05:14 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-09-08 05:11 - 2023-01-16 19:59 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-09-08 05:11 - 2022-12-26 17:24 - 000002362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-09-08 05:11 - 2022-12-26 17:24 - 000002321 _____ C:\Users\Public\Desktop\Brave.lnk
2023-09-08 05:11 - 2022-12-23 20:08 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-08 05:11 - 2022-12-23 20:08 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-09-08 05:11 - 2022-12-23 16:58 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-08 05:10 - 2022-05-07 02:24 - 000000000 __RHD C:\Users\Public\Libraries
2023-09-08 05:10 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-09-08 05:09 - 2022-05-07 02:24 - 000028672 ____N C:\WINDOWS\system32\config\BCD-Template
2023-09-08 05:08 - 2023-08-03 18:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo WinToHDD
2023-09-08 05:08 - 2023-07-29 19:06 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-09-08 05:08 - 2023-06-20 09:57 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2023-09-08 05:08 - 2023-06-10 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One Piece Burning Blood
2023-09-08 05:08 - 2023-05-17 13:07 - 000000000 ____D C:\WINDOWS\oem
2023-09-08 05:08 - 2023-03-07 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSound
2023-09-08 05:08 - 2023-02-17 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Regenerator
2023-09-08 05:08 - 2023-02-02 15:55 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2023-09-08 05:08 - 2023-01-28 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare 3
2023-09-08 05:08 - 2023-01-28 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mafia - Definitve Edition
2023-09-08 05:08 - 2023-01-28 19:19 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2023-09-08 05:08 - 2023-01-28 18:50 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2023-09-08 05:08 - 2023-01-27 11:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader
2023-09-08 05:08 - 2023-01-27 02:44 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2023-09-08 05:08 - 2023-01-25 12:31 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2023-09-08 05:08 - 2023-01-25 12:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2023-09-08 05:08 - 2023-01-24 13:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2023-09-08 05:08 - 2023-01-17 15:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2023-09-08 05:08 - 2023-01-17 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-09-08 05:08 - 2023-01-16 00:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2023-09-08 05:08 - 2023-01-02 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 10
2023-09-08 05:08 - 2022-12-27 16:02 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CapCut
2023-09-08 05:08 - 2022-12-27 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2023-09-08 05:08 - 2022-12-25 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2023-09-08 05:08 - 2022-12-24 01:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2023-09-08 05:08 - 2022-12-23 23:38 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-09-08 05:08 - 2022-12-23 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-09-08 05:08 - 2022-12-23 20:00 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
2023-09-08 05:08 - 2022-12-23 19:26 - 000000000 ____D C:\Program Files\Intel
2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\spool
2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-09-08 05:08 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-09-08 05:08 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-09-08 04:57 - 2022-05-07 02:28 - 000000000 ____D C:\WINDOWS\Setup
2023-09-08 04:36 - 2023-06-20 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2023-09-08 04:36 - 2023-02-03 00:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2023-09-08 04:36 - 2023-01-29 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2023-09-08 04:36 - 2023-01-28 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2023-09-08 04:36 - 2023-01-28 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2023-09-08 04:36 - 2023-01-16 00:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2023-09-08 04:36 - 2023-01-09 22:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer
2023-09-08 04:36 - 2023-01-09 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forsaken Tribe
2023-09-08 04:36 - 2022-12-24 10:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2023-09-08 04:36 - 2022-12-23 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2023-09-08 04:35 - 2023-05-31 15:48 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wondershare
2023-09-08 04:35 - 2023-02-02 23:53 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2023-09-08 04:35 - 2023-01-29 18:34 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
2023-09-08 04:35 - 2022-05-07 02:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2023-09-08 01:19 - 2022-05-07 07:41 - 000000000 ____D C:\WINDOWS\system32\AppV
2023-09-08 01:19 - 2022-05-07 07:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\WUModels
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\UUS
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\UNP
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\id-ID
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Common Files\System
2023-09-08 01:16 - 2022-05-07 07:41 - 000036864 ____N (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-09-08 01:16 - 2022-05-07 07:41 - 000023775 ____N C:\WINDOWS\system32\OEMDefaultAssociations.xml
2023-09-08 01:16 - 2022-05-07 02:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-09-08 01:16 - 2022-05-07 02:24 - 000249856 ____N (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-09-08 01:00 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2023-09-08 01:00 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2023-09-08 00:58 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\OCR
2023-09-08 00:55 - 2022-05-07 07:41 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-09-08 00:55 - 2022-05-07 07:41 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\system32\winrm
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\system32\WCN
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\system32\slmgr
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\F12
2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\dsc
2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\DiagSvcs
2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-09-06 17:26 - 2023-01-17 21:49 - 000002418 _____ C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2023-09-06 17:26 - 2023-01-17 21:49 - 000002381 _____ C:\Users\Kaique-Vidal\Desktop\Vivaldi.lnk
2023-09-06 17:26 - 2023-01-17 21:49 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\Vivaldi
2023-09-06 13:59 - 2023-02-01 18:46 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\utorrent
2023-09-06 13:59 - 2023-01-02 14:14 - 000684984 _____ (Mozilla Foundation) C:\Users\Kaique-Vidal\AppData\LocalLow\freebl3.dll
2023-09-06 13:59 - 2023-01-02 14:14 - 000627128 _____ (Mozilla Foundation) C:\Users\Kaique-Vidal\AppData\LocalLow\mozglue.dll
2023-09-06 13:59 - 2023-01-02 14:14 - 000449280 _____ (Microsoft Corporation) C:\Users\Kaique-Vidal\AppData\LocalLow\msvcp140.dll
2023-09-06 13:59 - 2023-01-02 14:14 - 000254392 _____ (Mozilla Foundation) C:\Users\Kaique-Vidal\AppData\LocalLow\softokn3.dll
2023-09-06 13:59 - 2023-01-02 14:14 - 000080128 _____ (Microsoft Corporation) C:\Users\Kaique-Vidal\AppData\LocalLow\vcruntime140.dll
2023-09-06 12:07 - 2023-01-17 15:10 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-05 12:48 - 2022-12-24 00:53 - 000000000 ____D C:\Users\Kaique-Vidal\Downloads\Video
2023-09-04 22:43 - 2022-12-24 09:42 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\BitTorrentHelper
2023-09-04 21:21 - 2022-12-23 22:25 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\vlc
2023-09-03 17:34 - 2023-01-17 15:14 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Word
2023-09-03 01:06 - 2022-12-23 20:08 - 000000000 ____D C:\Program Files\AMD
2023-08-31 20:48 - 2022-12-23 16:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-08-29 21:15 - 2023-01-16 00:37 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\ElevatedDiagnostics
2023-08-25 10:40 - 2022-12-23 21:54 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\AMD_Common
2023-08-23 00:05 - 2023-01-16 00:29 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-08-23 00:05 - 2023-01-16 00:29 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-08-20 23:41 - 2022-12-27 20:43 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\DS4Windows
2023-08-19 00:22 - 2022-12-23 20:06 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\PlaceholderTileLogoFolder
2023-08-16 13:00 - 2023-03-23 ​​11:59 - 000001498 _____ C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera.lnk
2023-08-14 23:44 - 2022-12-23 21:50 - 002967232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\AMDBugReportTool.exe

==================== Files in the root of some directories ========

2023-01-02 17:25 - 2023-01-02 17:25 - 046667280 _____ (Martí Climent ) C:\Users\Kaique-Vidal\WingetUI-Updater.exe
2023-09-09 19:04 - 2023-09-09 19:04 - 000007640 _____ () C:\Users\Kaique-Vidal\AppData\Local\Resmon.ResmonCfg

==================== FCheck =========================== ===

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2023-01-02] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ==========================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt =======================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2023
Ran by Kaique-Vidal (11-09-2023 11:00:06)
Running from C:\Users\Kaique-Vidal\Documents
Microsoft Windows 11 Pro Version 22H2 22621.2134 (X64) (2023-09-08 08:14:56)
Boot Mode: Normal
=================================================== ========


==================== Accounts: ========================== =


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1323333070-3634341992-397913038-500 - Administrator - Disabled)
Guest (S-1-5-21-1323333070-3634341992-397913038-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-1323333070-3634341992-397913038-503 - Limited - Disabled)
Kaique (S-1-5-21-1323333070-3634341992-397913038-1001 - Administrator - Enabled) => C:\Users\Kaique-Vidal
WDAGUtilityAccount (S-1-5-21-1323333070-3634341992-397913038-504 - Limited - Disabled)

==================== Security Center =======================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\uTorrent) (Version: 3.6.0.46884 - BitTorrent Inc.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.003.20284 - Adobe)
Adobe AIR (HKLM-x32\...\{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}) (Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601052}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.06.10.651 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.119 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.19.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.10 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 23.8.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{c63a1907-428b-458b-935e-e61aad4aac6e}) (Version: 4.06.10.651 - Advanced Micro Devices, Inc.) Hidden
Presentations (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\5190a10b17e2997e8fb61dfd1a6e8ae) (Version: 1.0 - Google\Chrome)
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 116.1.57.62 - Brave Authors)
CapCut (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\CapCut) (Version: 1.3.2.166 - Bytedance Pte. Ltd.)
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3042 - Acer Incorporated)
Combo Cleaner (HKLM\...\{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.58.0 - RCS LT) Hidden
Combo Cleaner (HKLM-x32\...\InstallShield_{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.58.0 - RCS LT)
CPUID CPU-Z 2.03 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.03 - CPUID, Inc.)
CrystalDiskInfo 8.17.3 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.17.3 - Crystal Dew World)
Documentation Manager (HKLM\...\{6EEC9A89-A963-48FB-9B63-368C997963E7}) (Version: 22.190.0.4 - Intel Corporation) Hidden
Driver Booster 10 (HKLM-x32\...\Driver Booster_is1) (Version: 10.2.0 - IObit)
Epson Event Manager (HKLM-x32\...\{DBC38C08-9FB5-43A5-B6BA-EB10AC7DA570}) (Version: 3.11.0053 - Seiko Epson Corporation)
EPSON L3210 Series Printer Uninstall (HKLM\...\EPSON L3210 Series) (Version: - Seiko Epson Corporation)
Epson Photo+ (HKLM-x32\...\{5DCB4864-C363-4654-89BF-42660B841136}) (Version: 3.7.1.0 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{562C1C83-6199-49DD-987B-60D5FF7BC971}) (Version: 3.3.2.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
Epson ScanSmart (HKLM-x32\...\{948F96A1-DA95-455C-8086-A77CDC184770}) (Version: 3.6.5 - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{26A9B753-4B5D-46D8-A329-5CEF96FC22D2}) (Version: 4.6.5 - Seiko Epson Corporation)
Fortect (HKLM\...\Fortect) (Version: 6.0.0.1 - Fortect)
Fraps (HKLM-x32\...\Fraps) (Version: - )
FxSound (HKLM\...\{44F94A7A-3F02-44F3-8B53-69E22FB43E36}) (Version: 1.1.16.0 - FxSound LLC) Hidden
FxSound (HKLM\...\FxSound 1.1.16.0) (Version: 1.1.16.0 - FxSound LLC)
EA Download Manager (HKLM-x32\...\EA Download Manager) (Version: 6.0.4.124 - Electronic Arts, Inc.)
Gmail (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\a49dae519e5190504fb80f16e20ec992) (Version: 1.0 - Google\Chrome)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.180 - Google LLC)
Google Drive (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\932db397ccb442165eaf067bd1aedb35) (Version: 1.0 - Google\Chrome)
GRID 2 © Codemasters version 1 (HKLM-x32\...\R1JJRDI=_is1) (Version: 1 - )
HDD Regenerator (HKLM-x32\...\{54551360-A7FE-46B5-B41C-62DC758242AA}) (Version: 20.11.0011 - Abstradrome)
Intel® Software Installer (HKLM-x32\...\{17ca2588-1bb5-40ca-b48f-6a80ffbce846}) (Version: 22.190.0.4 - Intel Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.41.6 - Tonec Inc.)
Macrium Reflect Server Plus (HKLM\...\{33A56673-B256-45B5-8D05-84EB19691C06}) (Version: 8.1.7469 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Server Plus (HKLM\...\MacriumReflect) (Version: v8.1.7469 - Paramount Software (UK) Ltd.)
Mafia II (HKLM-x32\...\Mafia II_is1) (Version: - )
MegaDownloader 1.8 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.8 - megadownloaderapp.blogspot.com)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Host - 6.0.12 (x64) (HKLM\...\{E215AA9E-5DF2-44BC-9D6F-E1A1B0C348FB}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.12 (x64) (HKLM\...\{0712F23C-FBAC-436C-9DDB-125F32D15033}) ​​(Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.12 (x64) (HKLM\...\{1BF67DC1-8BB5-4AF5-BE20-3B53D9532D01}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.76 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.76 - Microsoft Corporation)
Microsoft Office Professional 2016 - pt-br (HKLM\...\ProfessionalRetail - pt-br) (Version: 16.0.16731.20170 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 22.077.0410.0007 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31931 (HKLM-x32\...\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2022
Microsoft Visual C++ 2022
Microsoft Visual C++ 2022
Microsoft Visual C++ 2022
Microsoft Windows Desktop Runtime - 6.0.12 (x64) (HKLM\...\{3E726676-B5F4-48DA-B9F9-78A15B7F8A70}) (Version: 48.51.52100 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.12 (x64) (HKLM-x32\...\{24b99d74-a81e-4765-aefe-be853ac47482}) (Version: 6.0.12.31928 - Microsoft Corporation)
Microsoft
MPC-HC 1.9.24 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.9.24 - MPC-HC Team)
MSI Afterburner 4.6.5 Beta 4 (HKLM-x32\...\Afterburner) (Version: 4.6.5 Beta 4 - MSI Co., LTD)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20052 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20170 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.16731.20052 - Microsoft Corporation) Hidden
One Piece Burning Blood Gold Edition MULTi10 - ElAmigos version 1.06 (HKLM-x32\...\{30391AA3-89CC-41EE-8569-6E5AFC343197}_is1) (Version: 1.06 - Bandai Namco Entertainment)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 101.0.4843.43 (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Opera 101.0.4843.43) (Version: 101.0.4843.43 - Opera Software)
Windows Driver Package - Realtek Net (09/28/2020 10.045.0928.2020) (HKLM\...\C1B42219F20B36DD15C90FF914DFDCE2073C2736) (Version: 09/28/2020 10.045.0928.2020 - Realtek)
Spreadsheets (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\de0e6f7c8cc200e7019511986230e1c8) (Version: 1.0 - Google\Chrome)
PS Remote Play (HKLM-x32\...\{18E06000-568E-4D9D-B506-EF3D3873210D}) (Version: 6.0.0.02240 - Sony Interactive Entertainment Inc.)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10518 - Qualcomm)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.45.928.2020 - Realtek)
RivaTuner Statistics Server 7.3.4 Beta 6 (HKLM-x32\...\RTSS) (Version: 7.3.4 Beta 6 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
RyzenMasterSDK (HKLM\...\{3710415D-9538-4812-A68F-251EA22A8E14}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Screenpresso (HKLM\...\{1e375827-5328-4da4-aed5-7e2b89337772}) (Version: 2.1.8.0 - Learnpulse)
Sonic Generations (HKLM-x32\...\Sonic Generations_is1) (Version: - )
Spider-Man 3 ™ (HKLM-x32\...\InstallShield_{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}) (Version: 1.00.0000 - Activision)
Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.8070 - Microsoft Corporation)
Texts (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\6cbf8614008d280398c1d1816f2c1ca2) (Version: 1.0 - Google\Chrome)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.00 - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
USBHelperLauncher (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\USBHelperLauncher) (Version: 0.17d - FailedShack)
ViGEm Bus Driver (HKLM\...\{9C581C76-2D68-40F8-AA6F-94D3C5215C05}) (Version: 1.21.442 - Nefarius Software Solutions eU)
Vivaldi (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Vivaldi) (Version: 6.2.3105.47 - Vivaldi Technologies AS.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Web Companion (HKLM-x32\...\{7770d576-f685-4c62-8a80-78530ff99c29}) (Version: 7.0.2417.4248 - Lavasoft)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.834 - McAfee, LLC)
WingetUI (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\{889610CC-4337-4BDB-AC3B-4F21806C0BDD}_is1) (Version: 1.5.3 - Martí Climent)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
WinToHDD (HKLM\...\WinToHDD_is1) (Version: 5.8 - Hasleo Software.)
Wondershare Filmora 12(Build 12.2.12.2498) (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Wondershare Filmora 12_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Wondershare NativePush(Build 1.0.0.7) (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Wondershare NativePush_is1) (Version: - )
YouTube (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\7d0fbb6319dc4f2d6542cb28463cb89a) (Version: 1.0 - Google\Chrome)
Zoom (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\ZoomUMX) (Version: 5.15.5 (19404) - Zoom Video Communications, Inc.)

Packages:
=========
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2023-08-18] (Acer Incorporated)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-02-11] (Microsoft Corporation)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-18] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2023-08-18] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2307.24001.0_x64__8wekyb3d8bbwe [2023-08-19] (Microsoft Corporation) [Startup Task]
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-08] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.251.0_x64__dt26b99r8h8gj [2023-08-18] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-08-30] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0 [2023-09-08] (Spotify AB) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-08] (Microsoft Corporation)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2022.1227.2402.199_neutral__8wekyb3d8bbwe [2023-08-18] (Microsoft Corporation)
WinRAR -> C:\Program Files\WinRAR [2023-09-09] (win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> C:\Users\Kaique-Vidal\AppData \Location\ Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
CustomClsid: HKU \ s-1-5-5-21-132333070-3634341992-397913038-1001_classes \ clsid \ {227c9e8f-71a1-4b23-9076-682a1aaed} \ Location CRIUM \ Common \ Reflectonitor.exe (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> C:\Users\Kaique-Vidal\ AppData\Roaming\ 7zip\7-zip.dll (Igor Pavlov) [File not signed]
CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{68AC8A11-8E2F-474E-AE5C-E11EB489347A}\localserver32 -> C:\Users\Kaique-Vidal\AppData\ Location\ Vivaldi\Application\6.2.3105.47\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{A4090264-1B21-4E10-85F8-0B2A0DE5CC23} -> [Music] => C:\Users\Kaique-Vidal\Music [2022-12-23 17:07]
CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> "C:\Users\Kaique-Vidal\AppData\ Location \Vivaldi\Application\4.3.2439.65\notification_helper.exe" => No File
CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{E1E57C1E-543A-42C5-A5E5-05F1A8D59F33}\localserver32 -> "C:\Users\Kaique-Vidal\App Date\Place \Vivaldi\Application\5.6.2867.58\notification_helper.exe" => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-03] (Tonec Inc. - > Tonec FZE)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Mi crosoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Mi crosoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] ( Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Micro soft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] ( Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Mi crosoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-1 7] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-1 7] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01- 17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17 ] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01- 17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-1 7] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Micro soft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] ( Mega Limited -> )
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => D:\Reflect\RContextMenu.dll [2023-04-17] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] ( Mega Limited -> )
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => D:\Reflect\RContextMenu.dll [2023-04-17] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] ( Mega Limited -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Micro soft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] ( Mega Limited -> )
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Micro soft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1323333070-3634341992-397913038-1001: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Kaique-Vidal\AppData\Roaming \7zip \7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers4_S-1-5-21-1323333070-3634341992-397913038-1001: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Kaique-Vidal\AppData\Roaming \7zip \7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers6_S-1-5-21-1323333070-3634341992-397913038-1001: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Kaique-Vidal\AppData\Roaming \7zip \7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.spv1] => C:\Program Files\Learnpulse\Screenpresso\ScreenpressoCodec.dll [167656 2023-01-02] (Learnpulse -> LearnPulse)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.spv1] => C:\Program Files\Learnpulse\Screenpresso\SysWOW64\ScreenpressoCodec.dll [146664 2023-01-02] (Learnpulse -> LearnPulse)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Presentações.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome apps\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe ( Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome apps\Planilhas.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Textos.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml

==================== Loaded Modules (Whitelisted) =============

2019-08-15 17:13 - 2019-08-15 17:13 - 001265664 _____ () [File not signed] D:\runtimes\win-x64\native\e_sqlite3.dll
2023-01-17 15:11 - 2023-01-17 15:11 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2023-01-17 15:11 - 2023-01-17 15:11 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2020-02-07 17:20 - 2020-02-07 17:20 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2018-03-05 16:41 - 2018-03-05 16:41 - 000057856 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\EPNWPSHDevFinder.DLL
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [147]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170902&iDate=2022-12- 24 01:25:57&iid=8a884268-3e2c-421c-b62f-daa3be78a13f&bName=
SearchScopes: HKU\S-1-5-21-1323333070-3634341992-397913038-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023- 08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023- 09-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation )
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09- 06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation )
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09- 06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 06:14 - 2023-06-03 00:55 - 000002480 ____N C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl website
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl website
109.94.209.70 fitgirlrepacks.co # Fake FitGirl website
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl website
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl website
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl website
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl website
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl website
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl website
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl website
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl website
109.94.209.70 www.fitgirl-repack.org # Fake FitGirl website

==================== Other Areas =========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem ;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Fortect
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kaique-Vidal\Pictures\vcuIyoVK_4x.jpg
DNS Servers: 186.232.56.22 - 186.232.56.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Screenpresso"
HKLM\...\StartupApproved\Run: => "EPPCCMON"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "HDD Regenerator"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "_TE16A.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "_TE38F2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "_TE50A4.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "AdobeARM.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "AMDLinkDriverUpdate.xml"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230521123721.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230522121739.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230523121739.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230524121739.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230525131351.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230526122506.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230527121739.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230528121740.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230529121739.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230529131420.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230530035434.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "CUsersKaique-VidalAppDataLocalProgramsOpera101.0.4843.43opera_autoupdate.download.lock"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "cv_debug.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "native_push_sensors"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "TWAIN.LOG"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "Twain001.Mtx"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "Twunk001.MTX"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "Twunk002.MTX"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "upgrade_sensors"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "vivaldi_installer.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "WINWORD.EXE_c2rdll(20230818184958FF4).log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "WINWORD.EXE_c2rdll(20230818185012F30).log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "wsduilib.log.2023-05-31"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "NotifyIconGeneratedAumid_1897770014230834862.png"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bc3902d8132f43e3ae086a009979fa88.db"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bc3902d8132f43e3ae086a009979fa88.db.ses"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bc3902d8132f43e3ae086a009979fa88.db-shm"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bc3902d8132f43e3ae086a009979fa88.db-wal"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ad1bc981-dc18-445f-af4c-722616e0022a.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-11560.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "70304202-db4b-403b-83ef-00fe3e7f78dd.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "5b7675ae-fab0-4d1d-b14f-e59289092601.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "{D1D2057F-2004-493F-A3EA-E787B4CFA417} - OProcSessId.dat"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "{D84E0988-4F06-4DA8-B83B-A61B4B311660} - OProcSessId.dat"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "~DF5C3229F667F003B4.TMP"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "0a09f44c-5052-44c6-a0ff-03f0aee3d716.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "03b1fe12-b65f-4d15-90a9-865bf693cb81.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "4a2a5472-50a2-4835-9a6b-131cc89c450a.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "4fbaf048-d606-45e9-ab3f-8973bf437d12.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "06ce3baa-6039-4e28-91ac-2bf36a64f88f.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "6bc5b74a-08b9-406f-964e-a9f651f75cc8.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "6c34148b-9b32-4806-8a10-cc2859f630ab.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7a8e4dd9-edb6-405f-ab11-4933898e91a4.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7e109536-8500-4984-b505-4c23cbcc2383.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "8b52100e-1fc1-41ff-925b-c3cc72415af3.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9d95cdc3-47d2-4767-90ef-c05451e59d34.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "31cd2e65-2cb8-4532-93db-d66789ba55d9.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "64a8d03c-a179-4a89-80ac-f8ffcd3ba462.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "70b13af5-d133-442c-87c4-162fb8d3f33c.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "102a1086-97a0-4538-8ac5-6ad5c7fa05c1.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "259c7135-cc52-4567-9739-fc73875c8efb.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "633bebe5-5c98-4fae-b934-df4b9fba1395.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "760e8487-290a-4029-8add-94cd91f45417.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "794e5f1e-2691-4e27-86b0-60ed49aaf762.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "1396a6de-e821-451e-94e9-deb8607e8df6.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "125610fa-6c7d-4d25-a3cc-1e7f302d6dbf.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "532527e9-1027-44db-a331-b12e68ead280.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "568122a3-c1de-4b8b-8e50-9c77846d5a30.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2694432a-8846-4c61-9d1f-cbc85b6a3690.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "4694941f-5b0c-4dac-9089-e4e3e5460ef2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7258065a-ccc6-48a3-9b3e-f28217024087.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "52895737-f9fa-4ef9-b5f5-502841fdc01d.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a5c1d119-5bbd-4870-b1a0-93c24ba41446.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "af4dc4dc-917d-4d63-bf5b-23948742e015.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230908080437.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "c296216d-cd0a-4558-910e-2735e77f5730.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "cb44c71f-3149-4e79-a1c7-ac9af0dcbe2e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "cd2030f7-593f-4651-b8ae-a390f31fecbc.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "codeint7684"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f6524bc1-d000-41c6-8980-903908fdad43.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f1478730-f32d-4ad5-a81a-c67ac8645dd6.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-11048.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-11544.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230908123847.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "1a30ef6b-6420-432a-b999-0838f4fb83ea.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "codeint9994"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f8a97030-3520-4caf-b176-4eb880818840.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f3838886-1cce-4d37-a81c-b39cd076673b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "5b82d819-aac3-406c-be72-90908efdf572.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "98f520e9-c248-4920-bd26-9fef435c7e82.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7a5e678d-2aa9-4e70-89f2-f0c1245da28d.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "79a51465-ba7c-4d62-9701-3d3048e32ecb.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "e37b0cc4-a65c-47f4-b688-fe662e39b208.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a91cdadf-cf7e-4bef-9a85-ecc337f8497a.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9dde50ef-ef6f-4aeb-b336-36dcdbe3e354.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "0a709337-99cf-4dbc-ac80-372ffa2bea54.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "8d825f93-a3ea-4883-8755-26b2d960f468.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "017fe334-6cac-49b0-b349-463a86ab5daf.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "26bb03ef-3f7a-442d-85d7-c89b2e529209.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "69d69dbe-119e-45a5-90dc-23408c7307f3.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "81a4b299-633c-4490-8433-f8cedaf44565.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "515c7eac-052e-4438-9cb6-abdc74e77c3b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a78fdca7-8f02-4e90-99b8-4f53290f2de7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ae1bb607-c6f2-4c3f-911e-51672deb1fb2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230909124551.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-10688.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-11352.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "0d512ce0-043b-4cc4-9eee-d2e14d6096a2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "~DF12770EFFD26C212F.TMP"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2a9e72e8-0474-4545-ba29-a74478298d70.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2a2215f6-599f-455d-a13f-01643113b5f8.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2d458545-5146-406d-b73c-017278aa468b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2ddd15aa-753e-405d-af13-2c5f78600d4b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2f4808aa-1d30-4c26-a6db-4962cf596d39.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "03c081a4-a9d0-48d7-a53f-b08b079242d7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "3dc66679-6565-41dc-a410-7c87af280a48.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "6e88977e-20d3-4d8e-9602-37ad6d38a238.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "8ec78666-4dc4-4a41-ab6a-1398633466bf.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9dd74573-2b65-4617-aee0-ac5ea4bdfd33.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "25d367e6-3683-480c-b1d2-08afa3bdd124.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "29c2922f-1a93-4984-9dc7-1fa7393a0d3f.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "65eeb7d8-e379-47ec-9ba8-3f28cb0fe07e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "68d28bda-c859-4638-8a6f-7c6ed1c792e6.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "74c66e7e-0d2e-43d6-8ac2-7965c3a4ed63.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "e4dce29c-5320-464c-9f66-955e2748d746.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "e83d29e9-3ec9-496e-867d-7ed5cb8ea538.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ec948785-c546-412e-b925-a0b1ca297bf5.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "~DF382F7B16BFFB8278.TMP"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2b2ee02f-f502-4a32-a5e7-d48de29ad69d.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "3a3c0a6a-d034-47c9-b6e0-253f116ed8d7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "5d3b0c41-50f6-4198-b8c7-261d947d419b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "5fdf2624-fbd2-47f1-880f-b81c03a391cc.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "6d277e08-ef57-4449-bb8e-a62ef7f66c67.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7be9dd6b-6789-4aa0-8c0c-e6f355e430b6.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9fe265bb-895f-412a-93e0-4d41ad18b74a.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "44d26f6d-fc66-474b-8686-482bae556eea.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "54d4ffda-eadf-41c2-b1b4-1001d2034eac.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "64b2424e-0197-49f7-b0b7-59c46b3bb77c.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "75a7af82-1584-45ea-8518-43bdc7982cc7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "83e803d2-3330-472e-8cf7-aee04d417ce9.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "90b8b0e0-8476-415a-8c48-ead7e6834958.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "90e201e8-00f0-4f79-b890-9d671614dcf5.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "692ce983-1587-4f20-8b3f-f6a8d94f1edf.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "0754a294-5546-4c21-9d32-993ed82a980b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "3806196d-396e-4330-ba1c-fbe7753d7dd4.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a15a8d5c-a558-4b7b-903e-ed2314aeed3d.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a81bcafe-e504-4f3a-b57f-d95012a9138b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "b6bd0f7e-4a13-4874-bb9f-ea25faf8207e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "b7efd749-d185-4745-9bc6-a396717bcf3e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "b63c40ed-956d-4c6e-9e59-ab1a70a766a7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "b91ad984-5e8a-49f7-b1a9-4e2916dfdba8.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bce7bfa2-ad8b-42e1-beaa-9f5ff4e6a3e7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bcf6b9de-207a-4ec5-bd18-3c0466aa7297.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "cdb382a3-5e05-429d-9fe0-ae7e810c126e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "d1a1469e-c5a3-4c16-a9ca-43b63ceffdda.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "de5ed909-de67-4234-aad1-facdb9afb132.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "e04897ef-f9f0-4711-be21-4d00daa9f76e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ef8e6659-1e24-47f0-a5cf-153c182e1a36.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f58ea10f-f24b-46c4-8cbf-86dd343f6022.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f734d4a0-2ab9-4c34-a6ae-23d7968193d2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ff8386f6-9e42-4ea3-b8aa-04dc4c4a3079.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "1cbe6d1b-76dc-4da2-8fa7-4db79d0f7892.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ded90ef2-f596-454e-bc10-5410bc8e06ba.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "AMDNoiseSuppression"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "NeatDM"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "ut"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_90C0C776FC4CC570E7FB3277B161E7B0"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "WingetUI"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "Opera GX Stable"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "TaskbarSystem"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B7C06C68F464209BF2BA4F21CB7E80AF"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "Opera Stable"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8E82F8C2-1136-499F-B01A-7CC6D76831FC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0CF5F626-16C7-4D99-B027-33FEF351E344}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc. )
FirewallRules: [{65204FA4-EE92-438B-B43E-4507E134659E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12- 4CDF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{2D4E9AF8-E071-4978-B88A-FAA1B8248859}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12- 4CDF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{50AABC93-F1C3-4E4E-8D80-AE07D1679696}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12- 4CDF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{12EEFD97-2F7F-4337-AA18-16F6CC9E7EE9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF -B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{BDB1A7F9-7EEE-4498-9323-D6BA313BEA45}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4C DF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{FD04E2BF-A9ED-4CE9-BCDD-048D38AD2394}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B 0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{95A691A4-9536-4686-9F63-05AA138DED45}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12- 4CDF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{6E17808C-A7A7-413F-B206-B7BB2CBA8B7A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12- 4CDF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{1F2E6836-3EA4-4364-BFFE-0AB9D2C3B71D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4C DF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{80C1C9E5-ABF7-45BE-ACE3-B3FFFAE3583D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF- B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{7525866F-61C9-4132-9FDD-4C900553D2F2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies SA )
FirewallRules: [{08940D60-B2E0-44A2-B2FD-1AD57BA62F62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies SA )
FirewallRules: [{EF1EB441-A7E7-4124-8F89-B1D8F4DA6C7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl - > Skype Technologies SA )
FirewallRules: [{A0DAA598-FB5C-4BB8-9036-23BA04D7097A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies SA )
FirewallRules: [{D89D535C-2873-4664-B202-DDEFABEC8F36}] => (Allow) D:\RemotePlay\RemotePlay.exe (Sony Interactive Entertainment Inc. -> Sony Interactive Entertainment Inc.)
FirewallRules: [{AEE55181-98D2-4DCD-B04B-573BA5237EEA}] => (Allow) D:\UsersKaique-Vidal\Steam.exe => No File
FirewallRules: [{161E03C5-53BA-4A2F-B0DF-FAD305AAEE51}] => (Allow) D:\UsersKaique-Vidal\Steam.exe => No File
FirewallRules: [{32BBDB8F-3DA0-45C5-8D4A-3E22DC28602C}] => (Allow) C:\Users\Kaique-Vidal\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd - >Wondershare)
FirewallRules: [{8893D337-8650-49F2-9CFB-1CD5744ED920}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6FEBC959-E460-49C9-B62C-41B3CE693EDC}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A57DEB10-56A5-4D70-82F3-BF355C778E80}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4B5073CC-2A01-4A64-8E33-3D3DC9E14D08}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{01D9D60F-D317-4E23-9EF4-958F18D1B8B8}C:\users\kaique-vidal\appdata\local\programs\opera\opera.exe] => (Block) C:\users\kaique- vidal\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{7266B4E4-FB40-4499-99CA-585F452311ED}C:\users\kaique-vidal\appdata\local\programs\opera\opera.exe] => (Block) C:\users\kaique- vidal\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{3F7B595A-3C1A-4DAA-B431-C176274B822D}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{F18CE06F-2979-41C5-BCAB-6DE0855BAD12}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{5A222EB5-7735-4EB0-8C73-089A6CCC48D4}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe (UBISOFT ENTERTAINMENT INC. -> ) [File not signed ]
FirewallRules: [{ABC06E03-02AF-44E8-9550-8682C2EC872A}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe (UBISOFT ENTERTAINMENT INC. -> ) [File not signed ]
FirewallRules: [{F340B239-B855-426D-9D44-1C81B0C185CE}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe (UBISOFT ENTERTAINMENT INC. -> ) [File not signed ]
FirewallRules: [{4057D799-00DC-4EA3-A23C-D7A990A0FA3A}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe (UBISOFT ENTERTAINMENT INC. -> ) [File not signed ]
FirewallRules: [{D0D46B72-D0CB-46B6-81B7-B015EBBA4EE0}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{3D881920-412C-4CEB-810D-7AF28DA3731F}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [UDP Query User{69F25DD0-2BA6-4B8C-B3D4-B3C4075EC450}D:\games\max payne 3\maxpayne3.exe] => (Allow) D:\games\max payne 3\maxpayne3.exe => No Filet
FirewallRules: [TCP Query User{EC0A76FC-D192-4A26-A229-6028746E0036}D:\games\max payne 3\maxpayne3.exe] => (Allow) D:\games\max payne 3\maxpayne3.exe => No Filet
FirewallRules: [{8C753196-B365-4284-BAE5-4861BCA654E7}] => (Allow) C:\Users\Kaique-Vidal\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{C9B7439D-AF56-4E20-9273-FF7B9283CCD2}] => (Allow) C:\Users\Kaique-Vidal\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{6534DB3A-8889-4048-BE5D-50D7CBD33558}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{FDDECF79-900F-48CC-BD7B-9057EE8E413B}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{BEC022AD-1F79-4C1E-9322-32D9A9AED04B}C:\users\kaique-vidal\appdata\roaming\utorrent\updates\utorrent.exe] => (Allow) C:\users\kaique- vidal\appdata\roaming\utorrent\updates\utorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{DEC09A5D-CFA6-416C-A0E8-6B5AD0684878}C:\users\kaique-vidal\appdata\roaming\utorrent\updates\utorrent.exe] => (Allow) C:\users\kaique- vidal\appdata\roaming\utorrent\updates\utorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{24C02FB3-4850-44AE-B3F1-DF467547B1D9}D:\cemu_1.26.2\cemu_1.26.2\cemu.exe] => (Allow) D:\cemu_1.26.2\cemu_1.26.2\cemu. exe() [File not signed]
FirewallRules: [TCP Query User{8CA48EE8-FB32-4B8A-ADEA-55E59568BC3B}D:\cemu_1.26.2\cemu_1.26.2\cemu.exe] => (Allow) D:\cemu_1.26.2\cemu_1.26.2\cemu. exe() [File not signed]
FirewallRules: [UDP Query User{E08EC326-0A04-46E0-9C87-16BFDBDD3346}D:\games\wiiu_usb_helper_.exe] => (Allow) D:\games\wiiu_usb_helper_.exe (Hikari06) [File not signed]
FirewallRules: [TCP Query User{B557961D-FA73-410D-8953-72F713423250}D:\games\wiiu_usb_helper_.exe] => (Allow) D:\games\wiiu_usb_helper_.exe (Hikari06) [File not signed]
FirewallRules: [UDP Query User{FE14AE93-DFC7-4F3C-8199-64F0AFE5F62A}D:\games\usbhelperlauncher.exe] => (Allow) D:\games\usbhelperlauncher.exe () [File not signed]
FirewallRules: [TCP Query User{9DEF5E9D-3CF5-463A-A334-9A9697B1D7C3}D:\games\usbhelperlauncher.exe] => (Allow) D:\games\usbhelperlauncher.exe () [File not signed]
FirewallRules: [UDP Query User{6ABAD511-6021-4603-A733-3CE92E1F38FD}D:\bayonetta 2\cemu\cemu.exe] => (Allow) D:\bayonetta 2\cemu\cemu.exe => No File
FirewallRules: [TCP Query User{2F58A27D-A940-4ACB-8FC9-62D604848C42}D:\bayonetta 2\cemu\cemu.exe] => (Allow) D:\bayonetta 2\cemu\cemu.exe => No File
FirewallRules: [UDP Query User{737ECB88-CAF0-4790-92D2-8C893120C698}D:\games\call of duty - modern warfare 3\iw5mp.exe] => (Block) D:\games\call of duty - modern warfare 3\iw5mp.exe => No File
FirewallRules: [TCP Query User{139F040D-762B-4781-B515-0DFBFC0DABDF}D:\games\call of duty - modern warfare 3\iw5mp.exe] => (Block) D:\games\call of duty - modern warfare 3\iw5mp.exe => No File
FirewallRules: [UDP Query User{1164B66F-279D-4807-BED4-A55CBA3C765C}D:\singularity\binaries\singularity.exe] => (Allow) D:\singularity\binaries\singularity.exe => No File
FirewallRules: [TCP Query User{FA7C9610-224E-472C-9DD3-32A525440365}D:\singularity\binaries\singularity.exe] => (Allow) D:\singularity\binaries\singularity.exe => No File
FirewallRules: [UDP Query User{D8B9A76C-F094-4D3E-9B47-A7004B6EC409}D:\games\call of duty - modern warfare 3\iw5sp.exe] => (Allow) D:\games\call of duty - modern warfare 3\iw5sp.exe => No File
FirewallRules: [TCP Query User{E85DE732-0752-44EF-8302-0609FB179547}D:\games\call of duty - modern warfare 3\iw5sp.exe] => (Allow) D:\games\call of duty - modern warfare 3\iw5sp.exe => No File
FirewallRules: [UDP Query User{087FD02D-46FD-4607-AAC6-4F00EA1C965F}D:\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) D:\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe = > No File
FirewallRules: [TCP Query User{F4105CCE-4152-4B11-B0FC-A98B2D876B72}D:\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) D:\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe = > No File
FirewallRules: [UDP Query User{3D132CBB-6DDD-4907-8DDC-B65E592F819F}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe => No File
FirewallRules: [TCP Query User{EFCB1484-2383-4581-9B15-F6ED473760B6}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe => No File
FirewallRules: [UDP Query User{7402A331-8814-40FF-8178-41CC28C8F5CB}D:\megadownloader\megadownloader.exe] => (Allow) D:\megadownloader\megadownloader.exe () [File not signed]
FirewallRules: [TCP Query User{37A1BAF6-F139-4176-9788-353662159B35}D:\megadownloader\megadownloader.exe] => (Allow) D:\megadownloader\megadownloader.exe () [File not signed]
FirewallRules: [UDP Query User{4D45D7E9-7D75-4654-9D19-A258593A2046}D:\xenia_master\xenia.exe] => (Allow) D:\xenia_master\xenia.exe => No File
FirewallRules: [TCP Query User{9288B63D-4B05-4E5B-B819-EA7EDC954B2F}D:\xenia_master\xenia.exe] => (Allow) D:\xenia_master\xenia.exe => No File
FirewallRules: [UDP Query User{27CFFE8F-AF53-4CF5-B850-2C9C334488F7}C:\users\kaique-vidal\downloads\compressed\ps3\rpcs3.exe] => (Allow) C:\users\kaique-vidal\ downloads\compressed\ps3\rpcs3.exe => No File
FirewallRules: [TCP Query User{F63514AB-EEF3-40F0-9572-99A49AF25A50}C:\users\kaique-vidal\downloads\compressed\ps3\rpcs3.exe] => (Allow) C:\users\kaique-vidal\ downloads\compressed\ps3\rpcs3.exe => No File
FirewallRules: [{0A926A61-EB97-4392-8D44-66FCA235457C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{69073435-1781-4EAB-9F51-19ACAB58B3C2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{4A787A40-6340-490A-92EA-53F1F8600862}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{416773ED-6E2C-4307-8E95-C06200B6F941}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [UDP Query User{B62AE1C8-609B-4E4B-B03F-B9FE48A66743}C:\program files (x86)\modern\call of duty - world at war\codwaw.exe] => (Block) C:\program files (x86)\modern\call of duty - world at war\codwaw.exe => No File
FirewallRules: [TCP Query User{F3D326C8-3BB9-4211-9303-967CD5A6409C}C:\program files (x86)\modern\call of duty - world at war\codwaw.exe] => (Block) C:\program files (x86)\modern\call of duty - world at war\codwaw.exe => No File
FirewallRules: [UDP Query User{2D02C5C7-1029-4C33-83A0-7CA2D055F695}C:\program files (x86)\call of duty black ops\blackops.exe] => (Block) C:\program files (x86)\ call of duty black ops\blackops.exe => No File
FirewallRules: [TCP Query User{DE79083E-64EE-4FAE-9DAF-65F37690440A}C:\program files (x86)\call of duty black ops\blackops.exe] => (Block) C:\program files (x86)\ call of duty black ops\blackops.exe => No File
FirewallRules: [UDP Query User{046F4658-74FB-4F59-85C4-45D6912942CE}C:\users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwawmp.exe] => (Block) C: \users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwawmp.exe => No File
FirewallRules: [TCP Query User{B44B7661-009D-460D-A0E6-9A63009F640C}C:\users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwawmp.exe] => (Block) C: \users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwawmp.exe => No File
FirewallRules: [UDP Query User{4B00A1F2-FE76-4CE7-8BA2-3954A66B678A}C:\users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwaw.exe] => (Block) C: \users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwaw.exe => No File
FirewallRules: [TCP Query User{AD4D035E-1F50-402C-96EC-7F54D365D3A6}C:\users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwaw.exe] => (Block) C: \users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwaw.exe => No File
FirewallRules: [UDP Query User{E1219244-9748-4A45-BECD-49ECFFA12B4E}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe ( VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{822D2DB7-648D-420A-973D-5F7A61CAFF34}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe ( VideoLAN -> VideoLAN)
FirewallRules: [{2EBDB828-8FE4-47CF-B16C-A9208EAA48DE}] => (Allow) C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [UDP Query User{4C7A86C9-DCAF-4932-A060-A772B2C9B2D6}C:\program files\amd\cnext\cnext\radeonsoftware.exe] => (Block) C:\program files\amd\cnext\cnext\ radeonsoftware.exe (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
FirewallRules: [TCP Query User{2ED3315E-C538-42DA-B6DF-1BF3ABDAE565}C:\program files\amd\cnext\cnext\radeonsoftware.exe] => (Block) C:\program files\amd\cnext\cnext\ radeonsoftware.exe (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
FirewallRules: [{2CDDC7CE-953B-40A5-85E5-6A7D2AF69D0D}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{E023515B-0980-4049-AAA7-35CED159A8FB}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{245AB0E5-1700-49FF-9771-FF138DF87761}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{6B073B47-98C9-4FAC-B3E5-1941CC767634}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{19D1838D-209F-4503-B6F3-8774C326EF37}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{561A63F2-DD0D-4DD8-9ADA-6C46268DD470}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{854CFC3E-E14B-4481-A83F-3432CC4FBE0D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1A82EE21-5A86-4CBF-B349-38BFFDA4D5A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4C DF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{193435B2-BF6B-430A-9737-3ABAA0505973}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4 CDF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{33F03619-E470-4FA0-B1F6-18396475FC49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12- 4CDF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{CD2451A3-67F8-4B24-808D-41A9230D0B17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12 -4CDF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{CD772BA7-3EE4-42CC-BBD5-AEF20AD78F3C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B 0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{B20FBED0-FC5C-4F95-ABEB-FCBBEAC95866}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B 0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{289C6897-48F8-4241-9D1D-23116902BED2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12 -4CDF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{4DB15538-C09D-4013-B1B9-5D6ECCBDCB81}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4C DF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{C45EDF05-D4A6-4994-8EDC-D79E39651306}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12- 4CDF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{51A55A24-2FB6-4769-8C2B-8D12189AC636}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12- 4CDF-B0D3-2A3C863BF6EF - >Spotify Ltd)
FirewallRules: [{F8C3328D-820F-4ECD-9AB5-083820513C13}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{13C5F84E-3941-4A06-BBBE-84ED99DFE1F5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{71D5C5C1-0BAE-4664-B861-A9A2D29CAFE3}] => (Allow) C:\Program Files\Fortect\MainService.exe (Fortect LTD -> Fortect LTD.)
FirewallRules: [{50BD2504-7650-45D5-A0FD-4172B860FDDB}] => (Allow) C:\Program Files\Fortect\MainService.exe (Fortect LTD -> Fortect LTD.)

==================== Restore Points ========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: =======================

Application errors:
==================
Error: (09/11/2023 10:46:34 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Kaique-Vidal\AppData\Local\Temp\Temp059b4614-5d9f-4efa-a2b2-253c87e2c52f_Autoruns.zip\Autoruns.exe". Error in manifest or policy file "", on line .
A component version required by the application conflicts with another already active component version.
The conflicting components are:
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2070_none_6ec11d2a87fe200c.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2070_none_2713e6537381f706.manifest.

Error: (09/11/2023 10:43:01 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-RTLM44P)
Description: Faulting application name: ACCStd.exe, version: 4.0.3042.0, timestamp: 0x61cc5d9c
Faulting module name: KERNELBASE.dll, version: 10.0.22621.2134, timestamp: 0xc42b59fb
Exception code: 0xe0434352
Fault offset: 0x0000000000064c3c
Faulting process ID: 0x0x638
Failed application start time: 0x0x1d9e4b45d68a874
Faulting application path: C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
Failing module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 343c9fcd-e7a2-4716-a2cc-038cf993c780
Full name of the failed package:
Application ID relative to the failed package:

Error: (09/11/2023 10:43:01 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ACCStd.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Information: System.InvalidOperationException
in System.ThrowHelper.ThrowInvalidOperationException(System.ExceptionResource)
in System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNextRare()
in WiFiDevice.WiFiManager.GenerateDevices()
in Acer.CareCenter.Diagnostic.ADSPlgSimpleCtl.AddDeviceList(DiagnosticPlugin.DeviceManager)
at Acer.CareCenter.Diagnostic.ADSPlgSimpleCtl.InfoUpdate(System.Object, DiagnosticEvent.InformationUpdateEventArgs)
in WiFiDevice.WiFiManager.NetworkChange_NetworkAvailabilityChanged(System.Object, System.Net.NetworkInformation.NetworkAvailabilityEventArgs)
in System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
in System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
in System.Net.NetworkInformation.NetworkChange+AvailabilityChangeListener.ChangedAddress(System.Object, System.EventArgs)
in System.Net.NetworkInformation.NetworkChange+AddressChangeListener.AddressChangedCallback(System.Object, Boolean)
in System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)

Error: (11/09/2023 10:33:17 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program EnglishFRST64.exe version 28.8.2023.0 interacted with Windows and closed. To see if more information is available about the issue, check the issue history in the Security and Maintenance dashboard.

Error: (11/09/2023 10:32:43 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program EnglishFRST64.exe version 28.8.2023.0 interacted with Windows and closed. To see if more information is available about the issue, check the issue history in the Security and Maintenance dashboard.

Error: (11/09/2023 10:32:18 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program EnglishFRST64.exe version 28.8.2023.0 interacted with Windows and closed. To see if more information is available about the issue, check the issue history in the Security and Maintenance dashboard.

Error: (11/09/2023 10:29:18 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP certificate registration initialization failed for WORKGROUP\DESKTOP-RTLM44P$ via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 11 Sep 2023 13:29:19 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 0e5620cc-849d-4796-a1c8-f48591ffbcea

Method: GET(328ms)
Internship: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (11/09/2023 10:29:17 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Initialization of SCEP certificate registration for Local System failed via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 11 Sep 2023 13:29:18 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 0031f2cb-55ce-4938-bfab-f3943ed33497

Method: GET(453ms)
Internship: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)


System errors:
=============
Error: (09/11/2023 10:30:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMDRyzenMasterDriverV20 service could not be started due to the following error:
The system cannot find the specified file.

Error: (09/11/2023 10:29:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMDRyzenMasterDriverV20 service could not be started due to the following error:
The system cannot find the specified file.

Error: (09/11/2023 10:29:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMDRyzenMasterDriverV20 service could not be started due to the following error:
The system cannot find the specified file.

Error: (11/09/2023 10:29:24 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Corruption detected in the file system structure, on volume D:.

The MFT (Master File Table) contains a corrupted file record. The file reference number is 0x500000000a174. The file name is "\w11\Macrium Reflect 8.1.7367 (x64) Multilingual + WinPE WinRE\Macrium Reflect 8.1.7367 (x64) Multilingual + WinPE WinRE".

Error: (09/11/2023 10:29:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMDRyzenMasterDriverV20 service could not be started due to the following error:
The system cannot find the specified file.

Error: (09/11/2023 10:28:46 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RTLM44P)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (09/11/2023 08:25:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ACC Service service terminated unexpectedly. This happened 1 time(s).

Error: (09/11/2023 08:02:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ComboCleaner.Guard service terminated unexpectedly. This happened 1 time(s).


Windows Defender:
================
Date: 2023-09-10 00:32:41
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information, see below:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.H!ml&threatid=2147814523&enterprise=0
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan Horse
Path: file:_C:\Windows\Temp\tmp00000585\tmp0002a8bf
Detection Source: Local computer
Detection Type: Concrete
Detection Source: Real-Time Protection
User: NT AUTHORITY\SYSTEM
Process Name: D:\ComboCleaner.Guard.exe
Security Intelligence Version: AV: 1.397.696.0, AS: 1.397.696.0, NIS: 1.397.696.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005

Date: 2023-09-10 00:28:06
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information, see below:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929&enterprise=0
Name: VirTool:Win32/Obfuscator.XZ
Severity: Severe
Category: Tool
Path: containerfile:_D:\Splinter.Cell.Blacklist-RELOADED\rld-scblack.iso; file:_D:\Splinter.Cell.Blacklist-RELOADED\rld-scblack.iso->Crack\uplay_r1.dll
Detection Source: Local computer
Detection Type: FastPath
Detection Source: User
User:
Process Name: Unknown
Security Intelligence Version: AV: 1.397.696.0, AS: 1.397.696.0, NIS: 1.397.696.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005

Date: 2023-09-09 22:49:34
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information, see below:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929&enterprise=0
Name: VirTool:Win32/Obfuscator.XZ
Severity: Severe
Category: Tool
Path: containerfile:_D:\Splinter.Cell.Blacklist-RELOADED\rld-scblack.iso; file:_D:\Splinter.Cell.Blacklist-RELOADED\rld-scblack.iso->Crack\uplay_r1.dll
Detection Source: Local computer
Detection Type: FastPath
Detection Source: User
User: DESKTOP-RTLM44P\Kaique-Vidal
Process Name: Unknown
Security Intelligence Version: AV: 1.397.688.0, AS: 1.397.688.0, NIS: 1.397.688.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005

Date: 2023-09-09 22:49:34
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information, see below:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sabsik.FL.B!ml&threatid=2147780203&enterprise=0
Name: Trojan:Win32/Sabsik.FL.B!ml
Severity: Severe
Category: Trojan Horse
Path: file:_D:\Setup_123_Passwords_Full\Setup.exe
Detection Source: Local computer
Detection Type: FastPath
Detection Source: User
User: DESKTOP-RTLM44P\Kaique-Vidal
Process Name: Unknown
Security Intelligence Version: AV: 1.397.688.0, AS: 1.397.688.0, NIS: 1.397.688.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005

Date: 2023-09-09 22:17:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information, see below:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.H!ml&threatid=2147814523&enterprise=0
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan Horse
Path: file:_C:\Users\Kaique-Vidal\Downloads\Kaspersky_Total_Security\Kaspersky Total Security\kts21.3.10.391en_26099.exe
Detection Source: Local computer
Detection Type: FastPath
Detection Source: Real-Time Protection
User: DESKTOP-RTLM44P\Kaique-Vidal
Process Name: C:\Windows\explorer.exe
Security Intelligence Version: AV: 1.397.688.0, AS: 1.397.688.0, NIS: 1.397.688.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005
Event[0]

Date: 2023-09-10 00:32:38
Description:
Microsoft Defender Antivirus encountered an error when trying to load a suspicious file for further analysis.
File Name: C:\Windows\Temp\tmp00000585\tmp0002a8bf
Sha256:9cf1c37a7566fc3bb5ebcf58a633f4574f32addf6082f2b504e33857c9cf6ca5
Current Security Intelligence Version: AV: 1.397.696.0, AS: 1.397.696.0
Current Engine Version: 1.1.23080.2005
Error Code: 0x80508016
 

Date: 2023-09-09 16:08:44
Description:
The Microsoft Defender Antivirus Real-Time Protection feature encountered an error and failed.
Feature: In Access Time
Error Code: 0x8007043c
Error Description: Unable to share this service in Safe Mode
Reason: Anti-malware security intelligence has stopped working for an unknown reason. In some cases, restarting the service may resolve the issue.

Date: 2023-09-08 07:58:07
Description:
The Microsoft Defender Antivirus Real-Time Protection feature encountered an error and failed.
Feature: In Access Time
Error Code: 0x8007043c
Error Description: Unable to share this service in Safe Mode
Reason: Anti-malware security intelligence has stopped working for an unknown reason. In some cases, restarting the service may resolve the issue.

Date: 2023-09-08 06:33:47
Description:
The Microsoft Defender Antivirus Real-Time Protection feature encountered an error and failed.
Feature: In Access Time
Error Code: 0x8007043c
Error Description: Unable to share this service in Safe Mode
Reason: Anti-malware security intelligence has stopped working for an unknown reason. In some cases, restarting the service may resolve the issue.

CodeIntegrity:
===============
Date: 2023-09-09 22:12:41
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================

BIOS: INSYDE Corp. V1.14 04/07/2023
Motherboard: LN Calla_LC
Processor: AMD Ryzen 7 5700U with Radeon Graphics
Percentage of memory in use: 32%
Total physical RAM: 19818.31 MB
Available physical RAM: 13423.35 MB
Total Virtual: 21098.31 MB
Available Virtual: 13489.23 MB

==================== Drives =========================== ===

Drive c: () (Fixed) (Total:930.66 GB) (Free:797.82 GB) (Model: WD_BLACK SN770 1TB) NTFS
Drive d: (New volume) (Fixed) (Total:953.87 GB) (Free:598.36 GB) (Model: Lenovo E660 SSD-2.5-1TB) NTFS
Drive e: () (Fixed) (Total:0.09 GB) (Free:0.06 GB) (Model: WD_BLACK SN770 1TB) FAT32

\\?\Volume{46d56a73-b334-4276-848e-02e8f72da849}\ () (Fixed) (Total:0.72 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

=================================================== ========
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ======================
 

Attached Files


Edited by Oh My!, 11 September 2023 - 09:40 AM.

BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 11 September 2023 - 09:34 AM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

**Update***

 

Apologies, I see you already renamed FRST64. Allow me some time to review.


Edited by Oh My!, 11 September 2023 - 09:38 AM.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#3 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 11 September 2023 - 09:48 AM

Unfortunately there is evidence of unauthorized/illegal software on your computer. I am going to request you completely uninstall all products requiring proper activation for which you do not have a valid Product Key, including all "cracked" software. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you are willing to remove all cracked software please complete the following after removal.

===================================================

ESET Online Scanner

--------------------

Note: You can expect this process to take a long time, up to several hours or more.
  • Download ESET Free Online Scanner and save it to your Desktop
  • Right click on esetonlinescanner_enu.exe and select Run as administrator
  • Click Computer Scan
  • Click Full scan
  • Select Enable ESET to detect and quarantine potentially unwanted applications
  • Click Start scan
  • Once completed click Save scan log and save it to your Desktop as ESETScan.txt
  • Click Continue then finally click Close
  • Copy and paste the ESETScan.txt file contents in your reply
===================================================

Run a new FRST scan and copy/paste both reports in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET report
  • FRST reports

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#4 Kay07

Kay07
  • Topic Starter

  • Avatar image
  • Members
  • 61 posts
  • OFFLINE
    •  

Posted 11 September 2023 - 07:07 PM

I believe I removed them all

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2023
Ran by Kaique (administrator) on DESKTOP-RTLM44P (Acer Aspire A515-45) (11-09-2023 20:41:00)
Running from C:\Users\Kaique-Vidal\Documents\EnglishFRST64.exe
Loaded Profiles: Kaique
Platform: Microsoft Windows 11 Pro Version 22H2 22621.2134 (X64) Language: Português (Brasil)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.141\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.141\BraveCrashHandler64.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\msedgewebview2.exe <6>
(DriverStore\FileRepository͠754.inf_amd64_7d6765da852a002c\B360708\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͠754.inf_amd64_7d6765da852a002c\B360708\atieclxx.exe
(explorer.exe ->) (Fortect LTD -> Fortect Ltd.) C:\Program Files\Fortect\bin\FortectTray.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) [File not signed] C:\Program Files\Macrium\Common\ReflectUI.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(services.exe ->) (Abstradrome -> ) C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͠754.inf_amd64_7d6765da852a002c\B360708\atiesrxx.exe
(services.exe ->) (Fortect LTD -> Fortect Ltd.) C:\Program Files\Fortect\bin\MainDaemon.exe
(services.exe ->) (Fortect LTD -> Fortect LTD.) C:\Program Files\Fortect\MainService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) [File not signed] C:\Program Files\Macrium\Common\MacriumService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f7fdb960c5e8ef2a\RtkAudUService64.exe <2>
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\Kaique-Vidal\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
(svchost.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
(svchost.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f7fdb960c5e8ef2a\RtkAudUService64.exe [1272664 2021-07-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [9926928 2023-09-06] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) [File not signed]
HKLM\...\Run: [Combo Cleaner] => "D:\ComboCleaner.exe" -minimized (No File)
HKLM\...\Run: [Fortect] => C:\Program Files\Fortect\bin\FortectTray.exe [462296 2023-08-17] (Fortect LTD -> Fortect Ltd.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126403424 2022-03-21] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [HDD Regenerator] => C:\Program Files (x86)\HDD Regenerator\Shell.exe [89896 2012-11-18] (Abstradrome -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [EnableCdp] 0
HKLM\Software\Policies\...\system: [EnableMmx] 0
HKLM\Software\Policies\...\system: [RSoPLogging] 0
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [2450336 2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [2450336 2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [MicrosoftEdgeAutoLaunch_90C0C776FC4CC570E7FB3277B161E7B0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108344 2023-09-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5878784 2022-12-03] (Tonec Inc.) [File not signed]
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [Opera Stable] => C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\launcher.exe [2730912 2023-08-09] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIYXE.EXE [485976 2020-09-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [GoogleChromeAutoLaunch_B7C06C68F464209BF2BA4F21CB7E80AF] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [3219744 2023-09-04] (Google LLC -> Google LLC)
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.182\Installer\chrmstp.exe [2023-09-11] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.62\Installer\chrmstp.exe [2023-09-07] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\0cf74124-0500-41ba-ae74-f3c5f4f9d665.tmp [2023-09-11] () <==== ATTENTION [zero byte? (Error=32)]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\AMDLinkDriverUpdate.xml [2023-09-11] () [File not signed]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db [2023-09-11] () [File not signed] [File is in use]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-shm [2023-09-11] () [File not signed] [File is in use]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-wal [2023-09-11] () [File not signed] [File is in use]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db.ses [2023-09-11] () [File not signed]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\InstallManagerApp [2023-09-11]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-10288.log [2023-09-11] () <==== ATTENTION [zero byte? (Error=32)]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-10544.log [2023-09-11] () <==== ATTENTION [zero byte File/Folder]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-2772.log [2023-09-11] () <==== ATTENTION [zero byte File/Folder]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\Wondershare [2023-09-11]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\~DF6635EAFAFC8EB9AB.TMP [2023-09-11] () [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14AEE567-C7D4-46E1-87F3-6AEF309B8C71} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2971808 2021-12-30] (Acer Incorporated -> )
Task: {CBB2F878-4C5E-4040-AE11-47D1DE10B336} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41632 2021-12-30] (Acer Incorporated -> )
Task: {08359467-FAD8-4199-BBC0-8611C01D4970} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4836512 2021-12-30] (Acer Incorporated -> )
Task: {B4154F09-2B8B-443A-947A-A5E6658AE410} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08-02] (Adobe Inc. -> Adobe Inc.)
Task: {F9ACCC7A-48B7-4A30-B142-48624CD5577A} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {FFDBF576-7DA0-4EE4-AEE4-D260DFAB8810} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {DDFBC36F-DF44-4D42-A7EB-5DD97BB68378} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [183736 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {9F8FD2EA-ECD0-4428-8620-CDDE4B84CCF6} - System32\Tasks\AMDScoSupportTypeUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {E529CBF2-5BB2-4F07-A010-C35078A2A572} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{5526546A-F46A-4B39-AFAE-09CD3A0BC6E0} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-26] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {BCA047EE-EB7A-4D90-9AFC-74F1E63D38AA} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{F2BA2E6B-E6CD-4C84-BEAF-27766090584E} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-26] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {B11C9E1A-1D4D-46A9-BCBB-FE37FF074470} - System32\Tasks\CareCenter\EEventManager_Reg_HKLMWow6432Run => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
Task: {B7B1CE44-A267-4F96-89F4-A99C9BDF9309} - System32\Tasks\CareCenter\EPPCCMON_Reg_HKLMRun => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {92E49C4D-3FD1-4E1F-8658-40AFD59E9108} - System32\Tasks\CareCenter\FxSound.lnk_FolderCommonAppdata => C:\Program Files\FxSound LLC\FxSound\FxSound.exe [4663080 2022-05-30] (FxSound, LLC -> FxSound LLC)
Task: {702A7B7A-80AF-47BA-B5BB-7C180C3C8D91} - System32\Tasks\CareCenter\HDD Regenerator_Reg_HKLMWow6432Run => C:\Program Files (x86)\HDD Regenerator\Shell.exe [89896 2012-11-18] (Abstradrome -> )
Task: {85DB902C-4B78-44CB-948A-C527F482521F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\10.2.0\Scheduler.exe [157784 2022-12-26] (IObit CO., LTD -> IObit)
Task: {248DB6EE-D58E-4198-B0B2-1D5D0785792A} - System32\Tasks\Driver Booster SkipUAC (Kaique-Vidal) => C:\Program Files (x86)\IObit\Driver Booster\10.2.0\DriverBooster.exe [9010648 2023-01-09] (IObit CO., LTD -> IObit)
Task: {949E58BA-2404-45CD-8B8F-66A18791D2B8} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.2.0\AutoUpdate.exe [2516968 2022-12-26] (IObit CO., LTD -> IObit)
Task: {E4F83E8B-8A31-45CB-84F4-7E9CA2BD5501} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Kaique-Vidal\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-09-11] (ESET, spol. s r.o. -> ESET)
Task: {6379B918-0028-4340-9A0C-1903C939B91E} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Kaique-Vidal\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-09-11] (ESET, spol. s r.o. -> ESET)
Task: {158EFBA6-94F7-4E98-B4E9-B7298E80EAEF} - System32\Tasks\EPSON L3210 Series Update {27E9C58B-921E-426E-BDF1-F17CF6910AEC} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSYXE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {563D16DF-5EFE-455C-935B-62C4A9120C16} - System32\Tasks\FxSound\Update => C:\Program -> Files\FxSound LLC\FxSound\updater.exe /silent
Task: {3003A339-9983-4759-8C29-9157915A5469} - System32\Tasks\GoogleUpdateTaskMachineCore{620D4915-015F-4E96-A133-34F4C9E04919} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-23] (Google LLC -> Google LLC)
Task: {48821058-85FB-41C6-BB52-97F4F7E56D80} - System32\Tasks\GoogleUpdateTaskMachineUA{DC447CF9-B338-41E0-8307-81E43C0190AC} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-23] (Google LLC -> Google LLC)
Task: {E97F6AD3-983F-427A-A89F-244B36417B09} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1323333070-3634341992-397913038-1001 => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\MEGAupdater.exe [2531504 2023-08-07] (Mega Limited -> )
Task: {1FEC71A1-76D5-40F2-8784-26D67B434161} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913464 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D1571931-E312-441C-B59F-DEDF36E5D0C6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913464 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C60FF0F-F0E9-4072-BE9C-5A69EE8FF6D6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-09-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {92DCB853-FDE2-4786-9CE4-5B2FE58C1F72} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-09-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {7C7B57EA-F01B-419C-8EAB-3CF389E94B87} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {4A9B48DC-1623-4063-A701-97D910E53DDE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {8CB6BDE7-EB78-4894-861A-2BDD2979FCA4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {43BE4C09-A64E-412F-8B0C-189479A74B49} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {87AF7960-F172-4474-86A6-B442819A7321} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B61512FF-9811-4B29-9F3A-0079792804E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {917CF0C7-48ED-499B-926F-234293ABE883} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {046CFE8D-3943-42C1-9898-BA409DFC53BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {23C54CBE-10F3-4B78-B316-82B583A70653} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {EEF96447-6BEE-485F-9A93-932D6F88AFAC} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [3252640 2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {20B1BC03-3A11-4ED6-9063-21F3EA466028} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1323333070-3634341992-397913038-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {814B0261-54FE-4ED1-8C30-3A727DB84671} - System32\Tasks\Opera scheduled assistant Autoupdate 1679583569 => C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\launcher.exe [2730912 2023-08-09] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {CFE31B6A-682E-4321-8F60-E4954BA7B1B7} - System32\Tasks\Opera scheduled Autoupdate 1679583566 => C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\launcher.exe [2730912 2023-08-09] (Opera Norway AS -> Opera Software)
Task: {1DF39849-D948-4F61-921A-75A3099ACCEF} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-1323333070-3634341992-397913038-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {112A3C1E-8DC4-4520-BDCC-BB19F73333E4} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2021-12-30] (Acer Incorporated -> Acer Incorporated)
Task: {A68929FF-6C45-41E1-ACE6-0BFA575CE588} - System32\Tasks\StartAUEP => C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe [728504 2023-08-14] (Advanced Micro Devices Inc. -> AMD)
Task: {14600229-3CC7-4F01-9A88-769AB0B513B8} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60344 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {57D0385B-482B-4D8F-AB61-F02EBE62905D} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60344 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {91CF1EAD-4906-44FF-B35B-AF4129C82DC1} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [324024 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {FE3D7372-BFA6-446B-9694-D591C9DF5614} - System32\Tasks\ViGEmBus_Updater => C:\Program Files\Nefarius Software Solutions\ViGEm Bus Driver\ViGEmBus_Updater.exe [1117096 2022-09-27] (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.)
Task: {C39F5997-F842-41E9-B7B5-A3B12CC6FA40} - System32\Tasks\VivaldiUpdateCheck-8d8866b1bc2aec07 => C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\update_notifier.exe [3845520 2023-09-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON L3210 Series Update {27E9C58B-921E-426E-BDF1-F17CF6910AEC}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSYXE.EXE:/EXE:{27E9C58B-921E-426E-BDF1-F17CF6910AEC} /F:UpdateWORKGROUP\DESKTOP-RTLM44P$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 186.232.56.22 186.232.56.26
Tcpip\..\Interfaces\{5a704275-a447-4078-a27b-3d9bcb78c2dc}: [DhcpNameServer] 186.232.56.22 186.232.56.26

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Kaique-Vidal\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-10]
Edge Extension: (Documentos Google off-line) - C:\Users\Kaique-Vidal\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-08]
Edge Extension: (Edge relevant text changes) - C:\Users\Kaique-Vidal\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-08]
Edge Extension: (IDM Integration Module) - C:\Users\Kaique-Vidal\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2022-12-24]
Edge HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2022-12-03]

FireFox:
========
FF HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Kaique-Vidal\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Kaique-Vidal\AppData\Roaming\IDM\idmmzcc5 [2023-01-25] [Legacy] [not signed]
FF HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-08-19] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default [2023-09-11]
CHR Extension: (Voltar Dislikes do YouTube) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2023-08-09]
CHR Extension: (Documentos Google off-line) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-29]
CHR Extension: (Volume Master - controlador de volume) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghecgabfgfdldnmbfkhmffcabddioke [2023-03-06]
CHR Extension: (Morpheon Dark) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2022-12-23]
CHR Extension: (IDM Integration Module) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2023-07-26]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-12-23]
CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2023-09-11]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2022-12-03]
CHR HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2022-12-03]

Opera:
=======
OPR Profile: C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable [2023-09-11]
OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={searchTerms}&sourceid=opera&ie={inputEncoding}&oe={outputEncoding}
OPR DefaultSearchKeyword: Opera Stable -> g
OPR Extension: (Rich Hints Agent) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-07]
OPR Extension: (Opera Wallet) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-08-31]
OPR Extension: (Aria) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-08-31]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2023-03-23]
OPR Extension: (Cashback Assistant) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\ompjkhnkeoicimmaehlcmgmpghobbjoj [2023-09-09]
OPR Extension: (opera-intro) - C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\101.0.4843.33\resources\opera_intro_extension [2023-08-08]
StartMenuInternet: (HKU\S-1-5-21-1323333070-3634341992-397913038-1001) OperaStable - "C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\Launcher.exe"

Brave:
=======
BRA Profile: C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-09-10]
BRA DownloadDir: D:\
BRA DefaultSearchKeyword: Default -> :g
BRA Extension: (Retruco Eliminate Anti AdBlock) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gpkdlgnngkiiphplplodblijekhnjjob [2023-08-09]
BRA Extension: (Volume Master - controlador de volume) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jghecgabfgfdldnmbfkhmffcabddioke [2023-04-10]
BRA Extension: (Adblock for Twitch) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\mdomkpjejpboocpojfikalapgholajdc [2023-08-05]
BRA Extension: (IDM Integration Module) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2023-07-28]
BRA Extension: (Brave Ad Block Updater (Exception-exceptions (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2023-09-09]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-09-09]
BRA Extension: (Brave NTP background images) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2023-08-18]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2023-09-09]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\bpndlkddhgpmjengabcakadpcabgflca [2023-09-10]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-09-06]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2023-09-09]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2023-08-09]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-08-23]
BRA Extension: (Brave Ad Block Updater (Default (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-09-09]
BRA Extension: (Brave Ad Block Updater (Adguard Spanish/Portuguese (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\meimhmgfbckapkbbbdaoefgnbppmkodp [2023-09-09]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2023-09-09]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-09-06]

Vivaldi:
=======
VIV Profile: C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default [2023-08-08]
VIV Extension: (Torrent Scanner) - C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-03-20]
VIV Extension: (McAfee® WebAdvisor) - C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-07-31]
VIV Extension: (Online Security) - C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok [2023-07-31]
VIV Extension: (IDM Integration Module) - C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2023-07-31]
StartMenuInternet: (HKU\S-1-5-21-1323333070-3634341992-397913038-1001) Vivaldi.G2ZQPJ63ESHF3FEJIOOMKYJKFE - "C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\vivaldi.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [259232 2021-12-30] (Acer Incorporated -> Acer Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-08-02] (Adobe Inc. -> Adobe Inc.)
S2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe [527800 2023-08-14] (Advanced Micro Devices Inc. -> AMD)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-26] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-26] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.62\brave_vpn_helper.exe [3171864 2023-09-05] (Brave Software, Inc. -> Brave Software, Inc.)
S3 BraveVpnWireguardService; C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.62\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [2183192 2023-09-05] (Brave Software, Inc. -> Brave Software, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817440 2023-08-19] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [206304 2021-06-21] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\FileSyncHelper.exe [2556320 2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
R2 FortectDaemon; C:\Program Files\Fortect\bin\MainDaemon.exe [4670424 2023-08-17] (Fortect LTD -> Fortect Ltd.)
R2 FortectService; C:\Program Files\Fortect\MainService.exe [5171672 2023-08-17] (Fortect LTD -> Fortect LTD.)
R2 hddrsrv; C:\Program Files (x86)\HDD Regenerator\hrsrv.exe [81704 2012-11-18] (Abstradrome -> )
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [11767208 2023-09-06] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) [File not signed]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [874384 2023-09-07] (McAfee, LLC -> McAfee, LLC)
R2 NativePushService; C:\Users\Kaique-Vidal\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [755600 2022-09-17] (Wondershare Technology Group Co.,Ltd -> Wondershare)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\OneDriveUpdaterService.exe [2936224 2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402200 2023-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182328 2023-07-10] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ComboCleaner.Guard; D:\ComboCleaner.Guard.exe [X]
S2 ComboCleaner.WinService; D:\ComboCleaner.WinService.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [36800 2023-07-10] (Acer Incorporated -> Acer Incorporated)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [25584 2023-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R2 AMDRyzenMasterDriverV19; C:\Windows\system32\AMDRyzenMasterDriver.sys [48328 2023-08-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S2 AMDRyzenMasterDriverV20; C:\Windows\system32\AMDRyzenMasterDriver.sys [48328 2023-08-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_54807f69fe156f14\amdsafd.sys [113088 2023-04-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepositoryΕ045.inf_amd64_cb9a543331727801\B394905\amdkmdag.sys [99745312 2023-08-19] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [61888 2023-05-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
R3 FXVAD; C:\WINDOWS\system32\drivers\fxvad.sys [326656 2022-05-30] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [176008 2021-09-30] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)
S3 mpszfilt; C:\WINDOWS\System32\DRIVERS\mpszfilt.sys [20632 2021-12-02] (AlcorMicro, Corp. -> Generic)
R0 mrcbt; C:\WINDOWS\System32\drivers\mrcbt.sys [118528 2023-09-06] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R0 mrigflt; C:\WINDOWS\System32\drivers\mrigflt.sys [75160 2023-09-06] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R3 MTKBTFilterX64; C:\WINDOWS\system32\DRIVERS\mtkbtfilterx.sys [276424 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 mtkwlex; C:\WINDOWS\System32\drivers\mtkwl6ex.sys [1617920 2023-01-17] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43368 2023-07-10] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [615840 2021-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [249400 2022-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
S3 RTCore64; \??\D:\MSI Afterburner\RTCore64.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-11 20:41 - 2023-09-11 20:41 - 000040898 _____ C:\Users\Kaique-Vidal\Documents\FRST.txt
2023-09-11 20:30 - 2023-09-11 20:30 - 000000336 _____ C:\Users\Kaique-Vidal\Documents\ESETScan.txt
2023-09-11 13:13 - 2023-09-11 13:13 - 000003874 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2023-09-11 13:13 - 2023-09-11 13:13 - 000003432 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2023-09-11 12:37 - 2023-09-11 16:34 - 000001385 _____ C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-09-11 12:37 - 2023-09-11 12:37 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\ESET
2023-09-11 12:33 - 2023-09-11 12:33 - 000768332 _____ C:\WINDOWS\system32\prfh0416.dat
2023-09-11 12:33 - 2023-09-11 12:33 - 000154460 _____ C:\WINDOWS\system32\prfc0416.dat
2023-09-11 12:26 - 2023-09-11 20:40 - 000003120 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2023-09-11 12:26 - 2023-09-11 20:40 - 000003112 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2023-09-11 10:59 - 2023-09-11 20:31 - 000000000 ____D C:\Users\Kaique-Vidal\Documents\FRST-OlderVersion
2023-09-11 10:31 - 2023-09-11 10:31 - 000000000 ____D C:\Users\Kaique-Vidal\Desktop\FRST-OlderVersion
2023-09-11 08:03 - 2023-09-11 08:14 - 000005028 _____ C:\Users\Kaique-Vidal\Desktop\Rkill.txt
2023-09-10 00:27 - 2023-09-10 00:27 - 000001986 _____ C:\WINDOWS\system32\.crusader
2023-09-10 00:22 - 2023-09-10 00:27 - 000000000 ____D C:\ProgramData\HitmanPro
2023-09-09 22:15 - 2023-09-09 22:15 - 000000000 ____D C:\Users\Kaique-Vidal\Downloads\Kaspersky_Total_Security
2023-09-09 21:52 - 2023-09-09 21:53 - 063565774 _____ C:\Users\Kaique-Vidal\Downloads\Kaspersky_Total_Security.rar
2023-09-09 20:14 - 2023-09-11 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fortect
2023-09-09 20:14 - 2023-09-11 14:41 - 000000000 ____D C:\Program Files\Fortect
2023-09-09 20:14 - 2023-09-11 08:02 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Fortect
2023-09-09 20:14 - 2023-09-11 07:48 - 000000000 ____D C:\ProgramData\Fortect
2023-09-09 19:04 - 2023-09-09 19:04 - 000007640 _____ C:\Users\Kaique-Vidal\AppData\Local\Resmon.ResmonCfg
2023-09-09 16:07 - 2023-09-09 16:07 - 002969821 _____ C:\Users\Kaique-Vidal\Desktop\Autoruns.zip
2023-09-09 13:14 - 2023-09-11 10:27 - 000000000 ____D C:\Users\Kaique-Vidal\Desktop\w11
2023-09-09 12:42 - 2023-09-09 12:42 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome
2023-09-08 08:12 - 2023-09-11 20:41 - 000000000 ____D C:\FRST
2023-09-08 08:12 - 2023-09-11 20:31 - 002382848 _____ (Farbar) C:\Users\Kaique-Vidal\Documents\EnglishFRST64.exe
2023-09-08 06:33 - 2023-09-08 06:33 - 000000000 ____D C:\WINDOWS\pss
2023-09-08 06:10 - 2023-09-08 07:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\RCS_LT
2023-09-08 06:10 - 2023-09-08 06:10 - 000000525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Combo Cleaner.lnk
2023-09-08 05:17 - 2023-09-08 05:17 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-09-08 05:15 - 2023-09-08 05:15 - 000000020 ___SH C:\Users\Kaique-Vidal\ntuser.ini
2023-09-08 05:14 - 2023-09-11 20:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-09-08 05:14 - 2023-09-11 07:56 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-09-08 05:14 - 2023-09-08 05:14 - 000004302 ____N C:\WINDOWS\system32\Tasks\Software Update Application
2023-09-08 05:14 - 2023-09-08 05:14 - 000003852 ____N C:\WINDOWS\system32\Tasks\ACCAgent
2023-09-08 05:14 - 2023-09-08 05:14 - 000003822 ____N C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1679583569
2023-09-08 05:14 - 2023-09-08 05:14 - 000003616 ____N C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{F2BA2E6B-E6CD-4C84-BEAF-27766090584E}
2023-09-08 05:14 - 2023-09-08 05:14 - 000003602 ____N C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-09-08 05:14 - 2023-09-08 05:14 - 000003602 ____N C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{DC447CF9-B338-41E0-8307-81E43C0190AC}
2023-09-08 05:14 - 2023-09-08 05:14 - 000003560 ____N C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1679583566
2023-09-08 05:14 - 2023-09-08 05:14 - 000003500 ____N C:\WINDOWS\system32\Tasks\EPSON L3210 Series Update {27E9C58B-921E-426E-BDF1-F17CF6910AEC}
2023-09-08 05:14 - 2023-09-08 05:14 - 000003392 ____N C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{5526546A-F46A-4B39-AFAE-09CD3A0BC6E0}
2023-09-08 05:14 - 2023-09-08 05:14 - 000003378 ____N C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-09-08 05:14 - 2023-09-08 05:14 - 000003378 ____N C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{620D4915-015F-4E96-A133-34F4C9E04919}
2023-09-08 05:14 - 2023-09-08 05:14 - 000003274 ____N C:\WINDOWS\system32\Tasks\Optimize Push Notification Data File-S-1-5-21-1323333070-3634341992-397913038-1001
2023-09-08 05:14 - 2023-09-08 05:14 - 000003062 ____N C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1323333070-3634341992-397913038-1001
2023-09-08 05:14 - 2023-09-08 05:14 - 000003006 ____N C:\WINDOWS\system32\Tasks\VivaldiUpdateCheck-8d8866b1bc2aec07
2023-09-08 05:14 - 2023-09-08 05:14 - 000002958 ____N C:\WINDOWS\system32\Tasks\ViGEmBus_Updater
2023-09-08 05:14 - 2023-09-08 05:14 - 000002778 ____N C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Kaique-Vidal)
2023-09-08 05:14 - 2023-09-08 05:14 - 000002730 ____N C:\WINDOWS\system32\Tasks\ACC
2023-09-08 05:14 - 2023-09-08 05:14 - 000002728 ____N C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-09-08 05:14 - 2023-09-08 05:14 - 000002706 ____N C:\WINDOWS\system32\Tasks\AMDScoSupportTypeUpdate
2023-09-08 05:14 - 2023-09-08 05:14 - 000002672 ____N C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2023-09-08 05:14 - 2023-09-08 05:14 - 000002586 ____N C:\WINDOWS\system32\Tasks\Driver Booster Scheduler
2023-09-08 05:14 - 2023-09-08 05:14 - 000002572 ____N C:\WINDOWS\system32\Tasks\Driver Booster Update
2023-09-08 05:14 - 2023-09-08 05:14 - 000002504 ____N C:\WINDOWS\system32\Tasks\StartAUEP
2023-09-08 05:14 - 2023-09-08 05:14 - 000002402 ____N C:\WINDOWS\system32\Tasks\AMDRyzenMasterSDKTask
2023-09-08 05:14 - 2023-09-08 05:14 - 000002372 ____N C:\WINDOWS\system32\Tasks\StartCNBM
2023-09-08 05:14 - 2023-09-08 05:14 - 000002328 ____N C:\WINDOWS\system32\Tasks\ACCBackgroundApplication
2023-09-08 05:14 - 2023-09-08 05:14 - 000002194 ____N C:\WINDOWS\system32\Tasks\StartCN
2023-09-08 05:14 - 2023-09-08 05:14 - 000002114 ____N C:\WINDOWS\system32\Tasks\StartDVR
2023-09-08 05:14 - 2023-09-08 05:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\MEGA
2023-09-08 05:14 - 2023-09-08 05:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\FxSound
2023-09-08 05:14 - 2023-09-08 05:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\CareCenter
2023-09-08 05:13 - 2023-09-08 05:14 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2023-09-08 05:13 - 2023-09-08 05:14 - 000011433 _____ C:\WINDOWS\diagerr.xml
2023-09-08 05:11 - 2023-09-11 12:33 - 001773032 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-09-08 05:10 - 2023-09-08 05:10 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2023-09-08 05:09 - 2023-09-11 20:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-09-08 05:09 - 2023-09-10 00:27 - 000472024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-09-08 05:09 - 2023-09-08 05:09 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2023-09-08 05:08 - 2023-09-08 05:14 - 000000000 ____D C:\Windows.old
2023-09-08 04:43 - 2023-09-08 05:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Crypto
2023-09-08 04:43 - 2023-09-08 04:43 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\SystemCertificates
2023-09-08 04:43 - 2023-09-08 04:43 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Network
2023-09-08 04:36 - 2023-09-08 05:08 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2023-09-08 04:35 - 2023-09-08 05:17 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows
2023-09-08 04:35 - 2023-09-08 05:15 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Spelling
2023-09-08 04:35 - 2023-09-08 05:15 - 000000000 ____D C:\Users\Kaique-Vidal
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Modelos
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Meus Documentos
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Menu Iniciar
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Documents\Minhas Músicas
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Documents\Minhas Imagens
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Documents\Meus Vídeos
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Dados de Aplicativos
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Configurações Locais
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\AppData\Local\Histórico
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\AppData\Local\Dados de Aplicativos
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Ambiente de Rede
2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Ambiente de Impressão
2023-09-08 04:34 - 2023-09-08 05:08 - 000000000 ____D C:\WINDOWS\system32\AMD
2023-09-08 04:34 - 2023-09-08 04:34 - 000000000 ____D C:\WINDOWS\system32\Samsung
2023-09-08 04:34 - 2023-09-08 04:34 - 000000000 ____D C:\WINDOWS\Firmware
2023-09-08 01:21 - 2023-09-08 04:36 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-09-08 01:19 - 2023-09-08 01:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\mde
2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\Program Files\Reference Assemblies
2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\Program Files\MSBuild
2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-09-08 00:57 - 2023-09-08 00:57 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2023-09-08 00:57 - 2023-09-08 00:57 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-09-08 00:57 - 2023-09-08 00:57 - 000000000 ____D C:\WINDOWS\addins
2023-09-08 00:31 - 2023-09-08 00:31 - 000008192 ____N C:\WINDOWS\system32\config\userdiff
2023-09-07 23:30 - 2023-09-10 00:27 - 000000000 ___DC C:\WINDOWS\Panther
2023-09-06 14:53 - 2023-09-06 14:54 - 000000000 ____D C:\Users\Kaique-Vidal\Documents\Reflect
2023-09-06 14:21 - 2023-09-08 04:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2023-09-06 14:21 - 2023-09-06 14:21 - 000001527 _____ C:\Users\Public\Desktop\Macrium Reflect.lnk
2023-09-06 14:21 - 2023-09-06 14:21 - 000000000 ____D C:\Program Files\Macrium
2023-09-06 13:50 - 2023-09-06 16:59 - 000000000 ____D C:\ProgramData\Macrium
2023-09-03 01:09 - 2023-09-03 01:09 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\LocalLow\AMD
2023-09-03 01:05 - 2023-09-08 05:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2023-09-03 01:04 - 2023-09-08 05:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Software꞉ Adrenalin Edition
2023-08-25 10:43 - 2023-08-19 03:11 - 000832952 ____N C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2023-08-25 10:43 - 2023-08-19 03:11 - 000832952 ____N C:\WINDOWS\system32\vulkaninfo.exe
2023-08-25 10:43 - 2023-08-19 03:11 - 000721336 ____N C:\WINDOWS\system32\hiprt0200064.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000715296 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-08-25 10:43 - 2023-08-19 03:11 - 000715296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2023-08-25 10:43 - 2023-08-19 03:11 - 000668696 ____N C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000668696 ____N C:\WINDOWS\system32\vulkan-1.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000653240 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000653240 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000539168 ____N C:\WINDOWS\system32\libsmi_guest.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000532000 ____N C:\WINDOWS\system32\libsmi_host.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000197152 ____N C:\WINDOWS\system32\mantle64.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000176160 ____N C:\WINDOWS\system32\mantleaxl64.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000153632 _____ C:\WINDOWS\SysWOW64\mantle32.dll
2023-08-25 10:43 - 2023-08-19 03:11 - 000137760 _____ C:\WINDOWS\SysWOW64\mantleaxl32.dll
2023-08-25 10:43 - 2023-08-19 03:10 - 011746816 ____N C:\WINDOWS\system32\amdsmi.exe
2023-08-25 10:43 - 2023-08-19 03:10 - 002176440 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdsasrv64.dll
2023-08-25 10:43 - 2023-08-19 03:10 - 001305120 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdsacli64.dll
2023-08-25 10:43 - 2023-08-19 03:10 - 001029664 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdsacli32.dll
2023-08-25 10:43 - 2023-08-19 03:09 - 004375584 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdadlx64.dll
2023-08-25 10:43 - 2023-08-19 03:09 - 004180000 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdadlx32.dll
2023-08-25 10:43 - 2023-08-19 02:18 - 103988216 ____N C:\WINDOWS\system32\amdxc64.so
2023-08-25 10:43 - 2023-08-19 02:18 - 031938072 ____N C:\WINDOWS\system32\hiprt02000_amd.hipfb
2023-08-25 10:43 - 2023-08-19 02:18 - 023302232 ____N C:\WINDOWS\system32\hiprt02000_nv.fatbin
2023-08-25 10:43 - 2023-08-19 02:18 - 002433848 ____N C:\WINDOWS\system32\oro_compiled_kernels.hipfb
2023-08-25 10:43 - 2023-08-19 02:18 - 002000584 ____N C:\WINDOWS\system32\oro_compiled_kernels.fatbin
2023-08-25 10:43 - 2023-08-19 02:18 - 000154384 ____N C:\WINDOWS\system32\samu_krnl_ci.sbin
2023-08-25 10:43 - 2023-08-19 02:18 - 000138832 ____N C:\WINDOWS\system32\samu_krnl_isv_ci.sbin
2023-08-25 10:43 - 2023-08-19 02:18 - 000121168 ____N C:\WINDOWS\system32\kapp_si.sbin
2023-08-25 10:43 - 2023-05-24 08:42 - 000061888 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdxe.sys
2023-08-19 00:44 - 2023-08-19 00:44 - 000007300 _____ C:\Users\Kaique-Vidal\Downloads\Windows_Security_Service.reg
2023-08-19 00:01 - 2023-08-19 00:01 - 001048576 ____N C:\WINDOWS\system32\defltbase.sdb
2023-08-19 00:01 - 2023-08-19 00:01 - 000016384 ____N C:\WINDOWS\system32\defltbase.jfm
2023-08-19 00:01 - 2023-08-19 00:01 - 000000008 __RSH C:\ProgramData\ntuser.pol
2023-08-18 23:52 - 2023-08-18 23:52 - 000000000 ____D C:\Users\Kaique-Vidal\Downloads\Ghost Gamer
2023-08-18 23:51 - 2023-08-18 23:51 - 000000448 _____ C:\Users\Kaique-Vidal\Downloads\Ghost Gamer.rar
2023-08-18 18:49 - 2023-09-09 16:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2023-08-18 18:49 - 2023-08-18 18:52 - 000420694 _____ C:\WINDOWS\ntbtlog.txt
2023-08-14 22:35 - 2023-08-14 22:35 - 000856504 ____N (Advanced Micro Devices) C:\WINDOWS\system32\Device.dll
2023-08-14 22:35 - 2023-08-14 22:35 - 000061368 ____N (Advanced Micro Devices) C:\WINDOWS\system32\Platform.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-11 20:40 - 2022-12-23 20:07 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-11 20:40 - 2022-12-23 16:58 - 000012288 ___SH C:\DumpStack.log.tmp
2023-09-11 20:40 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-09-11 20:39 - 2023-02-17 13:11 - 000000000 ____D C:\ProgramData\TEMP
2023-09-11 20:39 - 2023-01-25 12:31 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\DMCache
2023-09-11 20:39 - 2022-05-07 02:17 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2023-09-11 18:16 - 2022-12-23 20:08 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-11 18:16 - 2022-12-23 20:08 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-09-11 15:17 - 2023-01-24 14:27 - 000003446 _____ C:\WINDOWS\SysWOW64\pubfreeware.ini
2023-09-11 15:10 - 2023-01-02 14:38 - 000000000 ____D C:\Users\Kaique-Vidal\Downloads\Licença Driver Booster - Ghost Tech
2023-09-11 14:32 - 2022-05-07 02:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-11 14:32 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-09-11 14:32 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-11 13:01 - 2022-12-23 17:08 - 000000000 ____D C:\ProgramData\Packages
2023-09-11 12:55 - 2023-02-01 18:46 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\utorrent
2023-09-11 12:55 - 2023-01-26 22:34 - 000000000 ___RD C:\Users\Kaique-Vidal\Documents\MEGAsync
2023-09-11 12:33 - 2022-05-07 02:22 - 000000000 ____D C:\WINDOWS\INF
2023-09-11 12:26 - 2022-12-23 17:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\ConnectedDevicesPlatform
2023-09-11 10:30 - 2023-05-31 15:45 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\Wondershare
2023-09-11 08:11 - 2022-12-23 17:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\Packages
2023-09-11 07:48 - 2022-12-26 12:27 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-09-09 23:32 - 2022-05-07 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2023-09-09 23:32 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2023-09-09 21:48 - 2023-01-25 12:31 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\IDM
2023-09-09 20:16 - 2022-12-23 20:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\D3DSCache
2023-09-09 19:18 - 2023-04-22 18:57 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Zoom
2023-09-09 12:49 - 2022-12-23 23:38 - 000000000 ____D C:\Program Files\WinRAR
2023-09-08 12:33 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-09-08 10:49 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-09-08 06:10 - 2022-12-23 19:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-09-08 05:33 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-09-08 05:32 - 2022-05-07 02:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-09-08 05:31 - 2022-05-07 02:17 - 000000000 ____D C:\WINDOWS\servicing
2023-09-08 05:31 - 2022-05-07 02:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-09-08 05:22 - 2022-12-23 20:57 - 000000000 ____D C:\AMD
2023-09-08 05:20 - 2022-12-23 20:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\AMD
2023-09-08 05:17 - 2023-03-07 12:32 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\FxSound
2023-09-08 05:15 - 2022-12-23 17:08 - 000002348 _____ C:\Users\Kaique-Vidal\Desktop\Microsoft Edge.lnk
2023-09-08 05:15 - 2022-12-23 17:08 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-09-08 05:15 - 2022-05-07 02:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-09-08 05:15 - 2022-05-07 02:17 - 000032768 ____N C:\WINDOWS\system32\config\ELAM
2023-09-08 05:14 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-09-08 05:14 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Windows NT
2023-09-08 05:14 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-09-08 05:11 - 2023-01-16 19:59 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-09-08 05:11 - 2022-12-26 17:24 - 000002362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-09-08 05:11 - 2022-12-26 17:24 - 000002321 _____ C:\Users\Public\Desktop\Brave.lnk
2023-09-08 05:11 - 2022-12-23 16:58 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-08 05:10 - 2022-05-07 02:24 - 000000000 __RHD C:\Users\Public\Libraries
2023-09-08 05:10 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-09-08 05:09 - 2022-05-07 02:24 - 000028672 ____N C:\WINDOWS\system32\config\BCD-Template
2023-09-08 05:08 - 2023-08-03 18:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo WinToHDD
2023-09-08 05:08 - 2023-07-29 19:06 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-09-08 05:08 - 2023-06-20 09:57 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2023-09-08 05:08 - 2023-06-10 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One Piece Burning Blood
2023-09-08 05:08 - 2023-05-17 13:07 - 000000000 ____D C:\WINDOWS\oem
2023-09-08 05:08 - 2023-03-07 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSound
2023-09-08 05:08 - 2023-02-17 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Regenerator
2023-09-08 05:08 - 2023-02-02 15:55 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2023-09-08 05:08 - 2023-01-28 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare 3
2023-09-08 05:08 - 2023-01-28 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mafia - Definitve Edition
2023-09-08 05:08 - 2023-01-28 19:19 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2023-09-08 05:08 - 2023-01-28 18:50 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2023-09-08 05:08 - 2023-01-27 11:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader
2023-09-08 05:08 - 2023-01-27 02:44 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2023-09-08 05:08 - 2023-01-25 12:31 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2023-09-08 05:08 - 2023-01-25 12:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2023-09-08 05:08 - 2023-01-24 13:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2023-09-08 05:08 - 2023-01-17 15:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2023-09-08 05:08 - 2023-01-17 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office
2023-09-08 05:08 - 2023-01-16 00:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2023-09-08 05:08 - 2023-01-02 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 10
2023-09-08 05:08 - 2022-12-27 16:02 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CapCut
2023-09-08 05:08 - 2022-12-27 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2023-09-08 05:08 - 2022-12-25 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2023-09-08 05:08 - 2022-12-24 01:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2023-09-08 05:08 - 2022-12-23 23:38 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-09-08 05:08 - 2022-12-23 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-09-08 05:08 - 2022-12-23 20:00 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
2023-09-08 05:08 - 2022-12-23 19:26 - 000000000 ____D C:\Program Files\Intel
2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\spool
2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-09-08 05:08 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-09-08 05:08 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-09-08 04:57 - 2022-05-07 02:28 - 000000000 ____D C:\WINDOWS\Setup
2023-09-08 04:36 - 2023-06-20 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2023-09-08 04:36 - 2023-02-03 00:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2023-09-08 04:36 - 2023-01-29 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2023-09-08 04:36 - 2023-01-28 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2023-09-08 04:36 - 2023-01-28 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2023-09-08 04:36 - 2023-01-16 00:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2023-09-08 04:36 - 2023-01-09 22:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer
2023-09-08 04:36 - 2023-01-09 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo dos Renegados
2023-09-08 04:36 - 2022-12-24 10:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2023-09-08 04:36 - 2022-12-23 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2023-09-08 04:35 - 2023-05-31 15:48 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wondershare
2023-09-08 04:35 - 2023-02-02 23:53 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2023-09-08 04:35 - 2023-01-29 18:34 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
2023-09-08 04:35 - 2022-05-07 02:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2023-09-08 01:19 - 2022-05-07 07:41 - 000000000 ____D C:\WINDOWS\system32\AppV
2023-09-08 01:19 - 2022-05-07 07:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\WUModels
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\UUS
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\UNP
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\id-ID
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Common Files\System
2023-09-08 01:16 - 2022-05-07 07:41 - 000036864 ____N (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-09-08 01:16 - 2022-05-07 07:41 - 000023775 ____N C:\WINDOWS\system32\OEMDefaultAssociations.xml
2023-09-08 01:16 - 2022-05-07 02:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-09-08 01:16 - 2022-05-07 02:24 - 000249856 ____N (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-09-08 01:00 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2023-09-08 01:00 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2023-09-08 00:58 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\OCR
2023-09-08 00:55 - 2022-05-07 07:41 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-09-08 00:55 - 2022-05-07 07:41 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\system32\winrm
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\system32\WCN
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\system32\slmgr
2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\F12
2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\dsc
2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\DiagSvcs
2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-09-06 17:26 - 2023-01-17 21:49 - 000002418 _____ C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2023-09-06 17:26 - 2023-01-17 21:49 - 000002381 _____ C:\Users\Kaique-Vidal\Desktop\Vivaldi.lnk
2023-09-06 17:26 - 2023-01-17 21:49 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\Vivaldi
2023-09-06 13:59 - 2023-01-02 14:14 - 000684984 _____ (Mozilla Foundation) C:\Users\Kaique-Vidal\AppData\LocalLow\freebl3.dll
2023-09-06 13:59 - 2023-01-02 14:14 - 000627128 _____ (Mozilla Foundation) C:\Users\Kaique-Vidal\AppData\LocalLow\mozglue.dll
2023-09-06 13:59 - 2023-01-02 14:14 - 000449280 _____ (Microsoft Corporation) C:\Users\Kaique-Vidal\AppData\LocalLow\msvcp140.dll
2023-09-06 13:59 - 2023-01-02 14:14 - 000254392 _____ (Mozilla Foundation) C:\Users\Kaique-Vidal\AppData\LocalLow\softokn3.dll
2023-09-06 13:59 - 2023-01-02 14:14 - 000080128 _____ (Microsoft Corporation) C:\Users\Kaique-Vidal\AppData\LocalLow\vcruntime140.dll
2023-09-06 12:07 - 2023-01-17 15:10 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-05 12:48 - 2022-12-24 00:53 - 000000000 ____D C:\Users\Kaique-Vidal\Downloads\Video
2023-09-04 22:43 - 2022-12-24 09:42 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\BitTorrentHelper
2023-09-04 21:21 - 2022-12-23 22:25 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\vlc
2023-09-03 17:34 - 2023-01-17 15:14 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Word
2023-09-03 01:06 - 2022-12-23 20:08 - 000000000 ____D C:\Program Files\AMD
2023-08-31 20:48 - 2022-12-23 16:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-08-29 21:15 - 2023-01-16 00:37 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\ElevatedDiagnostics
2023-08-25 10:40 - 2022-12-23 21:54 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\AMD_Common
2023-08-23 00:05 - 2023-01-16 00:29 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-08-23 00:05 - 2023-01-16 00:29 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-08-20 23:41 - 2022-12-27 20:43 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\DS4Windows
2023-08-19 00:22 - 2022-12-23 20:06 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\PlaceholderTileLogoFolder
2023-08-16 13:00 - 2023-03-23 11:59 - 000001498 _____ C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2023-08-14 23:44 - 2022-12-23 21:50 - 002967232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\AMDBugReportTool.exe

==================== Files in the root of some directories ========

2023-01-02 17:25 - 2023-01-02 17:25 - 046667280 _____ (Martí Climent ) C:\Users\Kaique-Vidal\WingetUI-Updater.exe
2023-09-09 19:04 - 2023-09-09 19:04 - 000007640 _____ () C:\Users\Kaique-Vidal\AppData\Local\Resmon.ResmonCfg

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2023-01-02] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2023
Ran by Kaique (11-09-2023 20:42:04)
Running from C:\Users\Kaique-Vidal\Documents
Microsoft Windows 11 Pro Version 22H2 22621.2134 (X64) (2023-09-08 08:14:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrador (S-1-5-21-1323333070-3634341992-397913038-500 - Administrator - Disabled)
Convidado (S-1-5-21-1323333070-3634341992-397913038-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-1323333070-3634341992-397913038-503 - Limited - Disabled)
Kaique (S-1-5-21-1323333070-3634341992-397913038-1001 - Administrator - Enabled) => C:\Users\Kaique-Vidal
WDAGUtilityAccount (S-1-5-21-1323333070-3634341992-397913038-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.003.20284 - Adobe)
Adobe AIR (HKLM-x32\...\{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}) (Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601052}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.06.10.651 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.119 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.19.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.10 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 23.8.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{c63a1907-428b-458b-935e-e61aad4aac6e}) (Version: 4.06.10.651 - Advanced Micro Devices, Inc.) Hidden
Apresentações (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\5190ba10b17e2997e8fb61dfd1a6e8ae) (Version: 1.0 - Google\Chrome)
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 116.1.57.62 - Autores do Brave)
CapCut (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\CapCut) (Version: 1.3.2.166 - Bytedance Pte. Ltd.)
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3042 - Acer Incorporated)
Combo Cleaner (HKLM\...\{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.58.0 - RCS LT) Hidden
Combo Cleaner (HKLM-x32\...\InstallShield_{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.58.0 - RCS LT)
CPUID CPU-Z 2.03 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.03 - CPUID, Inc.)
CrystalDiskInfo 8.17.3 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.17.3 - Crystal Dew World)
Documentation Manager (HKLM\...\{6EEC9A89-A963-48FB-9B63-368C997963E7}) (Version: 22.190.0.4 - Intel Corporation) Hidden
Driver Booster 10 (HKLM-x32\...\Driver Booster_is1) (Version: 10.2.0 - IObit)
Epson Event Manager (HKLM-x32\...\{DBC38C08-9FB5-43A5-B6BA-EB10AC7DA570}) (Version: 3.11.0053 - Seiko Epson Corporation)
EPSON L3210 Series Printer Uninstall (HKLM\...\EPSON L3210 Series) (Version: - Seiko Epson Corporation)
Epson Photo+ (HKLM-x32\...\{5DCB4864-C363-4654-89BF-42660B841136}) (Version: 3.7.1.0 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{562C1C83-6199-49DD-987B-60D5FF7BC971}) (Version: 3.3.2.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
Epson ScanSmart (HKLM-x32\...\{948F96A1-DA95-455C-8086-A77CDC184770}) (Version: 3.6.5 - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{26A9B753-4B5D-46D8-A329-5CEF96FC22D2}) (Version: 4.6.5 - Seiko Epson Corporation)
Fortect (HKLM\...\Fortect) (Version: 6.0.0.1 - Fortect)
Fraps (HKLM-x32\...\Fraps) (Version: - )
FxSound (HKLM\...\{44F94A7A-3F02-44F3-8B53-69E22FB43E36}) (Version: 1.1.16.0 - FxSound LLC) Hidden
FxSound (HKLM\...\FxSound 1.1.16.0) (Version: 1.1.16.0 - FxSound LLC)
Gerenciador de Downloads da EA (HKLM-x32\...\EA Download Manager) (Version: 6.0.4.124 - Electronic Arts, Inc.)
Gmail (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\a49dae519e5190504fb80f16e20ec992) (Version: 1.0 - Google\Chrome)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.182 - Google LLC)
Google Drive (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\932db397ccb442165eaf067bd1aedb35) (Version: 1.0 - Google\Chrome)
GRID 2 © Codemasters version 1 (HKLM-x32\...\R1JJRDI=_is1) (Version: 1 - )
HDD Regenerator (HKLM-x32\...\{54551360-A7FE-46B5-B41C-62DC758242AA}) (Version: 20.11.0011 - Abstradrome)
Intel® Software Installer (HKLM-x32\...\{17ca2588-1bb5-40ca-b48f-6a80ffbce846}) (Version: 22.190.0.4 - Intel Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.41.6 - Tonec Inc.)
Macrium Reflect Server Plus (HKLM\...\{33A56673-B256-45B5-8D05-84EB19691C06}) (Version: 8.1.7469 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Server Plus (HKLM\...\MacriumReflect) (Version: v8.1.7469 - Paramount Software (UK) Ltd.)
Mafia II (HKLM-x32\...\Mafia II_is1) (Version: - )
MegaDownloader 1.8 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.8 - megadownloaderapp.blogspot.com)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Host - 6.0.12 (x64) (HKLM\...\{E215AA9E-5DF2-44BC-9D6F-E1A1B0C348FB}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.12 (x64) (HKLM\...\{0712F23C-FBAC-436C-9DDB-125F32D15033}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.12 (x64) (HKLM\...\{1BF67DC1-8BB5-4AF5-BE20-3B53D9532D01}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.76 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.76 - Microsoft Corporation)
Microsoft Office Professional 2016 - pt-br (HKLM\...\ProfessionalRetail - pt-br) (Version: 16.0.16731.20170 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 22.077.0410.0007 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31931 (HKLM-x32\...\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31931 (HKLM-x32\...\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31931 (HKLM-x32\...\{AB1BDF73-7393-42CE-812D-9A90918814D5}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.12 (x64) (HKLM\...\{3E726676-B5F4-48DA-B9F9-78A15B7F8A70}) (Version: 48.51.52100 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.12 (x64) (HKLM-x32\...\{24b99d74-a81e-4765-aefe-be853ac47482}) (Version: 6.0.12.31928 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MPC-HC 1.9.24 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.9.24 - MPC-HC Team)
MSI Afterburner 4.6.5 Beta 4 (HKLM-x32\...\Afterburner) (Version: 4.6.5 Beta 4 - MSI Co., LTD)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20052 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20170 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.16731.20052 - Microsoft Corporation) Hidden
One Piece Burning Blood Gold Edition MULTi10 - ElAmigos versão 1.06 (HKLM-x32\...\{30391AA3-89CC-41EE-8569-6E5AFC343197}_is1) (Version: 1.06 - Bandai Namco Entertainment)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 101.0.4843.43 (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Opera 101.0.4843.43) (Version: 101.0.4843.43 - Opera Software)
Pacote de Driver do Windows - Realtek Net (09/28/2020 10.045.0928.2020) (HKLM\...\C1B42219F20B36DD15C90FF914DFDCE2073C2736) (Version: 09/28/2020 10.045.0928.2020 - Realtek)
Planilhas (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\de0e6f7c8cc200e7019511986230e1c8) (Version: 1.0 - Google\Chrome)
PS Remote Play (HKLM-x32\...\{18E06000-568E-4D9D-B506-EF3D3873210D}) (Version: 6.0.0.02240 - Sony Interactive Entertainment Inc.)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10518 - Qualcomm)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.45.928.2020 - Realtek)
RivaTuner Statistics Server 7.3.4 Beta 6 (HKLM-x32\...\RTSS) (Version: 7.3.4 Beta 6 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
RyzenMasterSDK (HKLM\...\{3710415D-9538-4812-A68F-251EA22A8E14}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Screenpresso (HKLM\...\{1e375827-5328-4da4-aed5-7e2b89337772}) (Version: 2.1.8.0 - Learnpulse)
Sonic Generations (HKLM-x32\...\Sonic Generations_is1) (Version: - )
Spider-Man 3 ™ (HKLM-x32\...\InstallShield_{990166FA-1ACB-4AA7-B592-4D370C7CDD1A}) (Version: 1.00.0000 - Activision)
Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.8070 - Microsoft Corporation)
Textos (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\6cbf8614008d280398c1d1816f2c1ca2) (Version: 1.0 - Google\Chrome)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.00 - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
USBHelperLauncher (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\USBHelperLauncher) (Version: 0.17d - FailedShack)
ViGEm Bus Driver (HKLM\...\{9C581C76-2D68-40F8-AA6F-94D3C5215C05}) (Version: 1.21.442 - Nefarius Software Solutions e.U.)
Vivaldi (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Vivaldi) (Version: 6.2.3105.47 - Vivaldi Technologies AS.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
WebAdvisor da McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.834 - McAfee, LLC)
WingetUI (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\{889610CC-4337-4BDB-AC3B-4F21806C0BDD}_is1) (Version: 1.5.3 - Martí Climent)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
WinToHDD (HKLM\...\WinToHDD_is1) (Version: 5.8 - Hasleo Software.)
Wondershare Filmora 12(Build 12.2.12.2498) (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Wondershare Filmora 12_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Wondershare NativePush(Build 1.0.0.7) (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Wondershare NativePush_is1) (Version: - )
YouTube (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\7d0fbb6319dc4f2d6542cb28463cb89a) (Version: 1.0 - Google\Chrome)
Zoom (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\ZoomUMX) (Version: 5.15.5 (19404) - Zoom Video Communications, Inc.)

Packages:
=========
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2023-08-18] (Acer Incorporated)
Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-02-11] (Microsoft Corporation)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-18] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2023-08-18] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2307.24002.0_x64__8wekyb3d8bbwe [2023-09-11] (Microsoft Corporation) [Startup Task]
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-08] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.251.0_x64__dt26b99r8h8gj [2023-08-18] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-11] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0 [2023-09-08] (Spotify AB) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-08] (Microsoft Corporation)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2022.1227.2402.199_neutral__8wekyb3d8bbwe [2023-08-18] (Microsoft Corporation)
WinRAR -> C:\Program Files\WinRAR [2023-09-09] (win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> C:\Users\Kaique-Vidal\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> c:\program files\macrium\common\reflectmonitor.exe (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> C:\Users\Kaique-Vidal\AppData\Roaming\7zip\7-zip.dll (Igor Pavlov) [File not signed]
CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{68AC8A11-8E2F-474E-AE5C-E11EB489347A}\localserver32 -> C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\6.2.3105.47\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{A4090264-1B21-4E10-85F8-0B2A0DE5CC23} -> [Music] => C:\Users\Kaique-Vidal\Music [2022-12-23 17:07]
CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> "C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\4.3.2439.65\notification_helper.exe" => No File
CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{E1E57C1E-543A-42C5-A5E5-05F1A8D59F33}\localserver32 -> "C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\5.6.2867.58\notification_helper.exe" => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-03] (Tonec Inc. -> Tonec FZE)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => D:\Reflect\RContextMenu.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => D:\Reflect\RContextMenu.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1323333070-3634341992-397913038-1001: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Kaique-Vidal\AppData\Roaming\7zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers4_S-1-5-21-1323333070-3634341992-397913038-1001: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Kaique-Vidal\AppData\Roaming\7zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers6_S-1-5-21-1323333070-3634341992-397913038-1001: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Kaique-Vidal\AppData\Roaming\7zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.spv1] => C:\Program Files\Learnpulse\Screenpresso\ScreenpressoCodec.dll [167656 2023-01-02] (Learnpulse -> LearnPulse)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.spv1] => C:\Program Files\Learnpulse\Screenpresso\SysWOW64\ScreenpressoCodec.dll [146664 2023-01-02] (Learnpulse -> LearnPulse)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Apresentações.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Planilhas.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Textos.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [147]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170902&iDate=2022-12-24 01:25:57&iid=8a884268-3e2c-421c-b62f-daa3be78a13f&bName=
SearchScopes: HKU\S-1-5-21-1323333070-3634341992-397913038-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 06:14 - 2023-06-03 00:55 - 000002480 ____N C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.org # Fake FitGirl site

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Fortect
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kaique-Vidal\Pictures\vcuIyoVK_4x.jpg
DNS Servers: 186.232.56.22 - 186.232.56.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Screenpresso"
HKLM\...\StartupApproved\Run: => "EPPCCMON"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "HDD Regenerator"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "_TE16A.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "_TE38F2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "_TE50A4.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "AdobeARM.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "AMDLinkDriverUpdate.xml"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230521123721.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230522121739.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230523121739.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230524121739.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230525131351.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230526122506.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230527121739.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230528121740.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230529121739.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230529131420.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230530035434.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "CUsersKaique-VidalAppDataLocalProgramsOpera101.0.4843.43opera_autoupdate.download.lock"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "cv_debug.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "native_push_sensors"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "TWAIN.LOG"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "Twain001.Mtx"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "Twunk001.MTX"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "Twunk002.MTX"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "upgrade_sensors"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "vivaldi_installer.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "WINWORD.EXE_c2rdll(20230818184958FF4).log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "WINWORD.EXE_c2rdll(20230818185012F30).log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "wsduilib.log.2023-05-31"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "NotifyIconGeneratedAumid_1897770014230834862.png"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bc3902d8132f43e3ae086a009979fa88.db"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bc3902d8132f43e3ae086a009979fa88.db.ses"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bc3902d8132f43e3ae086a009979fa88.db-shm"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bc3902d8132f43e3ae086a009979fa88.db-wal"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ad1bc981-dc18-445f-af4c-722616e0022a.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-11560.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "70304202-db4b-403b-83ef-00fe3e7f78dd.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "5b7675ae-fab0-4d1d-b14f-e59289092601.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "{D1D2057F-2004-493F-A3EA-E787B4CFA417} - OProcSessId.dat"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "{D84E0988-4F06-4DA8-B83B-A61B4B311660} - OProcSessId.dat"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "~DF5C3229F667F003B4.TMP"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "0a09f44c-5052-44c6-a0ff-03f0aee3d716.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "03b1fe12-b65f-4d15-90a9-865bf693cb81.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "4a2a5472-50a2-4835-9a6b-131cc89c450a.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "4fbaf048-d606-45e9-ab3f-8973bf437d12.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "06ce3baa-6039-4e28-91ac-2bf36a64f88f.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "6bc5b74a-08b9-406f-964e-a9f651f75cc8.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "6c34148b-9b32-4806-8a10-cc2859f630ab.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7a8e4dd9-edb6-405f-ab11-4933898e91a4.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7e109536-8500-4984-b505-4c23cbcc2383.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "8b52100e-1fc1-41ff-925b-c3cc72415af3.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9d95cdc3-47d2-4767-90ef-c05451e59d34.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "31cd2e65-2cb8-4532-93db-d66789ba55d9.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "64a8d03c-a179-4a89-80ac-f8ffcd3ba462.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "70b13af5-d133-442c-87c4-162fb8d3f33c.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "102a1086-97a0-4538-8ac5-6ad5c7fa05c1.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "259c7135-cc52-4567-9739-fc73875c8efb.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "633bebe5-5c98-4fae-b934-df4b9fba1395.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "760e8487-290a-4029-8add-94cd91f45417.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "794e5f1e-2691-4e27-86b0-60ed49aaf762.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "1396a6de-e821-451e-94e9-deb8607e8df6.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "125610fa-6c7d-4d25-a3cc-1e7f302d6dbf.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "532527e9-1027-44db-a331-b12e68ead280.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "568122a3-c1de-4b8b-8e50-9c77846d5a30.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2694432a-8846-4c61-9d1f-cbc85b6a3690.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "4694941f-5b0c-4dac-9089-e4e3e5460ef2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7258065a-ccc6-48a3-9b3e-f28217024087.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "52895737-f9fa-4ef9-b5f5-502841fdc01d.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a5c1d119-5bbd-4870-b1a0-93c24ba41446.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "af4dc4dc-917d-4d63-bf5b-23948742e015.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230908080437.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "c296216d-cd0a-4558-910e-2735e77f5730.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "cb44c71f-3149-4e79-a1c7-ac9af0dcbe2e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "cd2030f7-593f-4651-b8ae-a390f31fecbc.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "codeint7684"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f6524bc1-d000-41c6-8980-903908fdad43.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f1478730-f32d-4ad5-a81a-c67ac8645dd6.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-11048.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-11544.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230908123847.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "1a30ef6b-6420-432a-b999-0838f4fb83ea.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "codeint9994"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f8a97030-3520-4caf-b176-4eb880818840.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f3838886-1cce-4d37-a81c-b39cd076673b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "5b82d819-aac3-406c-be72-90908efdf572.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "98f520e9-c248-4920-bd26-9fef435c7e82.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7a5e678d-2aa9-4e70-89f2-f0c1245da28d.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "79a51465-ba7c-4d62-9701-3d3048e32ecb.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "e37b0cc4-a65c-47f4-b688-fe662e39b208.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a91cdadf-cf7e-4bef-9a85-ecc337f8497a.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9dde50ef-ef6f-4aeb-b336-36dcdbe3e354.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "0a709337-99cf-4dbc-ac80-372ffa2bea54.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "8d825f93-a3ea-4883-8755-26b2d960f468.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "017fe334-6cac-49b0-b349-463a86ab5daf.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "26bb03ef-3f7a-442d-85d7-c89b2e529209.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "69d69dbe-119e-45a5-90dc-23408c7307f3.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "81a4b299-633c-4490-8433-f8cedaf44565.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "515c7eac-052e-4438-9cb6-abdc74e77c3b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a78fdca7-8f02-4e90-99b8-4f53290f2de7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ae1bb607-c6f2-4c3f-911e-51672deb1fb2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230909124551.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-10688.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-11352.log"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "0d512ce0-043b-4cc4-9eee-d2e14d6096a2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "~DF12770EFFD26C212F.TMP"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2a9e72e8-0474-4545-ba29-a74478298d70.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2a2215f6-599f-455d-a13f-01643113b5f8.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2d458545-5146-406d-b73c-017278aa468b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2ddd15aa-753e-405d-af13-2c5f78600d4b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2f4808aa-1d30-4c26-a6db-4962cf596d39.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "03c081a4-a9d0-48d7-a53f-b08b079242d7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "3dc66679-6565-41dc-a410-7c87af280a48.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "6e88977e-20d3-4d8e-9602-37ad6d38a238.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "8ec78666-4dc4-4a41-ab6a-1398633466bf.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9dd74573-2b65-4617-aee0-ac5ea4bdfd33.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "25d367e6-3683-480c-b1d2-08afa3bdd124.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "29c2922f-1a93-4984-9dc7-1fa7393a0d3f.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "65eeb7d8-e379-47ec-9ba8-3f28cb0fe07e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "68d28bda-c859-4638-8a6f-7c6ed1c792e6.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "74c66e7e-0d2e-43d6-8ac2-7965c3a4ed63.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "e4dce29c-5320-464c-9f66-955e2748d746.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "e83d29e9-3ec9-496e-867d-7ed5cb8ea538.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ec948785-c546-412e-b925-a0b1ca297bf5.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "~DF382F7B16BFFB8278.TMP"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2b2ee02f-f502-4a32-a5e7-d48de29ad69d.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "3a3c0a6a-d034-47c9-b6e0-253f116ed8d7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "5d3b0c41-50f6-4198-b8c7-261d947d419b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "5fdf2624-fbd2-47f1-880f-b81c03a391cc.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "6d277e08-ef57-4449-bb8e-a62ef7f66c67.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7be9dd6b-6789-4aa0-8c0c-e6f355e430b6.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9fe265bb-895f-412a-93e0-4d41ad18b74a.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "44d26f6d-fc66-474b-8686-482bae556eea.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "54d4ffda-eadf-41c2-b1b4-1001d2034eac.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "64b2424e-0197-49f7-b0b7-59c46b3bb77c.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "75a7af82-1584-45ea-8518-43bdc7982cc7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "83e803d2-3330-472e-8cf7-aee04d417ce9.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "90b8b0e0-8476-415a-8c48-ead7e6834958.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "90e201e8-00f0-4f79-b890-9d671614dcf5.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "692ce983-1587-4f20-8b3f-f6a8d94f1edf.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "0754a294-5546-4c21-9d32-993ed82a980b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "3806196d-396e-4330-ba1c-fbe7753d7dd4.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a15a8d5c-a558-4b7b-903e-ed2314aeed3d.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a81bcafe-e504-4f3a-b57f-d95012a9138b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "b6bd0f7e-4a13-4874-bb9f-ea25faf8207e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "b7efd749-d185-4745-9bc6-a396717bcf3e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "b63c40ed-956d-4c6e-9e59-ab1a70a766a7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "b91ad984-5e8a-49f7-b1a9-4e2916dfdba8.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bce7bfa2-ad8b-42e1-beaa-9f5ff4e6a3e7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bcf6b9de-207a-4ec5-bd18-3c0466aa7297.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "cdb382a3-5e05-429d-9fe0-ae7e810c126e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "d1a1469e-c5a3-4c16-a9ca-43b63ceffdda.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "de5ed909-de67-4234-aad1-facdb9afb132.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "e04897ef-f9f0-4711-be21-4d00daa9f76e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ef8e6659-1e24-47f0-a5cf-153c182e1a36.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f58ea10f-f24b-46c4-8cbf-86dd343f6022.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f734d4a0-2ab9-4c34-a6ae-23d7968193d2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ff8386f6-9e42-4ea3-b8aa-04dc4c4a3079.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "1cbe6d1b-76dc-4da2-8fa7-4db79d0f7892.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ded90ef2-f596-454e-bc10-5410bc8e06ba.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "AMDNoiseSuppression"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "NeatDM"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "ut"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_90C0C776FC4CC570E7FB3277B161E7B0"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "WingetUI"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "Opera GX Stable"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "TaskbarSystem"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B7C06C68F464209BF2BA4F21CB7E80AF"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "Opera Stable"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0CF5F626-16C7-4D99-B027-33FEF351E344}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{65204FA4-EE92-438B-B43E-4507E134659E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2D4E9AF8-E071-4978-B88A-FAA1B8248859}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{50AABC93-F1C3-4E4E-8D80-AE07D1679696}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{12EEFD97-2F7F-4337-AA18-16F6CC9E7EE9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BDB1A7F9-7EEE-4498-9323-D6BA313BEA45}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FD04E2BF-A9ED-4CE9-BCDD-048D38AD2394}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{95A691A4-9536-4686-9F63-05AA138DED45}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6E17808C-A7A7-413F-B206-B7BB2CBA8B7A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1F2E6836-3EA4-4364-BFFE-0AB9D2C3B71D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{80C1C9E5-ABF7-45BE-ACE3-B3FFFAE3583D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7525866F-61C9-4132-9FDD-4C900553D2F2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{08940D60-B2E0-44A2-B2FD-1AD57BA62F62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF1EB441-A7E7-4124-8F89-B1D8F4DA6C7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A0DAA598-FB5C-4BB8-9036-23BA04D7097A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D89D535C-2873-4664-B202-DDEFABEC8F36}] => (Allow) D:\RemotePlay\RemotePlay.exe => No File
FirewallRules: [{AEE55181-98D2-4DCD-B04B-573BA5237EEA}] => (Allow) D:\UsersKaique-Vidal\Steam.exe => No File
FirewallRules: [{161E03C5-53BA-4A2F-B0DF-FAD305AAEE51}] => (Allow) D:\UsersKaique-Vidal\Steam.exe => No File
FirewallRules: [{32BBDB8F-3DA0-45C5-8D4A-3E22DC28602C}] => (Allow) C:\Users\Kaique-Vidal\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
FirewallRules: [{8893D337-8650-49F2-9CFB-1CD5744ED920}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6FEBC959-E460-49C9-B62C-41B3CE693EDC}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A57DEB10-56A5-4D70-82F3-BF355C778E80}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4B5073CC-2A01-4A64-8E33-3D3DC9E14D08}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{01D9D60F-D317-4E23-9EF4-958F18D1B8B8}C:\users\kaique-vidal\appdata\local\programs\opera\opera.exe] => (Block) C:\users\kaique-vidal\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{7266B4E4-FB40-4499-99CA-585F452311ED}C:\users\kaique-vidal\appdata\local\programs\opera\opera.exe] => (Block) C:\users\kaique-vidal\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{3F7B595A-3C1A-4DAA-B431-C176274B822D}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe => No File
FirewallRules: [{F18CE06F-2979-41C5-BCAB-6DE0855BAD12}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe => No File
FirewallRules: [{5A222EB5-7735-4EB0-8C73-089A6CCC48D4}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe => No File
FirewallRules: [{ABC06E03-02AF-44E8-9550-8682C2EC872A}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe => No File
FirewallRules: [{F340B239-B855-426D-9D44-1C81B0C185CE}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe => No File
FirewallRules: [{4057D799-00DC-4EA3-A23C-D7A990A0FA3A}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe => No File
FirewallRules: [{D0D46B72-D0CB-46B6-81B7-B015EBBA4EE0}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe => No File
FirewallRules: [{3D881920-412C-4CEB-810D-7AF28DA3731F}] => (Allow) D:\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe => No File
FirewallRules: [UDP Query User{69F25DD0-2BA6-4B8C-B3D4-B3C4075EC450}D:\games\max payne 3\maxpayne3.exe] => (Allow) D:\games\max payne 3\maxpayne3.exe => No File
FirewallRules: [TCP Query User{EC0A76FC-D192-4A26-A229-6028746E0036}D:\games\max payne 3\maxpayne3.exe] => (Allow) D:\games\max payne 3\maxpayne3.exe => No File
FirewallRules: [{8C753196-B365-4284-BAE5-4861BCA654E7}] => (Allow) C:\Users\Kaique-Vidal\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{C9B7439D-AF56-4E20-9273-FF7B9283CCD2}] => (Allow) C:\Users\Kaique-Vidal\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{6534DB3A-8889-4048-BE5D-50D7CBD33558}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{FDDECF79-900F-48CC-BD7B-9057EE8E413B}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [UDP Query User{BEC022AD-1F79-4C1E-9322-32D9A9AED04B}C:\users\kaique-vidal\appdata\roaming\utorrent\updates\utorrent.exe] => (Allow) C:\users\kaique-vidal\appdata\roaming\utorrent\updates\utorrent.exe => No File
FirewallRules: [TCP Query User{DEC09A5D-CFA6-416C-A0E8-6B5AD0684878}C:\users\kaique-vidal\appdata\roaming\utorrent\updates\utorrent.exe] => (Allow) C:\users\kaique-vidal\appdata\roaming\utorrent\updates\utorrent.exe => No File
FirewallRules: [UDP Query User{24C02FB3-4850-44AE-B3F1-DF467547B1D9}D:\cemu_1.26.2\cemu_1.26.2\cemu.exe] => (Allow) D:\cemu_1.26.2\cemu_1.26.2\cemu.exe => No File
FirewallRules: [TCP Query User{8CA48EE8-FB32-4B8A-ADEA-55E59568BC3B}D:\cemu_1.26.2\cemu_1.26.2\cemu.exe] => (Allow) D:\cemu_1.26.2\cemu_1.26.2\cemu.exe => No File
FirewallRules: [UDP Query User{E08EC326-0A04-46E0-9C87-16BFDBDD3346}D:\games\wiiu_usb_helper_.exe] => (Allow) D:\games\wiiu_usb_helper_.exe => No File
FirewallRules: [TCP Query User{B557961D-FA73-410D-8953-72F713423250}D:\games\wiiu_usb_helper_.exe] => (Allow) D:\games\wiiu_usb_helper_.exe => No File
FirewallRules: [UDP Query User{FE14AE93-DFC7-4F3C-8199-64F0AFE5F62A}D:\games\usbhelperlauncher.exe] => (Allow) D:\games\usbhelperlauncher.exe => No File
FirewallRules: [TCP Query User{9DEF5E9D-3CF5-463A-A334-9A9697B1D7C3}D:\games\usbhelperlauncher.exe] => (Allow) D:\games\usbhelperlauncher.exe => No File
FirewallRules: [UDP Query User{6ABAD511-6021-4603-A733-3CE92E1F38FD}D:\bayonetta 2\cemu\cemu.exe] => (Allow) D:\bayonetta 2\cemu\cemu.exe => No File
FirewallRules: [TCP Query User{2F58A27D-A940-4ACB-8FC9-62D604848C42}D:\bayonetta 2\cemu\cemu.exe] => (Allow) D:\bayonetta 2\cemu\cemu.exe => No File
FirewallRules: [UDP Query User{737ECB88-CAF0-4790-92D2-8C893120C698}D:\games\call of duty - modern warfare 3\iw5mp.exe] => (Block) D:\games\call of duty - modern warfare 3\iw5mp.exe => No File
FirewallRules: [TCP Query User{139F040D-762B-4781-B515-0DFBFC0DABDF}D:\games\call of duty - modern warfare 3\iw5mp.exe] => (Block) D:\games\call of duty - modern warfare 3\iw5mp.exe => No File
FirewallRules: [UDP Query User{1164B66F-279D-4807-BED4-A55CBA3C765C}D:\singularity\binaries\singularity.exe] => (Allow) D:\singularity\binaries\singularity.exe => No File
FirewallRules: [TCP Query User{FA7C9610-224E-472C-9DD3-32A525440365}D:\singularity\binaries\singularity.exe] => (Allow) D:\singularity\binaries\singularity.exe => No File
FirewallRules: [UDP Query User{D8B9A76C-F094-4D3E-9B47-A7004B6EC409}D:\games\call of duty - modern warfare 3\iw5sp.exe] => (Allow) D:\games\call of duty - modern warfare 3\iw5sp.exe => No File
FirewallRules: [TCP Query User{E85DE732-0752-44EF-8302-0609FB179547}D:\games\call of duty - modern warfare 3\iw5sp.exe] => (Allow) D:\games\call of duty - modern warfare 3\iw5sp.exe => No File
FirewallRules: [UDP Query User{087FD02D-46FD-4607-AAC6-4F00EA1C965F}D:\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) D:\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [TCP Query User{F4105CCE-4152-4B11-B0FC-A98B2D876B72}D:\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) D:\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [UDP Query User{3D132CBB-6DDD-4907-8DDC-B65E592F819F}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe => No File
FirewallRules: [TCP Query User{EFCB1484-2383-4581-9B15-F6ED473760B6}C:\program files\megadownloader\megadownloader.exe] => (Allow) C:\program files\megadownloader\megadownloader.exe => No File
FirewallRules: [UDP Query User{7402A331-8814-40FF-8178-41CC28C8F5CB}D:\megadownloader\megadownloader.exe] => (Allow) D:\megadownloader\megadownloader.exe => No File
FirewallRules: [TCP Query User{37A1BAF6-F139-4176-9788-353662159B35}D:\megadownloader\megadownloader.exe] => (Allow) D:\megadownloader\megadownloader.exe => No File
FirewallRules: [UDP Query User{4D45D7E9-7D75-4654-9D19-A258593A2046}D:\xenia_master\xenia.exe] => (Allow) D:\xenia_master\xenia.exe => No File
FirewallRules: [TCP Query User{9288B63D-4B05-4E5B-B819-EA7EDC954B2F}D:\xenia_master\xenia.exe] => (Allow) D:\xenia_master\xenia.exe => No File
FirewallRules: [UDP Query User{27CFFE8F-AF53-4CF5-B850-2C9C334488F7}C:\users\kaique-vidal\downloads\compressed\ps3\rpcs3.exe] => (Allow) C:\users\kaique-vidal\downloads\compressed\ps3\rpcs3.exe => No File
FirewallRules: [TCP Query User{F63514AB-EEF3-40F0-9572-99A49AF25A50}C:\users\kaique-vidal\downloads\compressed\ps3\rpcs3.exe] => (Allow) C:\users\kaique-vidal\downloads\compressed\ps3\rpcs3.exe => No File
FirewallRules: [{0A926A61-EB97-4392-8D44-66FCA235457C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{69073435-1781-4EAB-9F51-19ACAB58B3C2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{4A787A40-6340-490A-92EA-53F1F8600862}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{416773ED-6E2C-4307-8E95-C06200B6F941}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [UDP Query User{B62AE1C8-609B-4E4B-B03F-B9FE48A66743}C:\program files (x86)\modern\call of duty - world at war\codwaw.exe] => (Block) C:\program files (x86)\modern\call of duty - world at war\codwaw.exe => No File
FirewallRules: [TCP Query User{F3D326C8-3BB9-4211-9303-967CD5A6409C}C:\program files (x86)\modern\call of duty - world at war\codwaw.exe] => (Block) C:\program files (x86)\modern\call of duty - world at war\codwaw.exe => No File
FirewallRules: [UDP Query User{2D02C5C7-1029-4C33-83A0-7CA2D055F695}C:\program files (x86)\call of duty black ops\blackops.exe] => (Block) C:\program files (x86)\call of duty black ops\blackops.exe => No File
FirewallRules: [TCP Query User{DE79083E-64EE-4FAE-9DAF-65F37690440A}C:\program files (x86)\call of duty black ops\blackops.exe] => (Block) C:\program files (x86)\call of duty black ops\blackops.exe => No File
FirewallRules: [UDP Query User{046F4658-74FB-4F59-85C4-45D6912942CE}C:\users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwawmp.exe] => (Block) C:\users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwawmp.exe => No File
FirewallRules: [TCP Query User{B44B7661-009D-460D-A0E6-9A63009F640C}C:\users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwawmp.exe] => (Block) C:\users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwawmp.exe => No File
FirewallRules: [UDP Query User{4B00A1F2-FE76-4CE7-8BA2-3954A66B678A}C:\users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwaw.exe] => (Block) C:\users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwaw.exe => No File
FirewallRules: [TCP Query User{AD4D035E-1F50-402C-96EC-7F54D365D3A6}C:\users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwaw.exe] => (Block) C:\users\kaique-vidal\downloads\compressed\callofdutyworldatwar\call of duty world at war\codwaw.exe => No File
FirewallRules: [UDP Query User{E1219244-9748-4A45-BECD-49ECFFA12B4E}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{822D2DB7-648D-420A-973D-5F7A61CAFF34}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{2EBDB828-8FE4-47CF-B16C-A9208EAA48DE}] => (Allow) C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [UDP Query User{4C7A86C9-DCAF-4932-A060-A772B2C9B2D6}C:\program files\amd\cnext\cnext\radeonsoftware.exe] => (Block) C:\program files\amd\cnext\cnext\radeonsoftware.exe (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
FirewallRules: [TCP Query User{2ED3315E-C538-42DA-B6DF-1BF3ABDAE565}C:\program files\amd\cnext\cnext\radeonsoftware.exe] => (Block) C:\program files\amd\cnext\cnext\radeonsoftware.exe (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
FirewallRules: [{2CDDC7CE-953B-40A5-85E5-6A7D2AF69D0D}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{E023515B-0980-4049-AAA7-35CED159A8FB}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{245AB0E5-1700-49FF-9771-FF138DF87761}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{6B073B47-98C9-4FAC-B3E5-1941CC767634}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{19D1838D-209F-4503-B6F3-8774C326EF37}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{561A63F2-DD0D-4DD8-9ADA-6C46268DD470}] => (Allow) C:\Users\Kaique-Vidal\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{854CFC3E-E14B-4481-A83F-3432CC4FBE0D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1A82EE21-5A86-4CBF-B349-38BFFDA4D5A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{193435B2-BF6B-430A-9737-3ABAA0505973}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{33F03619-E470-4FA0-B1F6-18396475FC49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CD2451A3-67F8-4B24-808D-41A9230D0B17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CD772BA7-3EE4-42CC-BBD5-AEF20AD78F3C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B20FBED0-FC5C-4F95-ABEB-FCBBEAC95866}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{289C6897-48F8-4241-9D1D-23116902BED2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4DB15538-C09D-4013-B1B9-5D6ECCBDCB81}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C45EDF05-D4A6-4994-8EDC-D79E39651306}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{51A55A24-2FB6-4769-8C2B-8D12189AC636}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F8C3328D-820F-4ECD-9AB5-083820513C13}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{13C5F84E-3941-4A06-BBBE-84ED99DFE1F5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{71D5C5C1-0BAE-4664-B861-A9A2D29CAFE3}] => (Allow) C:\Program Files\Fortect\MainService.exe (Fortect LTD -> Fortect LTD.)
FirewallRules: [{50BD2504-7650-45D5-A0FD-4172B860FDDB}] => (Allow) C:\Program Files\Fortect\MainService.exe (Fortect LTD -> Fortect LTD.)
FirewallRules: [{E4B77B09-9973-4E6F-81D5-255DD4B5E3DD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

08-09-2023 05:25:26 Instalador de Módulos do Windows
10-09-2023 00:26:24 Ponto de verificação por HitmanPro

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (09/11/2023 08:40:18 PM) (Source: CertEnroll) (EventID: 86) (User: AUTORIDADE NT)
Description: Falha na inicialização do registro de certificado SCEP para WORKGROUP\DESKTOP-RTLM44P$ via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 11 Sep 2023 23:40:20 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 4ac26366-7932-4cb7-8053-0cfe20a47250

Método: GET(391ms)
Estágio: GetCACaps
Não encontrado (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (09/11/2023 08:40:18 PM) (Source: CertEnroll) (EventID: 86) (User: AUTORIDADE NT)
Description: Falha na inicialização do registro de certificado SCEP para Sistema local via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 11 Sep 2023 23:40:19 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 6536fdc8-6837-44b0-9a24-147121b0b5ee

Método: GET(578ms)
Estágio: GetCACaps
Não encontrado (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (09/11/2023 02:32:19 PM) (Source: Application Error) (EventID: 1005) (User: AUTORIDADE NT)
Description: ComboCleaner.WinService.exe0xc000026e0x0

Error: (09/11/2023 02:32:19 PM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT)
Description: Nome do aplicativo com falha: ComboCleaner.WinService.exe, versão: 0.0.0.0, carimbo de data/hora: 0xe9399f98
Nome do módulo com falha: ntdll.dll, versão: 10.0.22621.2134, carimbo de data/hora: 0xeee69ec7
Código de exceção: 0xc0000006
Deslocamento da falha: 0x0000000000020352
ID do processo com falha: 0x0x110c
Hora de início do aplicativo com falha: 0x0x1d9e4c452ca6836
Caminho do aplicativo com falha: D:\ComboCleaner.WinService.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\ntdll.dll
ID do Relatório: b86ac3cd-6b14-4b0b-8cbf-1ce5db828c14
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (09/11/2023 02:32:19 PM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT)
Description: Nome do aplicativo com falha: ComboCleaner.Guard.exe, versão: 0.0.0.0, carimbo de data/hora: 0xc98225a1
Nome do módulo com falha: ntdll.dll, versão: 10.0.22621.2134, carimbo de data/hora: 0xeee69ec7
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000000000001e20e
ID do processo com falha: 0x0x111c
Hora de início do aplicativo com falha: 0x0x1d9e4c452ca85d1
Caminho do aplicativo com falha: D:\ComboCleaner.Guard.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\ntdll.dll
ID do Relatório: 1ac47a75-0174-4ac6-b22a-2591073414d7
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (09/11/2023 12:26:29 PM) (Source: CertEnroll) (EventID: 86) (User: AUTORIDADE NT)
Description: Falha na inicialização do registro de certificado SCEP para WORKGROUP\DESKTOP-RTLM44P$ via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps

Método: GET(15ms)
Estágio: GetCACaps
O nome ou o endereço do servidor não pôde ser resolvido 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (09/11/2023 12:26:29 PM) (Source: CertEnroll) (EventID: 86) (User: AUTORIDADE NT)
Description: Falha na inicialização do registro de certificado SCEP para Sistema local via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps

Método: GET(31ms)
Estágio: GetCACaps
O nome ou o endereço do servidor não pôde ser resolvido 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (09/11/2023 12:26:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Users\Kaique-Vidal\AppData\Local\CapCut\Apps\CapCut.exe". Erro no arquivo de manifesto ou de política "", na linha .
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2070_none_6ec11d2a87fe200c.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2070_none_2713e6537381f706.manifest.


System errors:
=============
Error: (09/11/2023 08:41:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço AMDRyzenMasterDriverV20 devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (09/11/2023 08:40:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço AMDRyzenMasterDriverV20 devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (09/11/2023 08:40:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço AMDRyzenMasterDriverV20 devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (09/11/2023 08:40:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço AMDRyzenMasterDriverV20 devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (09/11/2023 04:35:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço eapihdrv devido ao seguinte erro:
O carregamento deste driver foi bloqueado

Error: (09/11/2023 04:35:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\KAIQUE~1\AppData\Local\Temp\ehdrv.sys

Error: (09/11/2023 04:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço eapihdrv devido ao seguinte erro:
O carregamento deste driver foi bloqueado

Error: (09/11/2023 04:35:58 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\KAIQUE~1\AppData\Local\Temp\ehdrv.sys


Windows Defender:
================
Date: 2023-09-11 13:34:24
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.B!ml&threatid=2147735503&enterprise=0
Nome: Trojan:Script/Wacatac.B!ml
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Windows\Temp\tmp000002ee\tmp0041fc62
Origem da Detecção: Computador local
Tipo da Detecção: FastPath
Fonte da Detecção: Proteção em Tempo Real
Usuário: AUTORIDADE NT\SISTEMA
Nome do Processo: D:\ComboCleaner.Guard.exe
Versão da Inteligência de Segurança: AV: 1.397.779.0, AS: 1.397.779.0, NIS: 1.397.779.0
Versão do Mecanismo: AM: 1.1.23080.2005, NIS: 1.1.23080.2005

Date: 2023-09-11 13:32:09
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sabsik.FL.B!ml&threatid=2147780203&enterprise=0
Nome: Trojan:Win32/Sabsik.FL.B!ml
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_D:\Setup_123_Passwords_Full\Setup.exe
Origem da Detecção: Computador local
Tipo da Detecção: FastPath
Fonte da Detecção: Proteção em Tempo Real
Usuário: DESKTOP-RTLM44P\Kaique
Nome do Processo: C:\Users\Kaique-Vidal\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Versão da Inteligência de Segurança: AV: 1.397.779.0, AS: 1.397.779.0, NIS: 1.397.779.0
Versão do Mecanismo: AM: 1.1.23080.2005, NIS: 1.1.23080.2005

Date: 2023-09-11 13:18:30
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AgentTesla!ml&threatid=2147760503&enterprise=0
Nome: Trojan:Win32/AgentTesla!ml
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Windows\Temp\tmp000002ee\tmp001576f5
Origem da Detecção: Computador local
Tipo da Detecção: FastPath
Fonte da Detecção: Proteção em Tempo Real
Usuário: AUTORIDADE NT\SISTEMA
Nome do Processo: D:\ComboCleaner.Guard.exe
Versão da Inteligência de Segurança: AV: 1.397.779.0, AS: 1.397.779.0, NIS: 1.397.779.0
Versão do Mecanismo: AM: 1.1.23080.2005, NIS: 1.1.23080.2005

Date: 2023-09-11 13:11:07
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sabsik.FL.B!ml&threatid=2147780203&enterprise=0
Nome: Trojan:Win32/Sabsik.FL.B!ml
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_D:\Setup_123_Passwords_Full\Setup.exe
Origem da Detecção: Computador local
Tipo da Detecção: FastPath
Fonte da Detecção: Proteção em Tempo Real
Usuário: AUTORIDADE NT\SISTEMA
Nome do Processo: D:\ComboCleaner.Guard.exe
Versão da Inteligência de Segurança: AV: 1.397.779.0, AS: 1.397.779.0, NIS: 1.397.779.0
Versão do Mecanismo: AM: 1.1.23080.2005, NIS: 1.1.23080.2005

Date: 2023-09-11 13:10:17
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sabsik.FL.B!ml&threatid=2147780203&enterprise=0
Nome: Trojan:Win32/Sabsik.FL.B!ml
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_D:\Setup_123_Passwords_Full\Setup.exe
Origem da Detecção: Computador local
Tipo da Detecção: FastPath
Fonte da Detecção: Proteção em Tempo Real
Usuário: DESKTOP-RTLM44P\Kaique
Nome do Processo: C:\Users\Kaique-Vidal\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Versão da Inteligência de Segurança: AV: 1.397.779.0, AS: 1.397.779.0, NIS: 1.397.779.0
Versão do Mecanismo: AM: 1.1.23080.2005, NIS: 1.1.23080.2005
Event[0]

Date: 2023-09-11 13:19:20
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar carregar um arquivo suspeito para análise posterior.
Nome do Arquivo: C:\Windows\Temp\tmp000002ee\tmp0016a9fe
Sha256: 705c9a5f54d00a8e96a3c0bf6ee5494af89211a1af8dbe41c8e1d82c283747b8
Versão da Inteligência de Segurança Atual: AV: 1.397.779.0, AS: 1.397.779.0
Versão Atual do Mecanismo: 1.1.23080.2005
Código de Erro: 0x80508016


Date: 2023-09-11 13:18:45
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar carregar um arquivo suspeito para análise posterior.
Nome do Arquivo: C:\Windows\Temp\tmp000002ee\tmp0015bf6d
Sha256: 932fe2bfcc0c739b212d91f127f99edbf22c82c0dc8d190dfd79f1bb1a6942cf
Versão da Inteligência de Segurança Atual: AV: 1.397.779.0, AS: 1.397.779.0
Versão Atual do Mecanismo: 1.1.23080.2005
Código de Erro: 0x80508016


Date: 2023-09-11 13:18:45
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar carregar um arquivo suspeito para análise posterior.
Nome do Arquivo: C:\Windows\Temp\tmp000002ee\tmp00159a34
Sha256: 2beeff984388461c867cc062039a464d6a9131968c4b14c51df0b37d5fcc6d1b
Versão da Inteligência de Segurança Atual: AV: 1.397.779.0, AS: 1.397.779.0
Versão Atual do Mecanismo: 1.1.23080.2005
Código de Erro: 0x80508016


Date: 2023-09-11 13:18:28
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar carregar um arquivo suspeito para análise posterior.
Nome do Arquivo: C:\Windows\Temp\tmp000002ee\tmp0014e75c
Sha256: 67a648e12deedf8cc55970868ba68a9b1114e05821dfcf974ac623986cde8f90
Versão da Inteligência de Segurança Atual: AV: 1.397.779.0, AS: 1.397.779.0
Versão Atual do Mecanismo: 1.1.23080.2005
Código de Erro: 0x80508016


Date: 2023-09-10 00:32:38
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar carregar um arquivo suspeito para análise posterior.
Nome do Arquivo: C:\Windows\Temp\tmp00000585\tmp0002a8bf
Sha256: 9cf1c37a7566fc3bb5ebcf58a633f4574f32addf6082f2b504e33857c9cf6ca5
Versão da Inteligência de Segurança Atual: AV: 1.397.696.0, AS: 1.397.696.0
Versão Atual do Mecanismo: 1.1.23080.2005
Código de Erro: 0x80508016


CodeIntegrity:
===============
Date: 2023-09-09 22:12:41
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

BIOS: INSYDE Corp. V1.14 07/04/2023
Motherboard: LN Calla_LC
Processor: AMD Ryzen 7 5700U with Radeon Graphics
Percentage of memory in use: 19%
Total physical RAM: 19818.31 MB
Available physical RAM: 16034.24 MB
Total Virtual: 21098.31 MB
Available Virtual: 17425.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.66 GB) (Free:792.07 GB) (Model: WD_BLACK SN770 1TB) NTFS
Drive e: () (Fixed) (Total:0.09 GB) (Free:0.06 GB) (Model: WD_BLACK SN770 1TB) FAT32

\\?\Volume{46d56a73-b334-4276-848e-02e8f72da849}\ () (Fixed) (Total:0.72 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Attached Files


Edited by Oh My!, 11 September 2023 - 08:50 PM.

#5 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 12 September 2023 - 08:01 AM

Thank you for the reports and removal of software.

Since your computer is very highly infected we are going to be a bit aggressive in attacking the malware. This may end up being a multi-step effort because this type of malware is known to resist efforts to remove it.

My only goal in this post is to remove programs and make sure we create a System Restore Point.

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------
  • Download Revo Uninstaller Free Portable and save it to your Desktop
  • Right click on the folder and select Extract All..., then click Extract
  • Double click on the RevoUninstaller-Portable folder
  • Right click on RevoUPort and select Run as administrator
  • Click OK on the License Agreement
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Driver Booster 10
Combo Cleaner 
HDD Regenerator
  • If the program's uninstaller appears work through the steps to remove the program(s)
  • Be sure the Advanced option is selected then click Scan
  • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
  • Once done click Finish
  • Reboot your computer
===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
SystemRestore: On
CreateRestorePoint:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Programs removed?
  • Fixlog

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#6 Kay07

Kay07
  • Topic Starter

  • Avatar image
  • Members
  • 61 posts
  • OFFLINE
    •  

Posted 12 September 2023 - 09:03 AM

Yes, I removed them. The combined cleaner was on a secondary hard drive.

Attached Files


#7 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 12 September 2023 - 09:26 AM

Thank you.

Please be sure to copy and paste report information in your reply unless asked to attach or the content is too long.

Please do this now.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CloseProcesses:
HKLM\...\StartupApproved\Run32: => "HDD Regenerator"
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKLM-x32\...\Run: [HDD Regenerator] => C:\Program Files (x86)\HDD Regenerator\Shell.exe [89896 2012-11-18] (Abstradrome -> )
C:\Users\cofun\Downloads\MTGAInstaller.exe
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [] =&gt; [X]
S4 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.62\elevation_service.exe" [X]
HKLM\...\Print\Monitors\HP B111 Status Monitor: hpinkstsB111LM.dll (No File)
Task: {AD038E73-97A7-4C22-B781-24530923FEEA} - System32\Tasks\IPVanish.VpnClient =&gt; C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe  --taskscheduler (No File)
Task: {88284482-8E40-4918-85AD-DF86BF9D9AC0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 =&gt; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe  --automatic (No File)
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{62fea752-045e-95c0-525b-b17487673e6e1}\InprocServer32 -&gt; 0xEDC4BC1F8704D701CE39BD1F8704D701010000000300000000000000 =&gt; No File
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -&gt; C:\Users\cofun\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{f00dfd40-8892-a2fb-f1ee-dbad4ab9f83d1}\InprocServer32 -&gt; 0x5831555555555557454C5145324B36564341554155555452393834574446303947573839 =&gt; No File
Toolbar: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -&gt; No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FirewallRules: [{618B5357-098B-4F66-A4BC-9A98DB363F1A}] =&gt; (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe =&gt; No File
FirewallRules: [{EF111DC1-C32C-477A-851C-62DD0D7D07B3}] =&gt; (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe =&gt; No File
FirewallRules: [{33183412-9E4D-4137-A1B9-149833CB8B05}] =&gt; (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe =&gt; No File
Edge Extension: (No Name) -&gt; AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 =&gt; C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -&gt; BookReader_B171F20233094AC88D05A8EF7B9763E8 =&gt; C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -&gt; LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 =&gt; C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -&gt; PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 =&gt; C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}] =&gt; C:\Users\cofun\Downloads\MTGAInstaller.exe [27308152 2020-07-27] (Wizards of the Coast, LLC -&gt; Wizards of the Coast) &lt;==== ATTENTION
GroupPolicy-Firefox: Restriction &lt;==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction &lt;==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction &lt;==== ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-prefs.js [2021-02-04] &lt;==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox-config.cfg [2022-09-11] &lt;==== ATTENTION
FF user.js: detected! =&gt; C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\3r48kx58.default\user.js [2022-11-17]
S2 ComboCleaner.Guard; D:\ComboCleaner.Guard.exe [X]
S2 ComboCleaner.WinService; D:\ComboCleaner.WinService.exe [X]
S3 RTCore64; \??\D:\MSI Afterburner\RTCore64.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
HKLM\...\Run: [Combo Cleaner] =&gt; "D:\ComboCleaner.exe" -minimized (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser =&gt; %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {4A9B48DC-1623-4063-A701-97D910E53DDE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval =&gt; %systemroot%\system32\MusNotification.exe  Display (No File)
Task: {8CB6BDE7-EB78-4894-861A-2BDD2979FCA4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC =&gt; %systemroot%\system32\MusNotification.exe  /RunOnAC RebootDialog (No File)
Task: {43BE4C09-A64E-412F-8B0C-189479A74B49} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery =&gt; %systemroot%\system32\MusNotification.exe  /RunOnBattery RebootDialog (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker =&gt; %systemroot%\system32\MusNotification.exe  (No File)
Task: {20B1BC03-3A11-4ED6-9063-21F3EA466028} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1323333070-3634341992-397913038-1001 =&gt; %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  /reporting (No File)
CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -&gt; "C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\4.3.2439.65\notification_helper.exe" =&gt; No File
CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{E1E57C1E-543A-42C5-A5E5-05F1A8D59F33}\localserver32 -&gt; "C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\5.6.2867.58\notification_helper.exe" =&gt; No File
ContextMenuHandlers1: [ReflectShellExt] -&gt; {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} =&gt; D:\Reflect\RContextMenu.dll -&gt; No File
ContextMenuHandlers2: [ReflectShellExt] -&gt; {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} =&gt; D:\Reflect\RContextMenu.dll -&gt; No File
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction &lt;==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction &lt;==== ATTENTION
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\0cf74124-0500-41ba-ae74-f3c5f4f9d665.tmp [2023-09-11] () &lt;==== ATTENTION [zero byte? (Error=32)]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-10288.log [2023-09-11] () &lt;==== ATTENTION [zero byte? (Error=32)]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-10544.log [2023-09-11] () &lt;==== ATTENTION [zero byte File/Folder]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-2772.log [2023-09-11] () &lt;==== ATTENTION [zero byte File/Folder]
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction &lt;==== ATTENTION
FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2023-01-02] &lt;==== ATTENTION (zero byte File/Folder)
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [147]
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "_TE16A.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "_TE38F2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "_TE50A4.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ad1bc981-dc18-445f-af4c-722616e0022a.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "70304202-db4b-403b-83ef-00fe3e7f78dd.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5b7675ae-fab0-4d1d-b14f-e59289092601.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0a09f44c-5052-44c6-a0ff-03f0aee3d716.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "03b1fe12-b65f-4d15-90a9-865bf693cb81.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "4a2a5472-50a2-4835-9a6b-131cc89c450a.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "4fbaf048-d606-45e9-ab3f-8973bf437d12.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "06ce3baa-6039-4e28-91ac-2bf36a64f88f.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6bc5b74a-08b9-406f-964e-a9f651f75cc8.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6c34148b-9b32-4806-8a10-cc2859f630ab.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7a8e4dd9-edb6-405f-ab11-4933898e91a4.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7e109536-8500-4984-b505-4c23cbcc2383.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "8b52100e-1fc1-41ff-925b-c3cc72415af3.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9d95cdc3-47d2-4767-90ef-c05451e59d34.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "31cd2e65-2cb8-4532-93db-d66789ba55d9.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "64a8d03c-a179-4a89-80ac-f8ffcd3ba462.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "70b13af5-d133-442c-87c4-162fb8d3f33c.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "102a1086-97a0-4538-8ac5-6ad5c7fa05c1.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "259c7135-cc52-4567-9739-fc73875c8efb.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "633bebe5-5c98-4fae-b934-df4b9fba1395.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "760e8487-290a-4029-8add-94cd91f45417.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "794e5f1e-2691-4e27-86b0-60ed49aaf762.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "1396a6de-e821-451e-94e9-deb8607e8df6.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "125610fa-6c7d-4d25-a3cc-1e7f302d6dbf.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "532527e9-1027-44db-a331-b12e68ead280.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "568122a3-c1de-4b8b-8e50-9c77846d5a30.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2694432a-8846-4c61-9d1f-cbc85b6a3690.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "4694941f-5b0c-4dac-9089-e4e3e5460ef2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7258065a-ccc6-48a3-9b3e-f28217024087.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "52895737-f9fa-4ef9-b5f5-502841fdc01d.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a5c1d119-5bbd-4870-b1a0-93c24ba41446.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "af4dc4dc-917d-4d63-bf5b-23948742e015.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "c296216d-cd0a-4558-910e-2735e77f5730.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "cb44c71f-3149-4e79-a1c7-ac9af0dcbe2e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "cd2030f7-593f-4651-b8ae-a390f31fecbc.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f6524bc1-d000-41c6-8980-903908fdad43.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f1478730-f32d-4ad5-a81a-c67ac8645dd6.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "1a30ef6b-6420-432a-b999-0838f4fb83ea.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f8a97030-3520-4caf-b176-4eb880818840.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f3838886-1cce-4d37-a81c-b39cd076673b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5b82d819-aac3-406c-be72-90908efdf572.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "98f520e9-c248-4920-bd26-9fef435c7e82.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7a5e678d-2aa9-4e70-89f2-f0c1245da28d.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "79a51465-ba7c-4d62-9701-3d3048e32ecb.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "e37b0cc4-a65c-47f4-b688-fe662e39b208.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a91cdadf-cf7e-4bef-9a85-ecc337f8497a.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9dde50ef-ef6f-4aeb-b336-36dcdbe3e354.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0a709337-99cf-4dbc-ac80-372ffa2bea54.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "8d825f93-a3ea-4883-8755-26b2d960f468.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "017fe334-6cac-49b0-b349-463a86ab5daf.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "26bb03ef-3f7a-442d-85d7-c89b2e529209.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "69d69dbe-119e-45a5-90dc-23408c7307f3.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "81a4b299-633c-4490-8433-f8cedaf44565.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "515c7eac-052e-4438-9cb6-abdc74e77c3b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a78fdca7-8f02-4e90-99b8-4f53290f2de7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ae1bb607-c6f2-4c3f-911e-51672deb1fb2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0d512ce0-043b-4cc4-9eee-d2e14d6096a2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2a9e72e8-0474-4545-ba29-a74478298d70.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2a2215f6-599f-455d-a13f-01643113b5f8.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2d458545-5146-406d-b73c-017278aa468b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2ddd15aa-753e-405d-af13-2c5f78600d4b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2f4808aa-1d30-4c26-a6db-4962cf596d39.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "03c081a4-a9d0-48d7-a53f-b08b079242d7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "3dc66679-6565-41dc-a410-7c87af280a48.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6e88977e-20d3-4d8e-9602-37ad6d38a238.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "8ec78666-4dc4-4a41-ab6a-1398633466bf.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9dd74573-2b65-4617-aee0-ac5ea4bdfd33.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "25d367e6-3683-480c-b1d2-08afa3bdd124.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "29c2922f-1a93-4984-9dc7-1fa7393a0d3f.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "65eeb7d8-e379-47ec-9ba8-3f28cb0fe07e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "68d28bda-c859-4638-8a6f-7c6ed1c792e6.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "74c66e7e-0d2e-43d6-8ac2-7965c3a4ed63.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "e4dce29c-5320-464c-9f66-955e2748d746.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "e83d29e9-3ec9-496e-867d-7ed5cb8ea538.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ec948785-c546-412e-b925-a0b1ca297bf5.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2b2ee02f-f502-4a32-a5e7-d48de29ad69d.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "3a3c0a6a-d034-47c9-b6e0-253f116ed8d7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5d3b0c41-50f6-4198-b8c7-261d947d419b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5fdf2624-fbd2-47f1-880f-b81c03a391cc.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6d277e08-ef57-4449-bb8e-a62ef7f66c67.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7be9dd6b-6789-4aa0-8c0c-e6f355e430b6.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9fe265bb-895f-412a-93e0-4d41ad18b74a.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "44d26f6d-fc66-474b-8686-482bae556eea.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "54d4ffda-eadf-41c2-b1b4-1001d2034eac.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "64b2424e-0197-49f7-b0b7-59c46b3bb77c.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "75a7af82-1584-45ea-8518-43bdc7982cc7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "83e803d2-3330-472e-8cf7-aee04d417ce9.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "90b8b0e0-8476-415a-8c48-ead7e6834958.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "90e201e8-00f0-4f79-b890-9d671614dcf5.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "692ce983-1587-4f20-8b3f-f6a8d94f1edf.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0754a294-5546-4c21-9d32-993ed82a980b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "3806196d-396e-4330-ba1c-fbe7753d7dd4.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a15a8d5c-a558-4b7b-903e-ed2314aeed3d.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a81bcafe-e504-4f3a-b57f-d95012a9138b.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "b6bd0f7e-4a13-4874-bb9f-ea25faf8207e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "b7efd749-d185-4745-9bc6-a396717bcf3e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "b63c40ed-956d-4c6e-9e59-ab1a70a766a7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "b91ad984-5e8a-49f7-b1a9-4e2916dfdba8.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "bce7bfa2-ad8b-42e1-beaa-9f5ff4e6a3e7.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "bcf6b9de-207a-4ec5-bd18-3c0466aa7297.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "cdb382a3-5e05-429d-9fe0-ae7e810c126e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "d1a1469e-c5a3-4c16-a9ca-43b63ceffdda.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "de5ed909-de67-4234-aad1-facdb9afb132.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "e04897ef-f9f0-4711-be21-4d00daa9f76e.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ef8e6659-1e24-47f0-a5cf-153c182e1a36.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f58ea10f-f24b-46c4-8cbf-86dd343f6022.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f734d4a0-2ab9-4c34-a6ae-23d7968193d2.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ff8386f6-9e42-4ea3-b8aa-04dc4c4a3079.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "1cbe6d1b-76dc-4da2-8fa7-4db79d0f7892.tmp"
HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ded90ef2-f596-454e-bc10-5410bc8e06ba.tmp"
2023-09-06 13:59 - 2023-01-02 14:14 - 000684984 _____ (Mozilla Foundation) C:\Users\Kaique-Vidal\AppData\LocalLow\freebl3.dll
2023-09-06 13:59 - 2023-01-02 14:14 - 000627128 _____ (Mozilla Foundation) C:\Users\Kaique-Vidal\AppData\LocalLow\mozglue.dll
2023-09-06 13:59 - 2023-01-02 14:14 - 000254392 _____ (Mozilla Foundation) C:\Users\Kaique-Vidal\AppData\LocalLow\softokn3.dll
2023-09-08 05:08 - 2023-01-17 15:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
C:\Users\KAIQUE~1\AppData\Local\Temp
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\AMDLinkDriverUpdate.xml [2023-09-11] () [File not signed]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db [2023-09-11] () [File not signed] [File is in use]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-shm [2023-09-11] () [File not signed] [File is in use]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-wal [2023-09-11] () [File not signed] [File is in use]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db.ses [2023-09-11] () [File not signed]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\InstallManagerApp [2023-09-11]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-10288.log [2023-09-11] () <==== ATTENTION [zero byte? (Error=32)]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-10544.log [2023-09-11] () <==== ATTENTION [zero byte File/Folder]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-2772.log [2023-09-11] () <==== ATTENTION [zero byte File/Folder]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\Wondershare [2023-09-11]
Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\~DF6635EAFAFC8EB9AB.TMP [2023-09-11] () [File not signed]
Task: {702A7B7A-80AF-47BA-B5BB-7C180C3C8D91} - System32\Tasks\CareCenter\HDD Regenerator_Reg_HKLMWow6432Run => C:\Program Files (x86)\HDD Regenerator\Shell.exe [89896 2012-11-18] (Abstradrome -> )
Task: {85DB902C-4B78-44CB-948A-C527F482521F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\10.2.0\Scheduler.exe [157784 2022-12-26] (IObit CO., LTD -> IObit)
Task: {248DB6EE-D58E-4198-B0B2-1D5D0785792A} - System32\Tasks\Driver Booster SkipUAC (Kaique-Vidal) => C:\Program Files (x86)\IObit\Driver Booster\10.2.0\DriverBooster.exe [9010648 2023-01-09] (IObit CO., LTD -> IObit)
Task: {949E58BA-2404-45CD-8B8F-66A18791D2B8} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.2.0\AutoUpdate.exe [2516968 2022-12-26] (IObit CO., LTD -> IObit)
S3 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
S3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [176008 2021-09-30] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)
C:\Program Files (x86)\HDD Regenerator
C:\Program Files (x86)\IObit
C:\WINDOWS\system32\DRIVERS\bddci.sys
C:\WINDOWS\System32\DRIVERS\gzflt.sys
2023-09-08 06:10 - 2023-09-08 07:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\RCS_LT
2023-09-08 06:10 - 2023-09-08 06:10 - 000000525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Combo Cleaner.lnk
2023-09-11 15:10 - 2023-01-02 14:38 - 000000000 ____D C:\Users\Kaique-Vidal\Downloads\Licença Driver Booster - Ghost Tech
2023-09-08 05:08 - 2023-02-17 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Regenerator
2023-09-08 05:08 - 2023-01-17 15:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2023-09-08 05:08 - 2023-01-02 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 10
2023-09-06 13:59 - 2023-01-02 14:14 - 000449280 _____ (Microsoft Corporation) C:\Users\Kaique-Vidal\AppData\LocalLow\msvcp140.dll
2023-09-06 13:59 - 2023-01-02 14:14 - 000254392 _____ (Mozilla Foundation) C:\Users\Kaique-Vidal\AppData\LocalLow\softokn3.dll
2023-09-06 13:59 - 2023-01-02 14:14 - 000080128 _____ (Microsoft Corporation) C:\Users\Kaique-Vidal\AppData\LocalLow\vcruntime140.dll
C:\WINDOWS\SysWOW64\version_IObitDel.dll
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#8 Kay07

Kay07
  • Topic Starter

  • Avatar image
  • Members
  • 61 posts
  • OFFLINE
    •  

Posted 12 September 2023 - 10:05 AM

I did but they still appear when restarting. and then they keep multiplying without stopping. 

Attached Files


#9 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 12 September 2023 - 12:45 PM

Did you run the fix more than once?

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#10 Kay07

Kay07
  • Topic Starter

  • Avatar image
  • Members
  • 61 posts
  • OFFLINE
    •  

Posted 12 September 2023 - 01:09 PM

only once. I was going to send a video showing the reboot, and the files it generates at the beginning to make it easier to understand. but I am prevented from posting. Anyway, they still keep appearing every time I turn on the system.

Attached Files


#11 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 12 September 2023 - 03:14 PM

As I mentioned previously this malware can resist efforts to remove it.

As I have mentioned several times before, please copy and paste report information in your reply unless asked to attach the files. If the content is too long you can use multiple posts.

Please run another scan and copy/paste the reports in your reply.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#12 Kay07

Kay07
  • Topic Starter

  • Avatar image
  • Members
  • 61 posts
  • OFFLINE
    •  

Posted 12 September 2023 - 04:48 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-09-2023

Ran by Kaique (12-09-2023 18:18:20) Run:6

Running from C:\Users\Kaique-Vidal\Documents

Loaded Profiles: Kaique

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

Start::

CloseProcesses:

HKLM\...\StartupApproved\Run32: => "HDD Regenerator"

HKLM\Software\Policies\...\system: [EnableSmartScreen] 0

HKLM-x32\...\Run: [HDD Regenerator] => C:\Program Files (x86)\HDD Regenerator\Shell.exe [89896 2012-11-18] (Abstradrome -> )

C:\Users\cofun\Downloads\MTGAInstaller.exe

HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [] =&gt; [X]

S4 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.62\elevation_service.exe" [X]

HKLM\...\Print\Monitors\HP B111 Status Monitor: hpinkstsB111LM.dll (No File)

Task: {AD038E73-97A7-4C22-B781-24530923FEEA} - System32\Tasks\IPVanish.VpnClient =&gt; C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe --taskscheduler (No File)

Task: {88284482-8E40-4918-85AD-DF86BF9D9AC0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 =&gt; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File)

CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{62fea752-045e-95c0-525b-b17487673e6e1}\InprocServer32 -&gt; 0xEDC4BC1F8704D701CE39BD1F8704D701010000000300000000000000 =&gt; No File

CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -&gt; C:\Users\cofun\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll =&gt; No File

CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{f00dfd40-8892-a2fb-f1ee-dbad4ab9f83d1}\InprocServer32 -&gt; 0x5831555555555557454C5145324B36564341554155555452393834574446303947573839 =&gt; No File

Toolbar: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -&gt; No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

FirewallRules: [{618B5357-098B-4F66-A4BC-9A98DB363F1A}] =&gt; (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe =&gt; No File

FirewallRules: [{EF111DC1-C32C-477A-851C-62DD0D7D07B3}] =&gt; (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe =&gt; No File

FirewallRules: [{33183412-9E4D-4137-A1B9-149833CB8B05}] =&gt; (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe =&gt; No File

Edge Extension: (No Name) -&gt; AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 =&gt; C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]

Edge Extension: (No Name) -&gt; BookReader_B171F20233094AC88D05A8EF7B9763E8 =&gt; C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]

Edge Extension: (No Name) -&gt; LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 =&gt; C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]

Edge Extension: (No Name) -&gt; PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 =&gt; C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]

HKU\S-1-5-21-4201938413-1014792726-983612931-1001\...\Run: [{5E9C47D5-C2A3-4B5B-9646-23F9F5362F1A}] =&gt; C:\Users\cofun\Downloads\MTGAInstaller.exe [27308152 2020-07-27] (Wizards of the Coast, LLC -&gt; Wizards of the Coast) &lt;==== ATTENTION

GroupPolicy-Firefox: Restriction &lt;==== ATTENTION

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction &lt;==== ATTENTION

HKLM\SOFTWARE\Policies\Google: Restriction &lt;==== ATTENTION

FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-prefs.js [2021-02-04] &lt;==== ATTENTION (Points to *.cfg file)

FF ExtraCheck: C:\Program Files\mozilla firefox\firefox-config.cfg [2022-09-11] &lt;==== ATTENTION

FF user.js: detected! =&gt; C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\3r48kx58.default\user.js [2022-11-17]

S2 ComboCleaner.Guard; D:\ComboCleaner.Guard.exe [X]

S2 ComboCleaner.WinService; D:\ComboCleaner.WinService.exe [X]

S3 RTCore64; \??\D:\MSI Afterburner\RTCore64.sys [X]

S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

HKLM\...\Run: [Combo Cleaner] =&gt; "D:\ComboCleaner.exe" -minimized (No File)

Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser =&gt; %SystemRoot%\System32\MbaeParserTask.exe (No File)

Task: {4A9B48DC-1623-4063-A701-97D910E53DDE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval =&gt; %systemroot%\system32\MusNotification.exe Display (No File)

Task: {8CB6BDE7-EB78-4894-861A-2BDD2979FCA4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC =&gt; %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)

Task: {43BE4C09-A64E-412F-8B0C-189479A74B49} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery =&gt; %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)

Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker =&gt; %systemroot%\system32\MusNotification.exe (No File)

Task: {20B1BC03-3A11-4ED6-9063-21F3EA466028} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1323333070-3634341992-397913038-1001 =&gt; %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)

CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -&gt; "C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\4.3.2439.65\notification_helper.exe" =&gt; No File

CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{E1E57C1E-543A-42C5-A5E5-05F1A8D59F33}\localserver32 -&gt; "C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\5.6.2867.58\notification_helper.exe" =&gt; No File

ContextMenuHandlers1: [ReflectShellExt] -&gt; {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} =&gt; D:\Reflect\RContextMenu.dll -&gt; No File

ContextMenuHandlers2: [ReflectShellExt] -&gt; {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} =&gt; D:\Reflect\RContextMenu.dll -&gt; No File

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction &lt;==== ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction &lt;==== ATTENTION

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\0cf74124-0500-41ba-ae74-f3c5f4f9d665.tmp [2023-09-11] () &lt;==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-10288.log [2023-09-11] () &lt;==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-10544.log [2023-09-11] () &lt;==== ATTENTION [zero byte File/Folder]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-2772.log [2023-09-11] () &lt;==== ATTENTION [zero byte File/Folder]

HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction &lt;==== ATTENTION

FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2023-01-02] &lt;==== ATTENTION (zero byte File/Folder)

AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [147]

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "_TE16A.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "_TE38F2.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "_TE50A4.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ad1bc981-dc18-445f-af4c-722616e0022a.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "70304202-db4b-403b-83ef-00fe3e7f78dd.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5b7675ae-fab0-4d1d-b14f-e59289092601.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0a09f44c-5052-44c6-a0ff-03f0aee3d716.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "03b1fe12-b65f-4d15-90a9-865bf693cb81.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "4a2a5472-50a2-4835-9a6b-131cc89c450a.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "4fbaf048-d606-45e9-ab3f-8973bf437d12.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "06ce3baa-6039-4e28-91ac-2bf36a64f88f.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6bc5b74a-08b9-406f-964e-a9f651f75cc8.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6c34148b-9b32-4806-8a10-cc2859f630ab.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7a8e4dd9-edb6-405f-ab11-4933898e91a4.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7e109536-8500-4984-b505-4c23cbcc2383.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "8b52100e-1fc1-41ff-925b-c3cc72415af3.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9d95cdc3-47d2-4767-90ef-c05451e59d34.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "31cd2e65-2cb8-4532-93db-d66789ba55d9.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "64a8d03c-a179-4a89-80ac-f8ffcd3ba462.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "70b13af5-d133-442c-87c4-162fb8d3f33c.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "102a1086-97a0-4538-8ac5-6ad5c7fa05c1.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "259c7135-cc52-4567-9739-fc73875c8efb.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "633bebe5-5c98-4fae-b934-df4b9fba1395.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "760e8487-290a-4029-8add-94cd91f45417.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "794e5f1e-2691-4e27-86b0-60ed49aaf762.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "1396a6de-e821-451e-94e9-deb8607e8df6.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "125610fa-6c7d-4d25-a3cc-1e7f302d6dbf.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "532527e9-1027-44db-a331-b12e68ead280.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "568122a3-c1de-4b8b-8e50-9c77846d5a30.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2694432a-8846-4c61-9d1f-cbc85b6a3690.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "4694941f-5b0c-4dac-9089-e4e3e5460ef2.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7258065a-ccc6-48a3-9b3e-f28217024087.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "52895737-f9fa-4ef9-b5f5-502841fdc01d.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a5c1d119-5bbd-4870-b1a0-93c24ba41446.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "af4dc4dc-917d-4d63-bf5b-23948742e015.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "c296216d-cd0a-4558-910e-2735e77f5730.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "cb44c71f-3149-4e79-a1c7-ac9af0dcbe2e.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "cd2030f7-593f-4651-b8ae-a390f31fecbc.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f6524bc1-d000-41c6-8980-903908fdad43.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f1478730-f32d-4ad5-a81a-c67ac8645dd6.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "1a30ef6b-6420-432a-b999-0838f4fb83ea.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f8a97030-3520-4caf-b176-4eb880818840.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f3838886-1cce-4d37-a81c-b39cd076673b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5b82d819-aac3-406c-be72-90908efdf572.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "98f520e9-c248-4920-bd26-9fef435c7e82.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7a5e678d-2aa9-4e70-89f2-f0c1245da28d.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "79a51465-ba7c-4d62-9701-3d3048e32ecb.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "e37b0cc4-a65c-47f4-b688-fe662e39b208.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a91cdadf-cf7e-4bef-9a85-ecc337f8497a.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9dde50ef-ef6f-4aeb-b336-36dcdbe3e354.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0a709337-99cf-4dbc-ac80-372ffa2bea54.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "8d825f93-a3ea-4883-8755-26b2d960f468.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "017fe334-6cac-49b0-b349-463a86ab5daf.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "26bb03ef-3f7a-442d-85d7-c89b2e529209.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "69d69dbe-119e-45a5-90dc-23408c7307f3.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "81a4b299-633c-4490-8433-f8cedaf44565.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "515c7eac-052e-4438-9cb6-abdc74e77c3b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a78fdca7-8f02-4e90-99b8-4f53290f2de7.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ae1bb607-c6f2-4c3f-911e-51672deb1fb2.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0d512ce0-043b-4cc4-9eee-d2e14d6096a2.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2a9e72e8-0474-4545-ba29-a74478298d70.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2a2215f6-599f-455d-a13f-01643113b5f8.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2d458545-5146-406d-b73c-017278aa468b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2ddd15aa-753e-405d-af13-2c5f78600d4b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2f4808aa-1d30-4c26-a6db-4962cf596d39.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "03c081a4-a9d0-48d7-a53f-b08b079242d7.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "3dc66679-6565-41dc-a410-7c87af280a48.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6e88977e-20d3-4d8e-9602-37ad6d38a238.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "8ec78666-4dc4-4a41-ab6a-1398633466bf.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9dd74573-2b65-4617-aee0-ac5ea4bdfd33.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "25d367e6-3683-480c-b1d2-08afa3bdd124.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "29c2922f-1a93-4984-9dc7-1fa7393a0d3f.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "65eeb7d8-e379-47ec-9ba8-3f28cb0fe07e.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "68d28bda-c859-4638-8a6f-7c6ed1c792e6.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "74c66e7e-0d2e-43d6-8ac2-7965c3a4ed63.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "e4dce29c-5320-464c-9f66-955e2748d746.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "e83d29e9-3ec9-496e-867d-7ed5cb8ea538.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ec948785-c546-412e-b925-a0b1ca297bf5.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2b2ee02f-f502-4a32-a5e7-d48de29ad69d.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "3a3c0a6a-d034-47c9-b6e0-253f116ed8d7.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5d3b0c41-50f6-4198-b8c7-261d947d419b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5fdf2624-fbd2-47f1-880f-b81c03a391cc.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6d277e08-ef57-4449-bb8e-a62ef7f66c67.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7be9dd6b-6789-4aa0-8c0c-e6f355e430b6.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9fe265bb-895f-412a-93e0-4d41ad18b74a.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "44d26f6d-fc66-474b-8686-482bae556eea.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "54d4ffda-eadf-41c2-b1b4-1001d2034eac.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "64b2424e-0197-49f7-b0b7-59c46b3bb77c.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "75a7af82-1584-45ea-8518-43bdc7982cc7.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "83e803d2-3330-472e-8cf7-aee04d417ce9.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "90b8b0e0-8476-415a-8c48-ead7e6834958.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "90e201e8-00f0-4f79-b890-9d671614dcf5.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "692ce983-1587-4f20-8b3f-f6a8d94f1edf.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0754a294-5546-4c21-9d32-993ed82a980b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "3806196d-396e-4330-ba1c-fbe7753d7dd4.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a15a8d5c-a558-4b7b-903e-ed2314aeed3d.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a81bcafe-e504-4f3a-b57f-d95012a9138b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "b6bd0f7e-4a13-4874-bb9f-ea25faf8207e.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "b7efd749-d185-4745-9bc6-a396717bcf3e.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "b63c40ed-956d-4c6e-9e59-ab1a70a766a7.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "b91ad984-5e8a-49f7-b1a9-4e2916dfdba8.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "bce7bfa2-ad8b-42e1-beaa-9f5ff4e6a3e7.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "bcf6b9de-207a-4ec5-bd18-3c0466aa7297.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "cdb382a3-5e05-429d-9fe0-ae7e810c126e.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "d1a1469e-c5a3-4c16-a9ca-43b63ceffdda.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "de5ed909-de67-4234-aad1-facdb9afb132.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "e04897ef-f9f0-4711-be21-4d00daa9f76e.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ef8e6659-1e24-47f0-a5cf-153c182e1a36.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f58ea10f-f24b-46c4-8cbf-86dd343f6022.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f734d4a0-2ab9-4c34-a6ae-23d7968193d2.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ff8386f6-9e42-4ea3-b8aa-04dc4c4a3079.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "1cbe6d1b-76dc-4da2-8fa7-4db79d0f7892.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ded90ef2-f596-454e-bc10-5410bc8e06ba.tmp"

2023-09-06 13:59 - 2023-01-02 14:14 - 000684984 _____ (Mozilla Foundation) C:\Users\Kaique-Vidal\AppData\LocalLow\freebl3.dll

2023-09-06 13:59 - 2023-01-02 14:14 - 000627128 _____ (Mozilla Foundation) C:\Users\Kaique-Vidal\AppData\LocalLow\mozglue.dll

2023-09-06 13:59 - 2023-01-02 14:14 - 000254392 _____ (Mozilla Foundation) C:\Users\Kaique-Vidal\AppData\LocalLow\softokn3.dll

2023-09-08 05:08 - 2023-01-17 15:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico

C:\Users\KAIQUE~1\AppData\Local\Temp

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\AMDLinkDriverUpdate.xml [2023-09-11] () [File not signed]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db [2023-09-11] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-shm [2023-09-11] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-wal [2023-09-11] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db.ses [2023-09-11] () [File not signed]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\InstallManagerApp [2023-09-11]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-10288.log [2023-09-11] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-10544.log [2023-09-11] () <==== ATTENTION [zero byte File/Folder]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-2772.log [2023-09-11] () <==== ATTENTION [zero byte File/Folder]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\Wondershare [2023-09-11]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\~DF6635EAFAFC8EB9AB.TMP [2023-09-11] () [File not signed]

Task: {702A7B7A-80AF-47BA-B5BB-7C180C3C8D91} - System32\Tasks\CareCenter\HDD Regenerator_Reg_HKLMWow6432Run => C:\Program Files (x86)\HDD Regenerator\Shell.exe [89896 2012-11-18] (Abstradrome -> )

Task: {85DB902C-4B78-44CB-948A-C527F482521F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\10.2.0\Scheduler.exe [157784 2022-12-26] (IObit CO., LTD -> IObit)

Task: {248DB6EE-D58E-4198-B0B2-1D5D0785792A} - System32\Tasks\Driver Booster SkipUAC (Kaique-Vidal) => C:\Program Files (x86)\IObit\Driver Booster\10.2.0\DriverBooster.exe [9010648 2023-01-09] (IObit CO., LTD -> IObit)

Task: {949E58BA-2404-45CD-8B8F-66A18791D2B8} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.2.0\AutoUpdate.exe [2516968 2022-12-26] (IObit CO., LTD -> IObit)

S3 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)

S3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [176008 2021-09-30] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)

C:\Program Files (x86)\HDD Regenerator

C:\Program Files (x86)\IObit

C:\WINDOWS\system32\DRIVERS\bddci.sys

C:\WINDOWS\System32\DRIVERS\gzflt.sys

2023-09-08 06:10 - 2023-09-08 07:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\RCS_LT

2023-09-08 06:10 - 2023-09-08 06:10 - 000000525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Combo Cleaner.lnk

2023-09-11 15:10 - 2023-01-02 14:38 - 000000000 ____D C:\Users\Kaique-Vidal\Downloads\Licença Driver Booster - Ghost Tech

2023-09-08 05:08 - 2023-02-17 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Regenerator

2023-09-08 05:08 - 2023-01-17 15:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico

2023-09-08 05:08 - 2023-01-02 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 10

2023-09-06 13:59 - 2023-01-02 14:14 - 000449280 _____ (Microsoft Corporation) C:\Users\Kaique-Vidal\AppData\LocalLow\msvcp140.dll

2023-09-06 13:59 - 2023-01-02 14:14 - 000254392 _____ (Mozilla Foundation) C:\Users\Kaique-Vidal\AppData\LocalLow\softokn3.dll

2023-09-06 13:59 - 2023-01-02 14:14 - 000080128 _____ (Microsoft Corporation) C:\Users\Kaique-Vidal\AppData\LocalLow\vcruntime140.dll

C:\WINDOWS\SysWOW64\version_IObitDel.dll

cmd: netsh winsock reset catalog

cmd: netsh int ip reset resetlog.txt

cmd: netsh advfirewall reset

cmd: netsh advfirewall set allprofiles state ON

cmd: bitsadmin /reset /allusers

cmd: ipconfig /flushdns

Removeproxy:

hosts:

cmd: sfc /scannow

cmd: DISM /Online /Cleanup-Image /CheckHealth

Emptytemp:

End::

*****************

 

Processes closed successfully.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\HDD Regenerator" => not found

"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HDD Regenerator" => not found

"HKLM\Software\Policies\Microsoft\Windows\System\\EnableSmartScreen" => not found

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HDD Regenerator" => not found

"C:\Users\cofun\Downloads\MTGAInstaller.exe" => not found

"HKU\S-1-5-21-4201938413-1014792726-983612931-1001\Software\Microsoft\Windows\CurrentVersion\Run" => not found

BraveElevationService => service not found.

HKLM\System\CurrentControlSet\Control\Print\Monitors\HP B111 Status Monitor => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD038E73-97A7-4C22-B781-24530923FEEA}" => not found

"C:\WINDOWS\System32\Tasks\IPVanish.VpnClient =&gt; C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe --taskscheduler (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IPVanish.VpnClient =&gt; C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe --taskscheduler (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88284482-8E40-4918-85AD-DF86BF9D9AC0}" => not found

"C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 =&gt; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 =&gt; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File)" => not found

"CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{62fea752-045e-95c0-525b-b17487673e6e1}\InprocServer32 -&gt; 0xEDC4BC1F8704D701CE39BD1F8704D701010000000300000000000000 =&gt; No File" => not found

"CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -&gt; C:\Users\cofun\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll =&gt; No File" => not found

"CustomCLSID: HKU\S-1-5-21-4201938413-1014792726-983612931-1001_Classes\CLSID\{f00dfd40-8892-a2fb-f1ee-dbad4ab9f83d1}\InprocServer32 -&gt; 0x5831555555555557454C5145324B36564341554155555452393834574446303947573839 =&gt; No File" => not found

"HKU\Toolbar: HKU\S-1-5-21-4201938413-1014792726-983612931-1001 -&gt; No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" => not found

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules: [{618B5357-098B-4F66-A4BC-9A98DB363F1A}] =&gt; (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe =&gt; No File" => not found

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules: [{EF111DC1-C32C-477A-851C-62DD0D7D07B3}] =&gt; (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe =&gt; No File" => not found

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FirewallRules: [{33183412-9E4D-4137-A1B9-149833CB8B05}] =&gt; (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe =&gt; No File" => not found

Edge Extension: (No Name) -&gt; AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 =&gt; C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] => Error: No automatic fix found for this entry.

Edge Extension: (No Name) -&gt; BookReader_B171F20233094AC88D05A8EF7B9763E8 =&gt; C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] => Error: No automatic fix found for this entry.

Edge Extension: (No Name) -&gt; LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 =&gt; C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] => Error: No automatic fix found for this entry.

Edge Extension: (No Name) -&gt; PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 =&gt; C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] => Error: No automatic fix found for this entry.

"HKU\S-1-5-21-4201938413-1014792726-983612931-1001\Software\Microsoft\Windows\CurrentVersion\Run" => not found

"C:\Program Files\Mozilla Firefox\distribution\policies.json" => not found

HKLM\SOFTWARE\Policies\Mozilla => not found

HKLM\SOFTWARE\Policies\Google => not found

"C:\Program Files\mozilla firefox\defaults\pref\firefox-prefs.js" => not found

"C:\Program Files\mozilla firefox\firefox-config.cfg" => not found

"C:\Users\cofun\AppData\Roaming\Mozilla\Firefox\Profiles\3r48kx58.default\user.js" => not found

ComboCleaner.Guard => service not found.

ComboCleaner.WinService => service not found.

RTCore64 => service not found.

WinSetupMon => service not found.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HKLM\...\Run: [Combo Cleaner] =&gt; "D:\ComboCleaner.exe" -minimized (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => not found

"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser =&gt; %SystemRoot%\System32\MbaeParserTask.exe (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser =&gt; %SystemRoot%\System32\MbaeParserTask.exe (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A9B48DC-1623-4063-A701-97D910E53DDE}" => not found

"C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval =&gt; %systemroot%\system32\MusNotification.exe Display (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval =&gt; %systemroot%\system32\MusNotification.exe Display (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CB6BDE7-EB78-4894-861A-2BDD2979FCA4}" => not found

"C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC =&gt; %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC =&gt; %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43BE4C09-A64E-412F-8B0C-189479A74B49}" => not found

"C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery =&gt; %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery =&gt; %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => not found

"C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker =&gt; %systemroot%\system32\MusNotification.exe (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker =&gt; %systemroot%\system32\MusNotification.exe (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20B1BC03-3A11-4ED6-9063-21F3EA466028}" => not found

"C:\WINDOWS\System32\Tasks\OneDrive Reporting Task-S-1-5-21-1323333070-3634341992-397913038-1001 =&gt; %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Reporting Task-S-1-5-21-1323333070-3634341992-397913038-1001 =&gt; %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)" => not found

"CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -&gt; "C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\4.3.2439.65\notification_helper.exe" =&gt; No File" => not found

"CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{E1E57C1E-543A-42C5-A5E5-05F1A8D59F33}\localserver32 -&gt; "C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\5.6.2867.58\notification_helper.exe" =&gt; No File" => not found

"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ContextMenuHandlers1: [ReflectShellExt] -&gt; {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} =&gt; D:\Reflect\RContextMenu.dll -&gt; No File" => not found

"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ContextMenuHandlers2: [ReflectShellExt] -&gt; {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} =&gt; D:\Reflect\RContextMenu.dll -&gt; No File" => not found

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => not found

HKLM\SOFTWARE\Policies\Microsoft\MRT => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\0cf74124-0500-41ba-ae74-f3c5f4f9d665.tmp" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-10288.log" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-10544.log" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-2772.log" => not found

HKLM\SOFTWARE\Policies\Microsoft\Edge => not found

"C:\WINDOWS\SysWOW64\version_IObitDel.dll" => not found

"C:\ProgramData\TEMP" => ":B755D674" ADS not found.

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "_TE16A.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "_TE16A.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "_TE38F2.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "_TE38F2.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "_TE50A4.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "_TE50A4.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ad1bc981-dc18-445f-af4c-722616e0022a.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ad1bc981-dc18-445f-af4c-722616e0022a.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "70304202-db4b-403b-83ef-00fe3e7f78dd.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "70304202-db4b-403b-83ef-00fe3e7f78dd.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5b7675ae-fab0-4d1d-b14f-e59289092601.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5b7675ae-fab0-4d1d-b14f-e59289092601.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0a09f44c-5052-44c6-a0ff-03f0aee3d716.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0a09f44c-5052-44c6-a0ff-03f0aee3d716.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "03b1fe12-b65f-4d15-90a9-865bf693cb81.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "03b1fe12-b65f-4d15-90a9-865bf693cb81.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "4a2a5472-50a2-4835-9a6b-131cc89c450a.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "4a2a5472-50a2-4835-9a6b-131cc89c450a.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "4fbaf048-d606-45e9-ab3f-8973bf437d12.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "4fbaf048-d606-45e9-ab3f-8973bf437d12.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "06ce3baa-6039-4e28-91ac-2bf36a64f88f.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "06ce3baa-6039-4e28-91ac-2bf36a64f88f.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6bc5b74a-08b9-406f-964e-a9f651f75cc8.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6bc5b74a-08b9-406f-964e-a9f651f75cc8.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6c34148b-9b32-4806-8a10-cc2859f630ab.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6c34148b-9b32-4806-8a10-cc2859f630ab.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7a8e4dd9-edb6-405f-ab11-4933898e91a4.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7a8e4dd9-edb6-405f-ab11-4933898e91a4.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7e109536-8500-4984-b505-4c23cbcc2383.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7e109536-8500-4984-b505-4c23cbcc2383.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "8b52100e-1fc1-41ff-925b-c3cc72415af3.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "8b52100e-1fc1-41ff-925b-c3cc72415af3.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9d95cdc3-47d2-4767-90ef-c05451e59d34.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9d95cdc3-47d2-4767-90ef-c05451e59d34.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "31cd2e65-2cb8-4532-93db-d66789ba55d9.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "31cd2e65-2cb8-4532-93db-d66789ba55d9.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "64a8d03c-a179-4a89-80ac-f8ffcd3ba462.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "64a8d03c-a179-4a89-80ac-f8ffcd3ba462.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "70b13af5-d133-442c-87c4-162fb8d3f33c.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "70b13af5-d133-442c-87c4-162fb8d3f33c.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "102a1086-97a0-4538-8ac5-6ad5c7fa05c1.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "102a1086-97a0-4538-8ac5-6ad5c7fa05c1.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "259c7135-cc52-4567-9739-fc73875c8efb.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "259c7135-cc52-4567-9739-fc73875c8efb.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "633bebe5-5c98-4fae-b934-df4b9fba1395.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "633bebe5-5c98-4fae-b934-df4b9fba1395.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "760e8487-290a-4029-8add-94cd91f45417.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "760e8487-290a-4029-8add-94cd91f45417.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "794e5f1e-2691-4e27-86b0-60ed49aaf762.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "794e5f1e-2691-4e27-86b0-60ed49aaf762.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "1396a6de-e821-451e-94e9-deb8607e8df6.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "1396a6de-e821-451e-94e9-deb8607e8df6.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "125610fa-6c7d-4d25-a3cc-1e7f302d6dbf.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "125610fa-6c7d-4d25-a3cc-1e7f302d6dbf.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "532527e9-1027-44db-a331-b12e68ead280.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "532527e9-1027-44db-a331-b12e68ead280.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "568122a3-c1de-4b8b-8e50-9c77846d5a30.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "568122a3-c1de-4b8b-8e50-9c77846d5a30.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2694432a-8846-4c61-9d1f-cbc85b6a3690.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2694432a-8846-4c61-9d1f-cbc85b6a3690.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "4694941f-5b0c-4dac-9089-e4e3e5460ef2.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "4694941f-5b0c-4dac-9089-e4e3e5460ef2.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7258065a-ccc6-48a3-9b3e-f28217024087.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7258065a-ccc6-48a3-9b3e-f28217024087.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "52895737-f9fa-4ef9-b5f5-502841fdc01d.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "52895737-f9fa-4ef9-b5f5-502841fdc01d.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a5c1d119-5bbd-4870-b1a0-93c24ba41446.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a5c1d119-5bbd-4870-b1a0-93c24ba41446.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "af4dc4dc-917d-4d63-bf5b-23948742e015.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "af4dc4dc-917d-4d63-bf5b-23948742e015.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "c296216d-cd0a-4558-910e-2735e77f5730.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "c296216d-cd0a-4558-910e-2735e77f5730.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "cb44c71f-3149-4e79-a1c7-ac9af0dcbe2e.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "cb44c71f-3149-4e79-a1c7-ac9af0dcbe2e.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "cd2030f7-593f-4651-b8ae-a390f31fecbc.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "cd2030f7-593f-4651-b8ae-a390f31fecbc.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f6524bc1-d000-41c6-8980-903908fdad43.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f6524bc1-d000-41c6-8980-903908fdad43.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f1478730-f32d-4ad5-a81a-c67ac8645dd6.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f1478730-f32d-4ad5-a81a-c67ac8645dd6.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "1a30ef6b-6420-432a-b999-0838f4fb83ea.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "1a30ef6b-6420-432a-b999-0838f4fb83ea.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f8a97030-3520-4caf-b176-4eb880818840.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f8a97030-3520-4caf-b176-4eb880818840.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f3838886-1cce-4d37-a81c-b39cd076673b.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "f3838886-1cce-4d37-a81c-b39cd076673b.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5b82d819-aac3-406c-be72-90908efdf572.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5b82d819-aac3-406c-be72-90908efdf572.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "98f520e9-c248-4920-bd26-9fef435c7e82.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "98f520e9-c248-4920-bd26-9fef435c7e82.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7a5e678d-2aa9-4e70-89f2-f0c1245da28d.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7a5e678d-2aa9-4e70-89f2-f0c1245da28d.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "79a51465-ba7c-4d62-9701-3d3048e32ecb.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "79a51465-ba7c-4d62-9701-3d3048e32ecb.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "e37b0cc4-a65c-47f4-b688-fe662e39b208.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "e37b0cc4-a65c-47f4-b688-fe662e39b208.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a91cdadf-cf7e-4bef-9a85-ecc337f8497a.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a91cdadf-cf7e-4bef-9a85-ecc337f8497a.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9dde50ef-ef6f-4aeb-b336-36dcdbe3e354.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9dde50ef-ef6f-4aeb-b336-36dcdbe3e354.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0a709337-99cf-4dbc-ac80-372ffa2bea54.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0a709337-99cf-4dbc-ac80-372ffa2bea54.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "8d825f93-a3ea-4883-8755-26b2d960f468.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "8d825f93-a3ea-4883-8755-26b2d960f468.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "017fe334-6cac-49b0-b349-463a86ab5daf.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "017fe334-6cac-49b0-b349-463a86ab5daf.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "26bb03ef-3f7a-442d-85d7-c89b2e529209.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "26bb03ef-3f7a-442d-85d7-c89b2e529209.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "69d69dbe-119e-45a5-90dc-23408c7307f3.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "69d69dbe-119e-45a5-90dc-23408c7307f3.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "81a4b299-633c-4490-8433-f8cedaf44565.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "81a4b299-633c-4490-8433-f8cedaf44565.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "515c7eac-052e-4438-9cb6-abdc74e77c3b.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "515c7eac-052e-4438-9cb6-abdc74e77c3b.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a78fdca7-8f02-4e90-99b8-4f53290f2de7.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a78fdca7-8f02-4e90-99b8-4f53290f2de7.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ae1bb607-c6f2-4c3f-911e-51672deb1fb2.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ae1bb607-c6f2-4c3f-911e-51672deb1fb2.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0d512ce0-043b-4cc4-9eee-d2e14d6096a2.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0d512ce0-043b-4cc4-9eee-d2e14d6096a2.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2a9e72e8-0474-4545-ba29-a74478298d70.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2a9e72e8-0474-4545-ba29-a74478298d70.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2a2215f6-599f-455d-a13f-01643113b5f8.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2a2215f6-599f-455d-a13f-01643113b5f8.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2d458545-5146-406d-b73c-017278aa468b.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2d458545-5146-406d-b73c-017278aa468b.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2ddd15aa-753e-405d-af13-2c5f78600d4b.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2ddd15aa-753e-405d-af13-2c5f78600d4b.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2f4808aa-1d30-4c26-a6db-4962cf596d39.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2f4808aa-1d30-4c26-a6db-4962cf596d39.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "03c081a4-a9d0-48d7-a53f-b08b079242d7.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "03c081a4-a9d0-48d7-a53f-b08b079242d7.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "3dc66679-6565-41dc-a410-7c87af280a48.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "3dc66679-6565-41dc-a410-7c87af280a48.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6e88977e-20d3-4d8e-9602-37ad6d38a238.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6e88977e-20d3-4d8e-9602-37ad6d38a238.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "8ec78666-4dc4-4a41-ab6a-1398633466bf.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "8ec78666-4dc4-4a41-ab6a-1398633466bf.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9dd74573-2b65-4617-aee0-ac5ea4bdfd33.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9dd74573-2b65-4617-aee0-ac5ea4bdfd33.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "25d367e6-3683-480c-b1d2-08afa3bdd124.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "25d367e6-3683-480c-b1d2-08afa3bdd124.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "29c2922f-1a93-4984-9dc7-1fa7393a0d3f.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "29c2922f-1a93-4984-9dc7-1fa7393a0d3f.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "65eeb7d8-e379-47ec-9ba8-3f28cb0fe07e.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "65eeb7d8-e379-47ec-9ba8-3f28cb0fe07e.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "68d28bda-c859-4638-8a6f-7c6ed1c792e6.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "68d28bda-c859-4638-8a6f-7c6ed1c792e6.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "74c66e7e-0d2e-43d6-8ac2-7965c3a4ed63.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "74c66e7e-0d2e-43d6-8ac2-7965c3a4ed63.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "e4dce29c-5320-464c-9f66-955e2748d746.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "e4dce29c-5320-464c-9f66-955e2748d746.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "e83d29e9-3ec9-496e-867d-7ed5cb8ea538.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "e83d29e9-3ec9-496e-867d-7ed5cb8ea538.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ec948785-c546-412e-b925-a0b1ca297bf5.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "ec948785-c546-412e-b925-a0b1ca297bf5.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2b2ee02f-f502-4a32-a5e7-d48de29ad69d.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "2b2ee02f-f502-4a32-a5e7-d48de29ad69d.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "3a3c0a6a-d034-47c9-b6e0-253f116ed8d7.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "3a3c0a6a-d034-47c9-b6e0-253f116ed8d7.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5d3b0c41-50f6-4198-b8c7-261d947d419b.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5d3b0c41-50f6-4198-b8c7-261d947d419b.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5fdf2624-fbd2-47f1-880f-b81c03a391cc.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "5fdf2624-fbd2-47f1-880f-b81c03a391cc.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6d277e08-ef57-4449-bb8e-a62ef7f66c67.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "6d277e08-ef57-4449-bb8e-a62ef7f66c67.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7be9dd6b-6789-4aa0-8c0c-e6f355e430b6.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "7be9dd6b-6789-4aa0-8c0c-e6f355e430b6.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9fe265bb-895f-412a-93e0-4d41ad18b74a.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "9fe265bb-895f-412a-93e0-4d41ad18b74a.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "44d26f6d-fc66-474b-8686-482bae556eea.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "44d26f6d-fc66-474b-8686-482bae556eea.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "54d4ffda-eadf-41c2-b1b4-1001d2034eac.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "54d4ffda-eadf-41c2-b1b4-1001d2034eac.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "64b2424e-0197-49f7-b0b7-59c46b3bb77c.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "64b2424e-0197-49f7-b0b7-59c46b3bb77c.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "75a7af82-1584-45ea-8518-43bdc7982cc7.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "75a7af82-1584-45ea-8518-43bdc7982cc7.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "83e803d2-3330-472e-8cf7-aee04d417ce9.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "83e803d2-3330-472e-8cf7-aee04d417ce9.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "90b8b0e0-8476-415a-8c48-ead7e6834958.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "90b8b0e0-8476-415a-8c48-ead7e6834958.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "90e201e8-00f0-4f79-b890-9d671614dcf5.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "90e201e8-00f0-4f79-b890-9d671614dcf5.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "692ce983-1587-4f20-8b3f-f6a8d94f1edf.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "692ce983-1587-4f20-8b3f-f6a8d94f1edf.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0754a294-5546-4c21-9d32-993ed82a980b.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "0754a294-5546-4c21-9d32-993ed82a980b.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "3806196d-396e-4330-ba1c-fbe7753d7dd4.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "3806196d-396e-4330-ba1c-fbe7753d7dd4.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a15a8d5c-a558-4b7b-903e-ed2314aeed3d.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a15a8d5c-a558-4b7b-903e-ed2314aeed3d.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a81bcafe-e504-4f3a-b57f-d95012a9138b.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "a81bcafe-e504-4f3a-b57f-d95012a9138b.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "b6bd0f7e-4a13-4874-bb9f-ea25faf8207e.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "b6bd0f7e-4a13-4874-bb9f-ea25faf8207e.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "b7efd749-d185-4745-9bc6-a396717bcf3e.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "b7efd749-d185-4745-9bc6-a396717bcf3e.tmp"" => not found

"C:\Users\KAIQUE~1\AppData\Local\Temp\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt; "b63c40ed-956d-4c6e-9e59-ab1a70a766a7.tmp"" => not found

"HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: =&gt;


#13 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 12 September 2023 - 05:42 PM

I would like you to run a Scan rather than a Fix and copy/paste the FRST.txt and Addition.txt reports in your reply.

We will most likely have to run another Fix a special way to try to rid your computer of the malware. It was difficult to get rid of this infection with the last user I helped.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#14 Kay07

Kay07
  • Topic Starter

  • Avatar image
  • Members
  • 61 posts
  • OFFLINE
    •  

Posted 12 September 2023 - 09:27 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2023

Ran by Kaique (administrator) on DESKTOP-RTLM44P (Acer Aspire A515-45) (12-09-2023 22:09:08)

Running from C:\Users\Kaique-Vidal\Documents\EnglishFRST64.exe

Loaded Profiles: Kaique

Platform: Microsoft Windows 11 Pro Version 22H2 22621.2134 (X64) Language: Português (Brasil)

Default browser: Opera

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe

(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.141\BraveCrashHandler.exe

(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.141\BraveCrashHandler64.exe

(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe

(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe

(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe

(C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\msedgewebview2.exe <12>

(cmd.exe ->) (Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMMsgHost.exe

(DriverStore\FileRepository͠754.inf_amd64_7d6765da852a002c\B360708\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͠754.inf_amd64_7d6765da852a002c\B360708\atieclxx.exe

(explorer.exe ->) (Fortect LTD -> Fortect Ltd.) C:\Program Files\Fortect\bin\FortectTray.exe

(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <82>

(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) [File not signed] C:\Program Files\Macrium\Common\ReflectUI.exe

(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe

(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe

(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe

(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͠754.inf_amd64_7d6765da852a002c\B360708\atiesrxx.exe

(services.exe ->) (Fortect LTD -> Fortect Ltd.) C:\Program Files\Fortect\bin\MainDaemon.exe

(services.exe ->) (Fortect LTD -> Fortect LTD.) C:\Program Files\Fortect\MainService.exe

(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe

(services.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) [File not signed] C:\Program Files\Macrium\Common\MacriumService.exe

(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f7fdb960c5e8ef2a\RtkAudUService64.exe <2>

(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(svchost.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe

(svchost.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe

(svchost.exe ->) (FxSound, LLC -> FxSound LLC) C:\Program Files\FxSound LLC\FxSound\FxSound.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe

(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f7fdb960c5e8ef2a\RtkAudUService64.exe [1272664 2021-07-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [9926928 2023-09-06] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) [File not signed]

HKLM\...\Run: [Combo Cleaner] => "D:\ComboCleaner.exe" -minimized (No File)

HKLM\...\Run: [Fortect] => C:\Program Files\Fortect\bin\FortectTray.exe [462296 2023-08-17] (Fortect LTD -> Fortect Ltd.)

HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126403424 2022-03-21] (Microsoft Corporation -> Microsoft Corporation)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)

HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1

HKLM\Software\Policies\...\system: [PublishUserActivities] 0

HKLM\Software\Policies\...\system: [UploadUserActivities] 0

HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0

HKLM\Software\Policies\...\system: [EnableActivityFeed] 0

HKLM\Software\Policies\...\system: [EnableCdp] 0

HKLM\Software\Policies\...\system: [EnableMmx] 0

HKLM\Software\Policies\...\system: [RSoPLogging] 0

HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [2450336 2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [2450336 2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [MicrosoftEdgeAutoLaunch_90C0C776FC4CC570E7FB3277B161E7B0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108344 2023-09-07] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5878784 2022-12-03] (Tonec Inc.) [File not signed]

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [Opera Stable] => C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\launcher.exe [2730912 2023-08-09] (Opera Norway AS -> Opera Software)

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIYXE.EXE [485976 2020-09-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Run: [GoogleChromeAutoLaunch_B7C06C68F464209BF2BA4F21CB7E80AF] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [3219744 2023-09-04] (Google LLC -> Google LLC)

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Policies\Explorer: [HideSCAMeetNow] 1

HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.188\Installer\chrmstp.exe [2023-09-12] (Google LLC -> Google LLC)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.64\Installer\chrmstp.exe [2023-09-12] (Brave Software, Inc. -> Brave Software, Inc.)

HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\.opera [2023-09-12]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\00ba8470-0bb0-4a3c-ad6b-decf74ac56f4.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\02942418-11f8-41ca-b8d1-0bbfe475ee18.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\0479ca4c-f468-4a98-b7b3-37e7b388870e.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\07dbb5ba-480c-4da3-b1e5-50692d439c6a.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\0bde356e-9261-43b5-b14a-4fd880da33c5.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\0becd06a-ebbb-4a06-9e1e-1863e906ca34.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\0dace01b-4e31-4c4e-a5a0-4703f0980f7b.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\15174c12-75c8-472c-891b-091e6c9dbe71.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\15e6a057-d22b-4043-aca4-db200acf25c2.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\174524c4-35b8-4d3a-bb19-162cc0bf8db4.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\1b847e2c-d7d6-4782-a08a-45c29f467053.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\1b9b829c-913d-4d9c-906d-90c1ad05369f.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\1c3d756f-cf12-4406-8ad0-59eec536040a.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\1c81c251-4e60-46f7-ac98-c1bed9fcf242.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\1fdc9056-6fe4-4d58-9f19-35eba47c57ca.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\25ee928e-0657-4411-920e-06cc6662ea18.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\2707eb08-4b5e-441f-9438-32ba1d7be898.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\2858238d-2cbe-4633-81a1-6c79e57b4af7.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\2acd7a6e-9868-4a77-8e18-de2215183b73.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\2f0a77c1-ddb3-4ae1-8f2a-768ce9a0d394.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\3525bcad-a153-48c2-baea-9d1d567fb49c.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\35cdd6bb-88f7-4d97-a3fa-02131100a8ce.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\3c721c48-f979-4674-acff-cee1ee1d89d4.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\3cee1596-7a80-4f42-9150-a0cad46321f1.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\42cb3e1d-5ee3-4473-93e1-925745030850.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\446c018b-01eb-4002-9bc4-b16a879ae3c2.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\45823692-52ed-4e25-a93a-9f183445c0af.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\46de1b23-397e-4e1a-8075-a255a5acd2cc.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\4713bd67-5c3d-4ead-bf41-38565eecc64b.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\4f165e1b-0c02-4b62-89c1-dc00d139c2c8.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\5334d2dc-09b5-4d53-8aa9-519d9ddd85ed.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\5613ffd5-c51a-495a-9960-93e1f54a5ec3.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\59f92524-c124-4d84-b80d-0859db8605d1.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\5a657285-36cc-4f0c-a639-c2017daf8b0d.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\5d20146a-5686-4a68-8cab-376c8288a7bf.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\65964f8c-1718-450c-858a-7eaed76c0b4b.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\6b3fdc32-5277-4fb1-bc32-608a017be6e4.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\75ae0626-d333-4593-b1c5-526c45ccd17d.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\7c16da1f-2749-492b-9cc9-b18859ae5fc7.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\804cd446-527b-4436-8493-dc1dbff5950d.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\847ede16-d795-4bd1-ac95-2c147d93bed1.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\88cbf3ab-4410-4a9f-88a7-1bffaea9d83a.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\892d2dc9-957c-4386-a93a-6cae18514adc.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\8be321de-b6b7-4d2d-a62c-91d5b1ee7588.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\8bea1ad5-33e0-44d2-82a2-833db7c9b215.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\8c43e1ef-bffb-494a-bee6-8b1ca3450dc1.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\8d9ab006-ac84-45d9-ac6c-b37fa90ed1a5.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\8dc1ea81-7cd7-4f19-ab1f-a402889df513.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\961b48dd-4b49-416d-b527-de9e59a1477e.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\96a0760f-837f-42d2-9af0-b0768266ce29.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\9f142f2f-3b09-48d3-a26a-372d7a397b82.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\a1fcc367-025b-450b-aaa1-f20a2cebb3f4.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\a712a6d5-158b-4444-8bda-f8cee1a26b35.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\aae2d259-b57f-433c-ba02-adae7bc858ff.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\acrobat_sbx [2023-09-12]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\acrord32_super_sbx [2023-09-12]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\AdobeARM.log [2023-09-12] () [File not signed]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\ae9bf621-72d6-4253-bc5e-2022fc520914.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\AMDLinkDriverUpdate.xml [2023-09-12] () [File not signed]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\assistant_installer_20230912182905.log [2023-09-12] () [File not signed]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\b39b48c2-de7a-42b2-9e19-c9cf764fa93f.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\b513073c-dc67-4645-b76c-5e87214ce761.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-shm [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-wal [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db.ses [2023-09-12] () [File not signed]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\bd83c354-cd8b-4284-8b35-2d22acb152cc.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\cb0f8f49-b6d7-4237-99a6-be22a530c999.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\cb8b672e-0af1-49a3-b623-a56bf974be59.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\cbcf7044-377d-4f8a-bd98-47cba41bbe1c.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\cc300ade-c2d9-42a8-9f4a-67966e614af3.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\chrome_BITS_1856_436215170 [2023-09-12]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\CUsersKaique-VidalAppDataLocalProgramsOpera101.0.4843.43opera_autoupdate.download.lock [2023-09-12] () <==== ATTENTION [zero byte File/Folder]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\d10f4a6a-dc49-4793-8b7c-8c0e5d5fd14e.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\db3a1255-4dd9-4fd8-810b-9e456fb5ffb4.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\df859b5a-94a1-43e8-80d2-d121b0dd5a7b.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\dfd4c7eb-dadf-48af-aa6c-c3be93353886.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\e2094844-322b-4369-8a8e-54dac079c092.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\e5e4a5e9-55db-4393-ad83-1c36b0baa494.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\e6eb4cdb-f59f-4b49-9faf-88a32bbdb45a.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\e7d83b31-d309-46d7-b829-fd460efae0b9.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\ec9d76b9-6202-4abe-81aa-bf8557fe3b15.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\efcd53e8-4eb3-474a-bd17-a62f3fb2d6c4.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\f0249bd9-7ea3-409a-ab59-79a9509021b5.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\f2a5be5a-19b6-4a5c-9935-9f2471d88157.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\f7aa3e4f-dbed-480b-9b8f-2037bc014d2e.tmp [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\fa9885ea-8514-49fd-b51b-5ce809aafe1e.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\fe20ea2c-9c87-41c2-b48f-0dcf7117766e.tmp [2023-09-12] () [File not signed] [File is in use]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\InstallManagerApp [2023-09-12]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-9640.log [2023-09-12] () <==== ATTENTION [zero byte File/Folder]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\mat-debug-9816.log [2023-09-12] () <==== ATTENTION [zero byte? (Error=32)]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\SoftwareUpdate_Temp [2023-09-12]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\UpgradeTool [2023-09-12]

Startup: C:\Users\KAIQUE~1\AppData\Local\Temp\{B0A05933-3A49-4A10-BD39-FFF769AB742A} - OProcSessId.dat [2023-09-12] () <==== ATTENTION [zero byte File/Folder]

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

 

==================== Scheduled Tasks (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {14AEE567-C7D4-46E1-87F3-6AEF309B8C71} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2971808 2021-12-30] (Acer Incorporated -> )

Task: {CBB2F878-4C5E-4040-AE11-47D1DE10B336} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41632 2021-12-30] (Acer Incorporated -> )

Task: {08359467-FAD8-4199-BBC0-8611C01D4970} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4836512 2021-12-30] (Acer Incorporated -> )

Task: {B4154F09-2B8B-443A-947A-A5E6658AE410} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08-02] (Adobe Inc. -> Adobe Inc.)

Task: {77EE7417-8B8A-418B-A967-518B79E7A9BC} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

Task: {F8FA2A17-CB77-4DF8-A31F-4EBF3F0EB8F1} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

Task: {DDFBC36F-DF44-4D42-A7EB-5DD97BB68378} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [183736 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

Task: {9F8FD2EA-ECD0-4428-8620-CDDE4B84CCF6} - System32\Tasks\AMDScoSupportTypeUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

Task: {E529CBF2-5BB2-4F07-A010-C35078A2A572} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{5526546A-F46A-4B39-AFAE-09CD3A0BC6E0} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-26] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {BCA047EE-EB7A-4D90-9AFC-74F1E63D38AA} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{F2BA2E6B-E6CD-4C84-BEAF-27766090584E} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-26] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {B11C9E1A-1D4D-46A9-BCBB-FE37FF074470} - System32\Tasks\CareCenter\EEventManager_Reg_HKLMWow6432Run => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (No File)

Task: {B7B1CE44-A267-4F96-89F4-A99C9BDF9309} - System32\Tasks\CareCenter\EPPCCMON_Reg_HKLMRun => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

Task: {92E49C4D-3FD1-4E1F-8658-40AFD59E9108} - System32\Tasks\CareCenter\FxSound.lnk_FolderCommonAppdata => C:\Program Files\FxSound LLC\FxSound\FxSound.exe [4663080 2022-05-30] (FxSound, LLC -> FxSound LLC)

Task: {E4F83E8B-8A31-45CB-84F4-7E9CA2BD5501} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Kaique-Vidal\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-09-11] (ESET, spol. s r.o. -> ESET)

Task: {6379B918-0028-4340-9A0C-1903C939B91E} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Kaique-Vidal\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-09-11] (ESET, spol. s r.o. -> ESET)

Task: {158EFBA6-94F7-4E98-B4E9-B7298E80EAEF} - System32\Tasks\EPSON L3210 Series Update {27E9C58B-921E-426E-BDF1-F17CF6910AEC} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSYXE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

Task: {563D16DF-5EFE-455C-935B-62C4A9120C16} - System32\Tasks\FxSound\Update => C:\Program -> Files\FxSound LLC\FxSound\updater.exe /silent

Task: {3003A339-9983-4759-8C29-9157915A5469} - System32\Tasks\GoogleUpdateTaskMachineCore{620D4915-015F-4E96-A133-34F4C9E04919} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-23] (Google LLC -> Google LLC)

Task: {48821058-85FB-41C6-BB52-97F4F7E56D80} - System32\Tasks\GoogleUpdateTaskMachineUA{DC447CF9-B338-41E0-8307-81E43C0190AC} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-23] (Google LLC -> Google LLC)

Task: {E97F6AD3-983F-427A-A89F-244B36417B09} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1323333070-3634341992-397913038-1001 => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\MEGAupdater.exe [2531504 2023-08-07] (Mega Limited -> )

Task: {1FEC71A1-76D5-40F2-8784-26D67B434161} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913464 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)

Task: {D1571931-E312-441C-B59F-DEDF36E5D0C6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913464 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)

Task: {9C60FF0F-F0E9-4072-BE9C-5A69EE8FF6D6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-09-06] (Microsoft Corporation -> Microsoft Corporation)

Task: {92DCB853-FDE2-4786-9CE4-5B2FE58C1F72} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-09-06] (Microsoft Corporation -> Microsoft Corporation)

Task: {7C7B57EA-F01B-419C-8EAB-3CF389E94B87} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)

Task: {87AF7960-F172-4474-86A6-B442819A7321} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {B61512FF-9811-4B29-9F3A-0079792804E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {917CF0C7-48ED-499B-926F-234293ABE883} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {046CFE8D-3943-42C1-9898-BA409DFC53BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {23C54CBE-10F3-4B78-B316-82B583A70653} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

Task: {EEF96447-6BEE-485F-9A93-932D6F88AFAC} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [3252640 2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {814B0261-54FE-4ED1-8C30-3A727DB84671} - System32\Tasks\Opera scheduled assistant Autoupdate 1679583569 => C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\launcher.exe [2730912 2023-08-09] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\assistant" $(Arg0)

Task: {CFE31B6A-682E-4321-8F60-E4954BA7B1B7} - System32\Tasks\Opera scheduled Autoupdate 1679583566 => C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\launcher.exe [2730912 2023-08-09] (Opera Norway AS -> Opera Software)

Task: {1DF39849-D948-4F61-921A-75A3099ACCEF} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-1323333070-3634341992-397913038-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

Task: {112A3C1E-8DC4-4520-BDCC-BB19F73333E4} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2021-12-30] (Acer Incorporated -> Acer Incorporated)

Task: {A68929FF-6C45-41E1-ACE6-0BFA575CE588} - System32\Tasks\StartAUEP => C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe [728504 2023-08-14] (Advanced Micro Devices Inc. -> AMD)

Task: {14600229-3CC7-4F01-9A88-769AB0B513B8} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60344 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

Task: {57D0385B-482B-4D8F-AB61-F02EBE62905D} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60344 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

Task: {91CF1EAD-4906-44FF-B35B-AF4129C82DC1} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [324024 2023-08-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

Task: {FE3D7372-BFA6-446B-9694-D591C9DF5614} - System32\Tasks\ViGEmBus_Updater => C:\Program Files\Nefarius Software Solutions\ViGEm Bus Driver\ViGEmBus_Updater.exe [1117096 2022-09-27] (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.)

Task: {C39F5997-F842-41E9-B7B5-A3B12CC6FA40} - System32\Tasks\VivaldiUpdateCheck-8d8866b1bc2aec07 => C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\update_notifier.exe [3845520 2023-09-11] (Vivaldi Technologies AS -> Vivaldi Technologies AS)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

Task: C:\WINDOWS\Tasks\EPSON L3210 Series Update {27E9C58B-921E-426E-BDF1-F17CF6910AEC}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSYXE.EXE:/EXE:{27E9C58B-921E-426E-BDF1-F17CF6910AEC} /F:UpdateWORKGROUP\DESKTOP-RTLM44P$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 186.232.56.22 186.232.56.26

Tcpip\..\Interfaces\{5a704275-a447-4078-a27b-3d9bcb78c2dc}: [DhcpNameServer] 186.232.56.22 186.232.56.26

 

Edge:

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\Kaique-Vidal\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-10]

Edge Extension: (Documentos Google off-line) - C:\Users\Kaique-Vidal\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-08]

Edge Extension: (Edge relevant text changes) - C:\Users\Kaique-Vidal\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-08]

Edge Extension: (IDM Integration Module) - C:\Users\Kaique-Vidal\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2022-12-24]

Edge HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2022-12-03]

 

FireFox:

========

FF HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Kaique-Vidal\AppData\Roaming\IDM\idmmzcc5

FF Extension: (IDM CC) - C:\Users\Kaique-Vidal\AppData\Roaming\IDM\idmmzcc5 [2023-01-25] [Legacy] [not signed]

FF HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)

FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-08-19] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)

 

Chrome:

=======

CHR Profile: C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default [2023-09-12]

CHR Extension: (Voltar Dislikes do YouTube) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2023-08-09]

CHR Extension: (Documentos Google off-line) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-29]

CHR Extension: (Volume Master - controlador de volume) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghecgabfgfdldnmbfkhmffcabddioke [2023-03-06]

CHR Extension: (Morpheon Dark) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2022-12-23]

CHR Extension: (IDM Integration Module) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2023-07-26]

CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-12-23]

CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Kaique-Vidal\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2023-09-11]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

CHR HKLM\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2022-12-03]

CHR HKU\S-1-5-21-1323333070-3634341992-397913038-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]

CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

CHR HKLM-x32\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]

CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2022-12-03]

 

Opera:

=======

OPR Profile: C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable [2023-09-12]

OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={searchTerms}&sourceid=opera&ie={inputEncoding}&oe={outputEncoding}

OPR DefaultSearchKeyword: Opera Stable -> g

OPR Extension: (Rich Hints Agent) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-07]

OPR Extension: (Opera Wallet) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-08-31]

OPR Extension: (Aria) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-08-31]

OPR Extension: (Amazon Assistant Promotion) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2023-03-23]

OPR Extension: (Cashback Assistant) - C:\Users\Kaique-Vidal\AppData\Roaming\Opera Software\Opera Stable\Extensions\ompjkhnkeoicimmaehlcmgmpghobbjoj [2023-09-12]

OPR Extension: (opera-intro) - C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\101.0.4843.33\resources\opera_intro_extension [2023-08-08]

StartMenuInternet: (HKU\S-1-5-21-1323333070-3634341992-397913038-1001) OperaStable - "C:\Users\Kaique-Vidal\AppData\Local\Programs\Opera\Launcher.exe"

 

Brave:

=======

BRA Profile: C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-09-12]

BRA DownloadDir: D:\

BRA DefaultSearchKeyword: Default -> :g

BRA Extension: (Retruco Eliminate Anti AdBlock) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gpkdlgnngkiiphplplodblijekhnjjob [2023-08-09]

BRA Extension: (Volume Master - controlador de volume) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jghecgabfgfdldnmbfkhmffcabddioke [2023-04-10]

BRA Extension: (Adblock for Twitch) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\mdomkpjejpboocpojfikalapgholajdc [2023-08-05]

BRA Extension: (IDM Integration Module) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2023-07-28]

BRA Extension: (Brave Ad Block Updater (Exception-exceptions (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2023-09-09]

BRA Extension: (Brave Local Data Files Updater) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-09-09]

BRA Extension: (Brave NTP background images) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2023-08-18]

BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2023-09-09]

BRA Extension: (Brave NTP sponsored images) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\bpndlkddhgpmjengabcakadpcabgflca [2023-09-10]

BRA Extension: (Wallet Data Files Updater) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-09-06]

BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2023-09-09]

BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2023-08-09]

BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-08-23]

BRA Extension: (Brave Ad Block Updater (Default (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-09-09]

BRA Extension: (Brave Ad Block Updater (Adguard Spanish/Portuguese (plaintext))) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\meimhmgfbckapkbbbdaoefgnbppmkodp [2023-09-09]

BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2023-09-09]

BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Kaique-Vidal\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-09-06]

 

Vivaldi:

=======

VIV Profile: C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default [2023-09-12]

VIV Extension: (Torrent Scanner) - C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-03-20]

VIV Extension: (McAfee® WebAdvisor) - C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-07-31]

VIV Extension: (Online Security) - C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok [2023-07-31]

VIV Extension: (IDM Integration Module) - C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2023-07-31]

StartMenuInternet: (HKU\S-1-5-21-1323333070-3634341992-397913038-1001) Vivaldi.G2ZQPJ63ESHF3FEJIOOMKYJKFE - "C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\vivaldi.exe"

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [259232 2021-12-30] (Acer Incorporated -> Acer Incorporated)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-08-02] (Adobe Inc. -> Adobe Inc.)

R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe [527800 2023-08-14] (Advanced Micro Devices Inc. -> AMD)

S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-26] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-26] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.64\brave_vpn_helper.exe [3171864 2023-09-12] (Brave Software, Inc. -> Brave Software, Inc.)

S3 BraveVpnWireguardService; C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.64\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [2183192 2023-09-12] (Brave Software, Inc. -> Brave Software, Inc.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817440 2023-08-19] (Microsoft Corporation -> Microsoft Corporation)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [206304 2021-06-21] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\FileSyncHelper.exe [2556320 2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

R2 FortectDaemon; C:\Program Files\Fortect\bin\MainDaemon.exe [4670424 2023-08-17] (Fortect LTD -> Fortect Ltd.)

R2 FortectService; C:\Program Files\Fortect\MainService.exe [5171672 2023-08-17] (Fortect LTD -> Fortect LTD.)

R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [11767208 2023-09-06] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) [File not signed]

R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [874384 2023-09-07] (McAfee, LLC -> McAfee, LLC)

S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\OneDriveUpdaterService.exe [2936224 2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402200 2023-09-08] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182328 2023-07-10] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.64\elevation_service.exe" [X]

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [36800 2023-07-10] (Acer Incorporated -> Acer Incorporated)

R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [25584 2023-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)

S2 AMDRyzenMasterDriverV19; C:\Windows\system32\AMDRyzenMasterDriver.sys [48328 2023-08-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices)

R2 AMDRyzenMasterDriverV20; C:\Windows\system32\AMDRyzenMasterDriver.sys [48328 2023-08-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices)

R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_54807f69fe156f14\amdsafd.sys [113088 2023-04-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices)

S3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepositoryΕ045.inf_amd64_cb9a543331727801\B394905\amdkmdag.sys [99745312 2023-08-19] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [61888 2023-05-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

R3 FXVAD; C:\WINDOWS\system32\drivers\fxvad.sys [326656 2022-05-30] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)

S3 mpszfilt; C:\WINDOWS\System32\DRIVERS\mpszfilt.sys [20632 2021-12-02] (AlcorMicro, Corp. -> Generic)

R0 mrcbt; C:\WINDOWS\System32\drivers\mrcbt.sys [118528 2023-09-06] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)

R0 mrigflt; C:\WINDOWS\System32\drivers\mrigflt.sys [75160 2023-09-06] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)

R3 MTKBTFilterX64; C:\WINDOWS\system32\DRIVERS\mtkbtfilterx.sys [276424 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)

R3 mtkwlex; C:\WINDOWS\System32\drivers\mtkwl6ex.sys [1617920 2023-01-17] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)

S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43368 2023-07-10] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [615840 2021-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)

R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [249400 2022-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2023-09-12 18:28 - 2023-09-12 18:28 - 000768332 _____ C:\WINDOWS\system32\prfh0416.dat

2023-09-12 18:28 - 2023-09-12 18:28 - 000154460 _____ C:\WINDOWS\system32\prfc0416.dat

2023-09-12 18:24 - 2023-09-12 21:38 - 000003120 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher

2023-09-12 17:40 - 2023-09-12 18:23 - 000102799 _____ C:\Users\Kaique-Vidal\Documents\Fixlog.txt

2023-09-12 17:40 - 2023-09-12 17:40 - 000026442 _____ C:\Users\Kaique-Vidal\Documents\vmowdidaclrkkhvwyj.txt

2023-09-12 15:05 - 2023-09-12 15:06 - 000078999 _____ C:\Users\Kaique-Vidal\Documents\Addition.txt

2023-09-12 15:04 - 2023-09-12 22:09 - 000049696 _____ C:\Users\Kaique-Vidal\Documents\FRST.txt

2023-09-12 10:38 - 2023-09-12 10:38 - 000000000 ____D C:\Users\Kaique-Vidal\Desktop\RevoUninstaller_Portable

2023-09-12 10:36 - 2023-09-12 10:36 - 009033217 _____ C:\Users\Kaique-Vidal\Desktop\RevoUninstaller_Portable.zip

2023-09-11 20:30 - 2023-09-11 20:30 - 000000336 _____ C:\Users\Kaique-Vidal\Documents\ESETScan.txt

2023-09-11 13:13 - 2023-09-11 13:13 - 000003874 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn

2023-09-11 13:13 - 2023-09-11 13:13 - 000003432 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime

2023-09-11 12:37 - 2023-09-11 16:34 - 000001385 _____ C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk

2023-09-11 12:37 - 2023-09-11 12:37 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\ESET

2023-09-11 12:26 - 2023-09-12 21:38 - 000003112 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate

2023-09-11 10:59 - 2023-09-11 20:31 - 000000000 ____D C:\Users\Kaique-Vidal\Documents\FRST-OlderVersion

2023-09-11 10:31 - 2023-09-11 10:31 - 000000000 ____D C:\Users\Kaique-Vidal\Desktop\FRST-OlderVersion

2023-09-11 08:03 - 2023-09-11 08:14 - 000005028 _____ C:\Users\Kaique-Vidal\Desktop\Rkill.txt

2023-09-10 00:27 - 2023-09-10 00:27 - 000001986 _____ C:\WINDOWS\system32\.crusader

2023-09-10 00:22 - 2023-09-10 00:27 - 000000000 ____D C:\ProgramData\HitmanPro

2023-09-09 22:15 - 2023-09-09 22:15 - 000000000 ____D C:\Users\Kaique-Vidal\Downloads\Kaspersky_Total_Security

2023-09-09 21:52 - 2023-09-09 21:53 - 063565774 _____ C:\Users\Kaique-Vidal\Downloads\Kaspersky_Total_Security.rar

2023-09-09 20:14 - 2023-09-12 11:49 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Fortect

2023-09-09 20:14 - 2023-09-12 08:45 - 000000000 ____D C:\ProgramData\Fortect

2023-09-09 20:14 - 2023-09-11 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fortect

2023-09-09 20:14 - 2023-09-11 14:41 - 000000000 ____D C:\Program Files\Fortect

2023-09-09 19:04 - 2023-09-09 19:04 - 000007640 _____ C:\Users\Kaique-Vidal\AppData\Local\Resmon.ResmonCfg

2023-09-09 16:07 - 2023-09-09 16:07 - 002969821 _____ C:\Users\Kaique-Vidal\Desktop\Autoruns.zip

2023-09-09 13:14 - 2023-09-11 10:27 - 000000000 ____D C:\Users\Kaique-Vidal\Desktop\w11

2023-09-09 12:42 - 2023-09-09 12:42 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome

2023-09-08 08:12 - 2023-09-12 22:09 - 000000000 ____D C:\FRST

2023-09-08 08:12 - 2023-09-11 20:31 - 002382848 _____ (Farbar) C:\Users\Kaique-Vidal\Documents\EnglishFRST64.exe

2023-09-08 06:33 - 2023-09-08 06:33 - 000000000 ____D C:\WINDOWS\pss

2023-09-08 05:17 - 2023-09-08 05:17 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

2023-09-08 05:15 - 2023-09-08 05:15 - 000000020 ___SH C:\Users\Kaique-Vidal\ntuser.ini

2023-09-08 05:14 - 2023-09-12 18:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2023-09-08 05:14 - 2023-09-12 11:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\CareCenter

2023-09-08 05:14 - 2023-09-11 07:56 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task

2023-09-08 05:14 - 2023-09-08 05:14 - 000004302 ____N C:\WINDOWS\system32\Tasks\Software Update Application

2023-09-08 05:14 - 2023-09-08 05:14 - 000003852 ____N C:\WINDOWS\system32\Tasks\ACCAgent

2023-09-08 05:14 - 2023-09-08 05:14 - 000003822 ____N C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1679583569

2023-09-08 05:14 - 2023-09-08 05:14 - 000003616 ____N C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{F2BA2E6B-E6CD-4C84-BEAF-27766090584E}

2023-09-08 05:14 - 2023-09-08 05:14 - 000003602 ____N C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2023-09-08 05:14 - 2023-09-08 05:14 - 000003602 ____N C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{DC447CF9-B338-41E0-8307-81E43C0190AC}

2023-09-08 05:14 - 2023-09-08 05:14 - 000003560 ____N C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1679583566

2023-09-08 05:14 - 2023-09-08 05:14 - 000003500 ____N C:\WINDOWS\system32\Tasks\EPSON L3210 Series Update {27E9C58B-921E-426E-BDF1-F17CF6910AEC}

2023-09-08 05:14 - 2023-09-08 05:14 - 000003392 ____N C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{5526546A-F46A-4B39-AFAE-09CD3A0BC6E0}

2023-09-08 05:14 - 2023-09-08 05:14 - 000003378 ____N C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2023-09-08 05:14 - 2023-09-08 05:14 - 000003378 ____N C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{620D4915-015F-4E96-A133-34F4C9E04919}

2023-09-08 05:14 - 2023-09-08 05:14 - 000003274 ____N C:\WINDOWS\system32\Tasks\Optimize Push Notification Data File-S-1-5-21-1323333070-3634341992-397913038-1001

2023-09-08 05:14 - 2023-09-08 05:14 - 000003062 ____N C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1323333070-3634341992-397913038-1001

2023-09-08 05:14 - 2023-09-08 05:14 - 000003006 ____N C:\WINDOWS\system32\Tasks\VivaldiUpdateCheck-8d8866b1bc2aec07

2023-09-08 05:14 - 2023-09-08 05:14 - 000002958 ____N C:\WINDOWS\system32\Tasks\ViGEmBus_Updater

2023-09-08 05:14 - 2023-09-08 05:14 - 000002730 ____N C:\WINDOWS\system32\Tasks\ACC

2023-09-08 05:14 - 2023-09-08 05:14 - 000002728 ____N C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task

2023-09-08 05:14 - 2023-09-08 05:14 - 000002706 ____N C:\WINDOWS\system32\Tasks\AMDScoSupportTypeUpdate

2023-09-08 05:14 - 2023-09-08 05:14 - 000002672 ____N C:\WINDOWS\system32\Tasks\ModifyLinkUpdate

2023-09-08 05:14 - 2023-09-08 05:14 - 000002504 ____N C:\WINDOWS\system32\Tasks\StartAUEP

2023-09-08 05:14 - 2023-09-08 05:14 - 000002402 ____N C:\WINDOWS\system32\Tasks\AMDRyzenMasterSDKTask

2023-09-08 05:14 - 2023-09-08 05:14 - 000002372 ____N C:\WINDOWS\system32\Tasks\StartCNBM

2023-09-08 05:14 - 2023-09-08 05:14 - 000002328 ____N C:\WINDOWS\system32\Tasks\ACCBackgroundApplication

2023-09-08 05:14 - 2023-09-08 05:14 - 000002194 ____N C:\WINDOWS\system32\Tasks\StartCN

2023-09-08 05:14 - 2023-09-08 05:14 - 000002114 ____N C:\WINDOWS\system32\Tasks\StartDVR

2023-09-08 05:14 - 2023-09-08 05:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\MEGA

2023-09-08 05:14 - 2023-09-08 05:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\FxSound

2023-09-08 05:13 - 2023-09-08 05:14 - 000011433 _____ C:\WINDOWS\diagwrn.xml

2023-09-08 05:13 - 2023-09-08 05:14 - 000011433 _____ C:\WINDOWS\diagerr.xml

2023-09-08 05:11 - 2023-09-12 18:28 - 001773032 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2023-09-08 05:10 - 2023-09-08 05:10 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network

2023-09-08 05:09 - 2023-09-12 21:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2023-09-08 05:09 - 2023-09-10 00:27 - 000472024 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2023-09-08 05:09 - 2023-09-08 05:09 - 000000000 ____D C:\WINDOWS\system32\config\BFS

2023-09-08 05:08 - 2023-09-08 05:14 - 000000000 ____D C:\Windows.old

2023-09-08 04:43 - 2023-09-08 05:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Crypto

2023-09-08 04:43 - 2023-09-08 04:43 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\SystemCertificates

2023-09-08 04:43 - 2023-09-08 04:43 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Network

2023-09-08 04:36 - 2023-09-08 05:08 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate

2023-09-08 04:35 - 2023-09-12 18:11 - 000000000 ____D C:\Users\Kaique-Vidal

2023-09-08 04:35 - 2023-09-08 05:17 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows

2023-09-08 04:35 - 2023-09-08 05:15 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Spelling

2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Modelos

2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Meus Documentos

2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Menu Iniciar

2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Documents\Minhas Músicas

2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Documents\Minhas Imagens

2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Documents\Meus Vídeos

2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Dados de Aplicativos

2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Configurações Locais

2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programas

2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\AppData\Local\Histórico

2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\AppData\Local\Dados de Aplicativos

2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Ambiente de Rede

2023-09-08 04:35 - 2023-09-08 04:35 - 000000000 _SHDL C:\Users\Kaique-Vidal\Ambiente de Impressão

2023-09-08 04:34 - 2023-09-08 05:08 - 000000000 ____D C:\WINDOWS\system32\AMD

2023-09-08 04:34 - 2023-09-08 04:34 - 000000000 ____D C:\WINDOWS\system32\Samsung

2023-09-08 04:34 - 2023-09-08 04:34 - 000000000 ____D C:\WINDOWS\Firmware

2023-09-08 01:21 - 2023-09-08 04:36 - 000000000 ____D C:\WINDOWS\ServiceProfiles

2023-09-08 01:19 - 2023-09-08 01:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\mde

2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer

2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\Program Files\Reference Assemblies

2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\Program Files\MSBuild

2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies

2023-09-08 01:00 - 2023-09-08 01:00 - 000000000 ____D C:\Program Files (x86)\MSBuild

2023-09-08 00:57 - 2023-09-08 00:57 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp

2023-09-08 00:57 - 2023-09-08 00:57 - 000000000 ____D C:\WINDOWS\system32\FxsTmp

2023-09-08 00:57 - 2023-09-08 00:57 - 000000000 ____D C:\WINDOWS\addins

2023-09-08 00:31 - 2023-09-08 00:31 - 000008192 ____N C:\WINDOWS\system32\config\userdiff

2023-09-07 23:30 - 2023-09-10 00:27 - 000000000 ___DC C:\WINDOWS\Panther

2023-09-06 14:53 - 2023-09-06 14:54 - 000000000 ____D C:\Users\Kaique-Vidal\Documents\Reflect

2023-09-06 14:21 - 2023-09-08 04:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium

2023-09-06 14:21 - 2023-09-06 14:21 - 000001527 _____ C:\Users\Public\Desktop\Macrium Reflect.lnk

2023-09-06 14:21 - 2023-09-06 14:21 - 000000000 ____D C:\Program Files\Macrium

2023-09-06 13:50 - 2023-09-06 16:59 - 000000000 ____D C:\ProgramData\Macrium

2023-09-03 01:09 - 2023-09-03 01:09 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\LocalLow\AMD

2023-09-03 01:05 - 2023-09-08 05:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool

2023-09-03 01:04 - 2023-09-08 05:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Software꞉ Adrenalin Edition

2023-08-25 10:43 - 2023-08-19 03:11 - 000832952 ____N C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe

2023-08-25 10:43 - 2023-08-19 03:11 - 000832952 ____N C:\WINDOWS\system32\vulkaninfo.exe

2023-08-25 10:43 - 2023-08-19 03:11 - 000721336 ____N C:\WINDOWS\system32\hiprt0200064.dll

2023-08-25 10:43 - 2023-08-19 03:11 - 000715296 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe

2023-08-25 10:43 - 2023-08-19 03:11 - 000715296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe

2023-08-25 10:43 - 2023-08-19 03:11 - 000668696 ____N C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll

2023-08-25 10:43 - 2023-08-19 03:11 - 000668696 ____N C:\WINDOWS\system32\vulkan-1.dll

2023-08-25 10:43 - 2023-08-19 03:11 - 000653240 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll

2023-08-25 10:43 - 2023-08-19 03:11 - 000653240 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll

2023-08-25 10:43 - 2023-08-19 03:11 - 000539168 ____N C:\WINDOWS\system32\libsmi_guest.dll

2023-08-25 10:43 - 2023-08-19 03:11 - 000532000 ____N C:\WINDOWS\system32\libsmi_host.dll

2023-08-25 10:43 - 2023-08-19 03:11 - 000197152 ____N C:\WINDOWS\system32\mantle64.dll

2023-08-25 10:43 - 2023-08-19 03:11 - 000176160 ____N C:\WINDOWS\system32\mantleaxl64.dll

2023-08-25 10:43 - 2023-08-19 03:11 - 000153632 _____ C:\WINDOWS\SysWOW64\mantle32.dll

2023-08-25 10:43 - 2023-08-19 03:11 - 000137760 _____ C:\WINDOWS\SysWOW64\mantleaxl32.dll

2023-08-25 10:43 - 2023-08-19 03:10 - 011746816 ____N C:\WINDOWS\system32\amdsmi.exe

2023-08-25 10:43 - 2023-08-19 03:10 - 002176440 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdsasrv64.dll

2023-08-25 10:43 - 2023-08-19 03:10 - 001305120 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdsacli64.dll

2023-08-25 10:43 - 2023-08-19 03:10 - 001029664 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdsacli32.dll

2023-08-25 10:43 - 2023-08-19 03:09 - 004375584 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdadlx64.dll

2023-08-25 10:43 - 2023-08-19 03:09 - 004180000 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdadlx32.dll

2023-08-25 10:43 - 2023-08-19 02:18 - 103988216 ____N C:\WINDOWS\system32\amdxc64.so

2023-08-25 10:43 - 2023-08-19 02:18 - 031938072 ____N C:\WINDOWS\system32\hiprt02000_amd.hipfb

2023-08-25 10:43 - 2023-08-19 02:18 - 023302232 ____N C:\WINDOWS\system32\hiprt02000_nv.fatbin

2023-08-25 10:43 - 2023-08-19 02:18 - 002433848 ____N C:\WINDOWS\system32\oro_compiled_kernels.hipfb

2023-08-25 10:43 - 2023-08-19 02:18 - 002000584 ____N C:\WINDOWS\system32\oro_compiled_kernels.fatbin

2023-08-25 10:43 - 2023-08-19 02:18 - 000154384 ____N C:\WINDOWS\system32\samu_krnl_ci.sbin

2023-08-25 10:43 - 2023-08-19 02:18 - 000138832 ____N C:\WINDOWS\system32\samu_krnl_isv_ci.sbin

2023-08-25 10:43 - 2023-08-19 02:18 - 000121168 ____N C:\WINDOWS\system32\kapp_si.sbin

2023-08-25 10:43 - 2023-05-24 08:42 - 000061888 ____N (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdxe.sys

2023-08-19 00:44 - 2023-08-19 00:44 - 000007300 _____ C:\Users\Kaique-Vidal\Downloads\Windows_Security_Service.reg

2023-08-19 00:01 - 2023-08-19 00:01 - 001048576 ____N C:\WINDOWS\system32\defltbase.sdb

2023-08-19 00:01 - 2023-08-19 00:01 - 000016384 ____N C:\WINDOWS\system32\defltbase.jfm

2023-08-19 00:01 - 2023-08-19 00:01 - 000000008 __RSH C:\ProgramData\ntuser.pol

2023-08-18 23:52 - 2023-08-18 23:52 - 000000000 ____D C:\Users\Kaique-Vidal\Downloads\Ghost Gamer

2023-08-18 23:51 - 2023-08-18 23:51 - 000000448 _____ C:\Users\Kaique-Vidal\Downloads\Ghost Gamer.rar

2023-08-18 18:49 - 2023-09-09 16:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

2023-08-18 18:49 - 2023-08-18 18:52 - 000420694 _____ C:\WINDOWS\ntbtlog.txt

2023-08-14 22:35 - 2023-08-14 22:35 - 000856504 ____N (Advanced Micro Devices) C:\WINDOWS\system32\Device.dll

2023-08-14 22:35 - 2023-08-14 22:35 - 000061368 ____N (Advanced Micro Devices) C:\WINDOWS\system32\Platform.dll

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2023-09-12 21:45 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SystemTemp

2023-09-12 21:45 - 2022-05-07 02:17 - 000000000 ____D C:\WINDOWS\CbsTemp

2023-09-12 21:39 - 2022-12-23 20:08 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2023-09-12 21:39 - 2022-12-23 20:08 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2023-09-12 21:39 - 2022-12-23 20:07 - 000000000 ____D C:\Program Files (x86)\Google

2023-09-12 21:38 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2023-09-12 18:57 - 2022-12-26 17:24 - 000002362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk

2023-09-12 18:57 - 2022-12-26 17:24 - 000002321 _____ C:\Users\Public\Desktop\Brave.lnk

2023-09-12 18:28 - 2022-05-07 02:22 - 000000000 ____D C:\WINDOWS\INF

2023-09-12 18:23 - 2022-12-23 16:58 - 000012288 ___SH C:\DumpStack.log.tmp

2023-09-12 18:23 - 2022-05-07 02:17 - 000262144 _____ C:\WINDOWS\system32\config\BBI

2023-09-12 17:25 - 2023-01-17 21:49 - 000002418 _____ C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk

2023-09-12 17:25 - 2023-01-17 21:49 - 000002381 _____ C:\Users\Kaique-Vidal\Desktop\Vivaldi.lnk

2023-09-12 17:25 - 2023-01-17 21:49 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\Vivaldi

2023-09-12 11:49 - 2023-01-16 00:56 - 000000000 ____D C:\Program Files (x86)\EPSON

2023-09-12 11:49 - 2023-01-16 00:53 - 000000000 ____D C:\Program Files (x86)\EPSON Software

2023-09-12 11:49 - 2022-12-23 19:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2023-09-12 11:48 - 2023-05-31 15:45 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\Wondershare

2023-09-12 11:43 - 2023-01-16 00:36 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\LocalLow\Temp

2023-09-12 10:53 - 2022-05-07 02:24 - 000000000 ___HD C:\Program Files\WindowsApps

2023-09-12 10:53 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\AppReadiness

2023-09-12 10:52 - 2023-01-25 12:31 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\DMCache

2023-09-12 10:51 - 2023-06-20 09:57 - 000000000 ____D C:\WINDOWS\system32\appmgmt

2023-09-12 10:51 - 2023-02-17 13:11 - 000000000 ____D C:\ProgramData\TEMP

2023-09-12 10:41 - 2023-01-02 11:09 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\IObit

2023-09-12 10:41 - 2023-01-02 11:09 - 000000000 ____D C:\ProgramData\IObit

2023-09-12 10:39 - 2023-01-02 11:12 - 000000000 ____D C:\ProgramData\ProductData

2023-09-11 21:25 - 2023-01-24 14:27 - 000003446 _____ C:\WINDOWS\SysWOW64\pubfreeware.ini

2023-09-11 13:01 - 2022-12-23 17:08 - 000000000 ____D C:\ProgramData\Packages

2023-09-11 12:55 - 2023-02-01 18:46 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\utorrent

2023-09-11 12:55 - 2023-01-26 22:34 - 000000000 ___RD C:\Users\Kaique-Vidal\Documents\MEGAsync

2023-09-11 12:26 - 2022-12-23 17:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\ConnectedDevicesPlatform

2023-09-11 08:11 - 2022-12-23 17:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\Packages

2023-09-11 07:48 - 2022-12-26 12:27 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2023-09-09 23:32 - 2022-05-07 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy

2023-09-09 23:32 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy

2023-09-09 21:48 - 2023-01-25 12:31 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\IDM

2023-09-09 20:16 - 2022-12-23 20:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\D3DSCache

2023-09-09 19:18 - 2023-04-22 18:57 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Zoom

2023-09-09 12:49 - 2022-12-23 23:38 - 000000000 ____D C:\Program Files\WinRAR

2023-09-08 12:33 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth

2023-09-08 10:49 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\appcompat

2023-09-08 05:33 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\USOPrivate

2023-09-08 05:32 - 2022-05-07 02:24 - 000000000 ___RD C:\WINDOWS\PrintDialog

2023-09-08 05:31 - 2022-05-07 02:17 - 000000000 ____D C:\WINDOWS\servicing

2023-09-08 05:22 - 2022-12-23 20:57 - 000000000 ____D C:\AMD

2023-09-08 05:20 - 2022-12-23 20:08 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\AMD

2023-09-08 05:17 - 2023-03-07 12:32 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\FxSound

2023-09-08 05:15 - 2022-12-23 17:08 - 000002348 _____ C:\Users\Kaique-Vidal\Desktop\Microsoft Edge.lnk

2023-09-08 05:15 - 2022-12-23 17:08 - 000000000 __RHD C:\Users\Public\AccountPictures

2023-09-08 05:15 - 2022-05-07 02:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2023-09-08 05:15 - 2022-05-07 02:17 - 000032768 ____N C:\WINDOWS\system32\config\ELAM

2023-09-08 05:14 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\oobe

2023-09-08 05:14 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Windows NT

2023-09-08 05:14 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Windows Defender

2023-09-08 05:11 - 2023-01-16 19:59 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2023-09-08 05:11 - 2022-12-23 16:58 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2023-09-08 05:10 - 2022-05-07 02:24 - 000000000 __RHD C:\Users\Public\Libraries

2023-09-08 05:10 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2023-09-08 05:09 - 2022-05-07 02:24 - 000028672 ____N C:\WINDOWS\system32\config\BCD-Template

2023-09-08 05:08 - 2023-08-03 18:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo WinToHDD

2023-09-08 05:08 - 2023-07-29 19:06 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom

2023-09-08 05:08 - 2023-06-10 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One Piece Burning Blood

2023-09-08 05:08 - 2023-05-17 13:07 - 000000000 ____D C:\WINDOWS\oem

2023-09-08 05:08 - 2023-03-07 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSound

2023-09-08 05:08 - 2023-02-02 15:55 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip

2023-09-08 05:08 - 2023-01-28 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare 3

2023-09-08 05:08 - 2023-01-28 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mafia - Definitve Edition

2023-09-08 05:08 - 2023-01-28 19:19 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server

2023-09-08 05:08 - 2023-01-28 18:50 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner

2023-09-08 05:08 - 2023-01-27 11:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader

2023-09-08 05:08 - 2023-01-27 02:44 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync

2023-09-08 05:08 - 2023-01-25 12:31 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager

2023-09-08 05:08 - 2023-01-25 12:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager

2023-09-08 05:08 - 2023-01-24 13:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo

2023-09-08 05:08 - 2023-01-17 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office

2023-09-08 05:08 - 2023-01-16 00:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software

2023-09-08 05:08 - 2022-12-27 16:02 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CapCut

2023-09-08 05:08 - 2022-12-27 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2023-09-08 05:08 - 2022-12-25 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

2023-09-08 05:08 - 2022-12-24 01:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC

2023-09-08 05:08 - 2022-12-23 23:38 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2023-09-08 05:08 - 2022-12-23 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2023-09-08 05:08 - 2022-12-23 20:00 - 000000000 ____D C:\WINDOWS\system32\ihvmanager

2023-09-08 05:08 - 2022-12-23 19:26 - 000000000 ____D C:\Program Files\Intel

2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase

2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\spool

2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\NDF

2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\ServiceState

2023-09-08 05:08 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2023-09-08 05:08 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated

2023-09-08 05:08 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc

2023-09-08 04:57 - 2022-05-07 02:28 - 000000000 ____D C:\WINDOWS\Setup

2023-09-08 04:36 - 2023-06-20 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts

2023-09-08 04:36 - 2023-02-03 00:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA

2023-09-08 04:36 - 2023-01-28 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2023-09-08 04:36 - 2023-01-28 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games

2023-09-08 04:36 - 2023-01-16 00:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

2023-09-08 04:36 - 2023-01-09 22:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer

2023-09-08 04:36 - 2023-01-09 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo dos Renegados

2023-09-08 04:36 - 2022-12-24 10:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID

2023-09-08 04:36 - 2022-12-23 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

2023-09-08 04:35 - 2023-05-31 15:48 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wondershare

2023-09-08 04:35 - 2023-02-02 23:53 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft

2023-09-08 04:35 - 2023-01-29 18:34 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio

2023-09-08 04:35 - 2022-05-07 02:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows

2023-09-08 01:19 - 2022-05-07 07:41 - 000000000 ____D C:\WINDOWS\system32\AppV

2023-09-08 01:19 - 2022-05-07 07:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\WUModels

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\UUS

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SystemResources

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SystemApps

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\vi-VN

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\UNP

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\setup

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\migwiz

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\id-ID

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\et-EE

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\es-MX

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\Dism

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\DDFs

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\appraiser

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\ShellExperiences

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\ShellComponents

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\Provisioning

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\bcastdvr

2023-09-08 01:19 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Common Files\System

2023-09-08 01:16 - 2022-05-07 07:41 - 000036864 ____N (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll

2023-09-08 01:16 - 2022-05-07 07:41 - 000023775 ____N C:\WINDOWS\system32\OEMDefaultAssociations.xml

2023-09-08 01:16 - 2022-05-07 02:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

2023-09-08 01:16 - 2022-05-07 02:24 - 000249856 ____N (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll

2023-09-08 01:00 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI

2023-09-08 01:00 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\MUI

2023-09-08 00:58 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\OCR

2023-09-08 00:55 - 2022-05-07 07:41 - 000000000 ____D C:\Program Files\Windows Photo Viewer

2023-09-08 00:55 - 2022-05-07 07:41 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm

2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN

2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr

2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts

2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\system32\winrm

2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\system32\WCN

2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\system32\slmgr

2023-09-08 00:55 - 2022-05-07 07:31 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts

2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12

2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs

2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\F12

2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\dsc

2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\DiagSvcs

2023-09-08 00:55 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender

2023-09-06 12:07 - 2023-01-17 15:10 - 000000000 ____D C:\Program Files\Microsoft Office

2023-09-05 12:48 - 2022-12-24 00:53 - 000000000 ____D C:\Users\Kaique-Vidal\Downloads\Video

2023-09-04 22:43 - 2022-12-24 09:42 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\BitTorrentHelper

2023-09-04 21:21 - 2022-12-23 22:25 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\vlc

2023-09-03 17:34 - 2023-01-17 15:14 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Word

2023-09-03 01:06 - 2022-12-23 20:08 - 000000000 ____D C:\Program Files\AMD

2023-08-31 20:48 - 2022-12-23 16:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2023-08-29 21:15 - 2023-01-16 00:37 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\ElevatedDiagnostics

2023-08-25 10:40 - 2022-12-23 21:54 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\AMD_Common

2023-08-23 00:05 - 2023-01-16 00:29 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk

2023-08-23 00:05 - 2023-01-16 00:29 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk

2023-08-20 23:41 - 2022-12-27 20:43 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Roaming\DS4Windows

2023-08-19 00:22 - 2022-12-23 20:06 - 000000000 ____D C:\Users\Kaique-Vidal\AppData\Local\PlaceholderTileLogoFolder

2023-08-16 13:00 - 2023-03-23 11:59 - 000001498 _____ C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk

2023-08-14 23:44 - 2022-12-23 21:50 - 002967232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\AMDBugReportTool.exe

 

==================== Files in the root of some directories ========

 

2023-01-02 17:25 - 2023-01-02 17:25 - 046667280 _____ (Martí Climent ) C:\Users\Kaique-Vidal\WingetUI-Updater.exe

2023-09-09 19:04 - 2023-09-09 19:04 - 000007640 _____ () C:\Users\Kaique-Vidal\AppData\Local\Resmon.ResmonCfg

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2023

Ran by Kaique (12-09-2023 22:10:22)

Running from C:\Users\Kaique-Vidal\Documents

Microsoft Windows 11 Pro Version 22H2 22621.2134 (X64) (2023-09-08 08:14:56)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

Administrador (S-1-5-21-1323333070-3634341992-397913038-500 - Administrator - Disabled)

Convidado (S-1-5-21-1323333070-3634341992-397913038-501 - Limited - Disabled)

DefaultAccount (S-1-5-21-1323333070-3634341992-397913038-503 - Limited - Disabled)

Kaique (S-1-5-21-1323333070-3634341992-397913038-1001 - Administrator - Enabled) => C:\Users\Kaique-Vidal

WDAGUtilityAccount (S-1-5-21-1323333070-3634341992-397913038-504 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.003.20284 - Adobe)

Adobe AIR (HKLM-x32\...\{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}) (Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)

Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601052}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden

AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.06.10.651 - Advanced Micro Devices, Inc.)

AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden

AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.119 - Advanced Micro Devices, Inc.) Hidden

AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.19.0.0 - Advanced Micro Devices, Inc.) Hidden

AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.10 - Advanced Micro Devices, Inc.) Hidden

AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 23.8.1 - Advanced Micro Devices, Inc.)

AMD_Chipset_Drivers (HKLM-x32\...\{c63a1907-428b-458b-935e-e61aad4aac6e}) (Version: 4.06.10.651 - Advanced Micro Devices, Inc.) Hidden

Apresentações (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\5190ba10b17e2997e8fb61dfd1a6e8ae) (Version: 1.0 - Google\Chrome)

Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden

Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 116.1.57.64 - Autores do Brave)

CapCut (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\CapCut) (Version: 1.3.2.166 - Bytedance Pte. Ltd.)

Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3042 - Acer Incorporated)

Combo Cleaner (HKLM\...\{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.58.0 - RCS LT) Hidden

Combo Cleaner (HKLM-x32\...\InstallShield_{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.58.0 - RCS LT)

CPUID CPU-Z 2.03 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.03 - CPUID, Inc.)

CrystalDiskInfo 8.17.3 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.17.3 - Crystal Dew World)

Documentation Manager (HKLM\...\{6EEC9A89-A963-48FB-9B63-368C997963E7}) (Version: 22.190.0.4 - Intel Corporation) Hidden

EPSON L3210 Series Printer Uninstall (HKLM\...\EPSON L3210 Series) (Version: - Seiko Epson Corporation)

Epson Photo+ (HKLM-x32\...\{5DCB4864-C363-4654-89BF-42660B841136}) (Version: 3.7.1.0 - Seiko Epson Corporation)

Epson Printer Connection Checker (HKLM-x32\...\{562C1C83-6199-49DD-987B-60D5FF7BC971}) (Version: 3.3.2.0 - Seiko Epson Corporation)

Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)

EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)

EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)

Epson ScanSmart (HKLM-x32\...\{948F96A1-DA95-455C-8086-A77CDC184770}) (Version: 3.6.5 - Seiko Epson Corporation)

Epson Software Updater (HKLM-x32\...\{26A9B753-4B5D-46D8-A329-5CEF96FC22D2}) (Version: 4.6.5 - Seiko Epson Corporation)

Fortect (HKLM\...\Fortect) (Version: 6.0.0.1 - Fortect)

Fraps (HKLM-x32\...\Fraps) (Version: - )

FxSound (HKLM\...\{44F94A7A-3F02-44F3-8B53-69E22FB43E36}) (Version: 1.1.16.0 - FxSound LLC) Hidden

FxSound (HKLM\...\FxSound 1.1.16.0) (Version: 1.1.16.0 - FxSound LLC)

Gerenciador de Downloads da EA (HKLM-x32\...\EA Download Manager) (Version: 6.0.4.124 - Electronic Arts, Inc.)

Gmail (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\a49dae519e5190504fb80f16e20ec992) (Version: 1.0 - Google\Chrome)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC)

Google Drive (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\932db397ccb442165eaf067bd1aedb35) (Version: 1.0 - Google\Chrome)

GRID 2 © Codemasters version 1 (HKLM-x32\...\R1JJRDI=_is1) (Version: 1 - )

Intel® Software Installer (HKLM-x32\...\{17ca2588-1bb5-40ca-b48f-6a80ffbce846}) (Version: 22.190.0.4 - Intel Corporation) Hidden

Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.41.6 - Tonec Inc.)

Macrium Reflect Server Plus (HKLM\...\{33A56673-B256-45B5-8D05-84EB19691C06}) (Version: 8.1.7469 - Paramount Software (UK) Ltd.) Hidden

Macrium Reflect Server Plus (HKLM\...\MacriumReflect) (Version: v8.1.7469 - Paramount Software (UK) Ltd.)

Mafia II (HKLM-x32\...\Mafia II_is1) (Version: - )

MegaDownloader 1.8 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.8 - megadownloaderapp.blogspot.com)

MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)

Microsoft .NET Host - 6.0.12 (x64) (HKLM\...\{E215AA9E-5DF2-44BC-9D6F-E1A1B0C348FB}) (Version: 48.51.51943 - Microsoft Corporation) Hidden

Microsoft .NET Host FX Resolver - 6.0.12 (x64) (HKLM\...\{0712F23C-FBAC-436C-9DDB-125F32D15033}) (Version: 48.51.51943 - Microsoft Corporation) Hidden

Microsoft .NET Runtime - 6.0.12 (x64) (HKLM\...\{1BF67DC1-8BB5-4AF5-BE20-3B53D9532D01}) (Version: 48.51.51943 - Microsoft Corporation) Hidden

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.76 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.76 - Microsoft Corporation)

Microsoft Office Professional 2016 - pt-br (HKLM\...\ProfessionalRetail - pt-br) (Version: 16.0.16731.20170 - Microsoft Corporation)

Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 22.077.0410.0007 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31931 (HKLM-x32\...\{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}) (Version: 14.34.31931.0 - Microsoft Corporation)

Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31931 (HKLM-x32\...\{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}) (Version: 14.34.31931 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31931 (HKLM-x32\...\{AB1BDF73-7393-42CE-812D-9A90918814D5}) (Version: 14.34.31931 - Microsoft Corporation) Hidden

Microsoft Windows Desktop Runtime - 6.0.12 (x64) (HKLM\...\{3E726676-B5F4-48DA-B9F9-78A15B7F8A70}) (Version: 48.51.52100 - Microsoft Corporation) Hidden

Microsoft Windows Desktop Runtime - 6.0.12 (x64) (HKLM-x32\...\{24b99d74-a81e-4765-aefe-be853ac47482}) (Version: 6.0.12.31928 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

MPC-HC 1.9.24 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.9.24 - MPC-HC Team)

MSI Afterburner 4.6.5 Beta 4 (HKLM-x32\...\Afterburner) (Version: 4.6.5 Beta 4 - MSI Co., LTD)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20052 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20170 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.16731.20052 - Microsoft Corporation) Hidden

One Piece Burning Blood Gold Edition MULTi10 - ElAmigos versão 1.06 (HKLM-x32\...\{30391AA3-89CC-41EE-8569-6E5AFC343197}_is1) (Version: 1.06 - Bandai Namco Entertainment)

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

Opera Stable 101.0.4843.43 (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Opera 101.0.4843.43) (Version: 101.0.4843.43 - Opera Software)

Pacote de Driver do Windows - Realtek Net (09/28/2020 10.045.0928.2020) (HKLM\...\C1B42219F20B36DD15C90FF914DFDCE2073C2736) (Version: 09/28/2020 10.045.0928.2020 - Realtek)

Planilhas (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\de0e6f7c8cc200e7019511986230e1c8) (Version: 1.0 - Google\Chrome)

PS Remote Play (HKLM-x32\...\{18E06000-568E-4D9D-B506-EF3D3873210D}) (Version: 6.0.0.02240 - Sony Interactive Entertainment Inc.)

Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10518 - Qualcomm)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.45.928.2020 - Realtek)

RivaTuner Statistics Server 7.3.4 Beta 6 (HKLM-x32\...\RTSS) (Version: 7.3.4 Beta 6 - Unwinder)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)

RyzenMasterSDK (HKLM\...\{3710415D-9538-4812-A68F-251EA22A8E14}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden

Screenpresso (HKLM\...\{1e375827-5328-4da4-aed5-7e2b89337772}) (Version: 2.1.8.0 - Learnpulse)

Sonic Generations (HKLM-x32\...\Sonic Generations_is1) (Version: - )

Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)

Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.8070 - Microsoft Corporation)

Textos (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\6cbf8614008d280398c1d1816f2c1ca2) (Version: 1.0 - Google\Chrome)

Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.00 - Ubisoft)

Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)

USBHelperLauncher (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\USBHelperLauncher) (Version: 0.17d - FailedShack)

ViGEm Bus Driver (HKLM\...\{9C581C76-2D68-40F8-AA6F-94D3C5215C05}) (Version: 1.21.442 - Nefarius Software Solutions e.U.)

Vivaldi (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Vivaldi) (Version: 6.2.3105.48 - Vivaldi Technologies AS.)

VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)

WebAdvisor da McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.834 - McAfee, LLC)

WingetUI (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\{889610CC-4337-4BDB-AC3B-4F21806C0BDD}_is1) (Version: 1.5.3 - Martí Climent)

WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)

WinToHDD (HKLM\...\WinToHDD_is1) (Version: 5.8 - Hasleo Software.)

Wondershare Filmora 12(Build 12.2.12.2498) (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\Wondershare Filmora 12_is1) (Version: - Wondershare Software)

Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

YouTube (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\7d0fbb6319dc4f2d6542cb28463cb89a) (Version: 1.0 - Google\Chrome)

Zoom (HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\ZoomUMX) (Version: 5.15.5 (19404) - Zoom Video Communications, Inc.)

 

Packages:

=========

Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2023-08-18] (Acer Incorporated)

Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-02-11] (Microsoft Corporation)

Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-18] (Microsoft Corporation)

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2023-08-18] (Microsoft Corporation) [MS Ad]

Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2307.24002.0_x64__8wekyb3d8bbwe [2023-09-11] (Microsoft Corporation) [Startup Task]

Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-08] (Microsoft Corporation)

Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.251.0_x64__dt26b99r8h8gj [2023-08-18] (Realtek Semiconductor Corp)

Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-11] (Microsoft Studios) [MS Ad]

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0 [2023-09-08] (Spotify AB) [Startup Task]

Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-08] (Microsoft Corporation)

Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2022.1227.2402.199_neutral__8wekyb3d8bbwe [2023-08-18] (Microsoft Corporation)

WinRAR -> C:\Program Files\WinRAR [2023-09-09] (win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> c:\program files\macrium\common\reflectmonitor.exe (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)

CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> C:\Users\Kaique-Vidal\AppData\Roaming\7zip\7-zip.dll (Igor Pavlov) [File not signed]

CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{68AC8A11-8E2F-474E-AE5C-E11EB489347A}\localserver32 -> C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\6.2.3105.48\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)

CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{A4090264-1B21-4E10-85F8-0B2A0DE5CC23} -> [Music] => C:\Users\Kaique-Vidal\Music [2022-12-23 17:07]

CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> "C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\4.3.2439.65\notification_helper.exe" => No File

CustomCLSID: HKU\S-1-5-21-1323333070-3634341992-397913038-1001_Classes\CLSID\{E1E57C1E-543A-42C5-A5E5-05F1A8D59F33}\localserver32 -> "C:\Users\Kaique-Vidal\AppData\Local\Vivaldi\Application\5.6.2867.58\notification_helper.exe" => No File

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )

ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )

ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )

ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-03] (Tonec Inc. -> Tonec FZE)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )

ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => D:\Reflect\RContextMenu.dll -> No File

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )

ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => D:\Reflect\RContextMenu.dll -> No File

ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )

ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Kaique-Vidal\AppData\Local\MEGAsync\ShellExtX64.dll [2023-08-07] (Mega Limited -> )

ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\22.077.0410.0007\amd64\FileSyncShell64.dll [2023-01-17] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1_S-1-5-21-1323333070-3634341992-397913038-1001: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Kaique-Vidal\AppData\Roaming\7zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]

ContextMenuHandlers4_S-1-5-21-1323333070-3634341992-397913038-1001: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Kaique-Vidal\AppData\Roaming\7zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]

ContextMenuHandlers6_S-1-5-21-1323333070-3634341992-397913038-1001: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Kaique-Vidal\AppData\Roaming\7zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]

 

==================== Codecs (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [File not signed]

HKLM\...\Drivers32: [vidc.spv1] => C:\Program Files\Learnpulse\Screenpresso\ScreenpressoCodec.dll [167656 2023-01-02] (Learnpulse -> LearnPulse)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed]

HKLM\...\Drivers32: [vidc.spv1] => C:\Program Files\Learnpulse\Screenpresso\SysWOW64\ScreenpressoCodec.dll [146664 2023-01-02] (Learnpulse -> LearnPulse)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Apresentações.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag

ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm

ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak

ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Planilhas.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf

ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Textos.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb

ShortcutWithArgument: C:\Users\Kaique-Vidal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml

 

==================== Loaded Modules (Whitelisted) =============

 

2023-01-17 15:11 - 2023-01-17 15:11 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll

2023-01-17 15:11 - 2023-01-17 15:11 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll

 

==================== Alternate Data Streams (Whitelisted) ========

 

==================== Safe Mode (Whitelisted) ==================

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170902&iDate=2022-12-24 01:25:57&iid=8a884268-3e2c-421c-b62f-daa3be78a13f&bName=

SearchScopes: HKU\S-1-5-21-1323333070-3634341992-397913038-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation)

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost

IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com

IE trusted site: HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\localhost -> localhost

IE trusted site: HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\webcompanion.com -> hxxp://webcompanion.com

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2019-12-07 06:14 - 2023-09-12 18:19 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Fortect

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kaique-Vidal\Pictures\vcuIyoVK_4x.jpg

DNS Servers: 186.232.56.22 - 186.232.56.26

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(If an entry is included in the fixlist, it will be removed.)

 

HKLM\...\StartupApproved\Run: => "Screenpresso"

HKLM\...\StartupApproved\Run: => "EPPCCMON"

HKLM\...\StartupApproved\Run32: => "EEventManager"

HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "_TE16A.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "_TE38F2.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "_TE50A4.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "AdobeARM.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "AMDLinkDriverUpdate.xml"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230521123721.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230522121739.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230523121739.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230524121739.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230525131351.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230526122506.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230527121739.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230528121740.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230529121739.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230529131420.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230530035434.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "CUsersKaique-VidalAppDataLocalProgramsOpera101.0.4843.43opera_autoupdate.download.lock"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "cv_debug.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "native_push_sensors"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "TWAIN.LOG"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "Twain001.Mtx"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "Twunk001.MTX"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "Twunk002.MTX"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "upgrade_sensors"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "vivaldi_installer.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "WINWORD.EXE_c2rdll(20230818184958FF4).log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "WINWORD.EXE_c2rdll(20230818185012F30).log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "wsduilib.log.2023-05-31"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "NotifyIconGeneratedAumid_1897770014230834862.png"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bc3902d8132f43e3ae086a009979fa88.db"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bc3902d8132f43e3ae086a009979fa88.db.ses"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bc3902d8132f43e3ae086a009979fa88.db-shm"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bc3902d8132f43e3ae086a009979fa88.db-wal"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ad1bc981-dc18-445f-af4c-722616e0022a.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-11560.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "70304202-db4b-403b-83ef-00fe3e7f78dd.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "5b7675ae-fab0-4d1d-b14f-e59289092601.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "{D1D2057F-2004-493F-A3EA-E787B4CFA417} - OProcSessId.dat"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "{D84E0988-4F06-4DA8-B83B-A61B4B311660} - OProcSessId.dat"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "~DF5C3229F667F003B4.TMP"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "0a09f44c-5052-44c6-a0ff-03f0aee3d716.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "03b1fe12-b65f-4d15-90a9-865bf693cb81.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "4a2a5472-50a2-4835-9a6b-131cc89c450a.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "4fbaf048-d606-45e9-ab3f-8973bf437d12.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "06ce3baa-6039-4e28-91ac-2bf36a64f88f.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "6bc5b74a-08b9-406f-964e-a9f651f75cc8.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "6c34148b-9b32-4806-8a10-cc2859f630ab.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7a8e4dd9-edb6-405f-ab11-4933898e91a4.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7e109536-8500-4984-b505-4c23cbcc2383.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "8b52100e-1fc1-41ff-925b-c3cc72415af3.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9d95cdc3-47d2-4767-90ef-c05451e59d34.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "31cd2e65-2cb8-4532-93db-d66789ba55d9.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "64a8d03c-a179-4a89-80ac-f8ffcd3ba462.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "70b13af5-d133-442c-87c4-162fb8d3f33c.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "102a1086-97a0-4538-8ac5-6ad5c7fa05c1.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "259c7135-cc52-4567-9739-fc73875c8efb.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "633bebe5-5c98-4fae-b934-df4b9fba1395.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "760e8487-290a-4029-8add-94cd91f45417.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "794e5f1e-2691-4e27-86b0-60ed49aaf762.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "1396a6de-e821-451e-94e9-deb8607e8df6.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "125610fa-6c7d-4d25-a3cc-1e7f302d6dbf.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "532527e9-1027-44db-a331-b12e68ead280.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "568122a3-c1de-4b8b-8e50-9c77846d5a30.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2694432a-8846-4c61-9d1f-cbc85b6a3690.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "4694941f-5b0c-4dac-9089-e4e3e5460ef2.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7258065a-ccc6-48a3-9b3e-f28217024087.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "52895737-f9fa-4ef9-b5f5-502841fdc01d.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a5c1d119-5bbd-4870-b1a0-93c24ba41446.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "af4dc4dc-917d-4d63-bf5b-23948742e015.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230908080437.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "c296216d-cd0a-4558-910e-2735e77f5730.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "cb44c71f-3149-4e79-a1c7-ac9af0dcbe2e.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "cd2030f7-593f-4651-b8ae-a390f31fecbc.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "codeint7684"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f6524bc1-d000-41c6-8980-903908fdad43.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f1478730-f32d-4ad5-a81a-c67ac8645dd6.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-11048.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-11544.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230908123847.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "1a30ef6b-6420-432a-b999-0838f4fb83ea.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "codeint9994"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f8a97030-3520-4caf-b176-4eb880818840.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f3838886-1cce-4d37-a81c-b39cd076673b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "5b82d819-aac3-406c-be72-90908efdf572.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "98f520e9-c248-4920-bd26-9fef435c7e82.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7a5e678d-2aa9-4e70-89f2-f0c1245da28d.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "79a51465-ba7c-4d62-9701-3d3048e32ecb.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "e37b0cc4-a65c-47f4-b688-fe662e39b208.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a91cdadf-cf7e-4bef-9a85-ecc337f8497a.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9dde50ef-ef6f-4aeb-b336-36dcdbe3e354.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "0a709337-99cf-4dbc-ac80-372ffa2bea54.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "8d825f93-a3ea-4883-8755-26b2d960f468.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "017fe334-6cac-49b0-b349-463a86ab5daf.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "26bb03ef-3f7a-442d-85d7-c89b2e529209.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "69d69dbe-119e-45a5-90dc-23408c7307f3.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "81a4b299-633c-4490-8433-f8cedaf44565.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "515c7eac-052e-4438-9cb6-abdc74e77c3b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a78fdca7-8f02-4e90-99b8-4f53290f2de7.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ae1bb607-c6f2-4c3f-911e-51672deb1fb2.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "assistant_installer_20230909124551.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-10688.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-11352.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "0d512ce0-043b-4cc4-9eee-d2e14d6096a2.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "~DF12770EFFD26C212F.TMP"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2a9e72e8-0474-4545-ba29-a74478298d70.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2a2215f6-599f-455d-a13f-01643113b5f8.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2d458545-5146-406d-b73c-017278aa468b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2ddd15aa-753e-405d-af13-2c5f78600d4b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2f4808aa-1d30-4c26-a6db-4962cf596d39.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "03c081a4-a9d0-48d7-a53f-b08b079242d7.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "3dc66679-6565-41dc-a410-7c87af280a48.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "6e88977e-20d3-4d8e-9602-37ad6d38a238.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "8ec78666-4dc4-4a41-ab6a-1398633466bf.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9dd74573-2b65-4617-aee0-ac5ea4bdfd33.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "25d367e6-3683-480c-b1d2-08afa3bdd124.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "29c2922f-1a93-4984-9dc7-1fa7393a0d3f.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "65eeb7d8-e379-47ec-9ba8-3f28cb0fe07e.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "68d28bda-c859-4638-8a6f-7c6ed1c792e6.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "74c66e7e-0d2e-43d6-8ac2-7965c3a4ed63.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "e4dce29c-5320-464c-9f66-955e2748d746.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "e83d29e9-3ec9-496e-867d-7ed5cb8ea538.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ec948785-c546-412e-b925-a0b1ca297bf5.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "~DF382F7B16BFFB8278.TMP"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2b2ee02f-f502-4a32-a5e7-d48de29ad69d.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "3a3c0a6a-d034-47c9-b6e0-253f116ed8d7.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "5d3b0c41-50f6-4198-b8c7-261d947d419b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "5fdf2624-fbd2-47f1-880f-b81c03a391cc.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "6d277e08-ef57-4449-bb8e-a62ef7f66c67.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7be9dd6b-6789-4aa0-8c0c-e6f355e430b6.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9fe265bb-895f-412a-93e0-4d41ad18b74a.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "44d26f6d-fc66-474b-8686-482bae556eea.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "54d4ffda-eadf-41c2-b1b4-1001d2034eac.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "64b2424e-0197-49f7-b0b7-59c46b3bb77c.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "75a7af82-1584-45ea-8518-43bdc7982cc7.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "83e803d2-3330-472e-8cf7-aee04d417ce9.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "90b8b0e0-8476-415a-8c48-ead7e6834958.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "90e201e8-00f0-4f79-b890-9d671614dcf5.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "692ce983-1587-4f20-8b3f-f6a8d94f1edf.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "0754a294-5546-4c21-9d32-993ed82a980b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "3806196d-396e-4330-ba1c-fbe7753d7dd4.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a15a8d5c-a558-4b7b-903e-ed2314aeed3d.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a81bcafe-e504-4f3a-b57f-d95012a9138b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "b6bd0f7e-4a13-4874-bb9f-ea25faf8207e.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "b7efd749-d185-4745-9bc6-a396717bcf3e.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "b63c40ed-956d-4c6e-9e59-ab1a70a766a7.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "b91ad984-5e8a-49f7-b1a9-4e2916dfdba8.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bce7bfa2-ad8b-42e1-beaa-9f5ff4e6a3e7.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "bcf6b9de-207a-4ec5-bd18-3c0466aa7297.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "cdb382a3-5e05-429d-9fe0-ae7e810c126e.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "d1a1469e-c5a3-4c16-a9ca-43b63ceffdda.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "de5ed909-de67-4234-aad1-facdb9afb132.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "e04897ef-f9f0-4711-be21-4d00daa9f76e.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ef8e6659-1e24-47f0-a5cf-153c182e1a36.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f58ea10f-f24b-46c4-8cbf-86dd343f6022.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f734d4a0-2ab9-4c34-a6ae-23d7968193d2.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ff8386f6-9e42-4ea3-b8aa-04dc4c4a3079.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "1cbe6d1b-76dc-4da2-8fa7-4db79d0f7892.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "ded90ef2-f596-454e-bc10-5410bc8e06ba.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "~DF6635EAFAFC8EB9AB.TMP"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "{5A736EF4-6252-4324-B8FB-5E68903D1C97} - OProcSessId.dat"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "0cf74124-0500-41ba-ae74-f3c5f4f9d665.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "02caca28-e34c-4f2d-839c-416ccbd2eff0.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "2f3c1912-1439-4af2-8608-5c5f7de0425d.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "3a480fd8-7e24-4b3b-abae-1956b6d28a72.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "4c062a2c-83aa-4af5-b6f3-779bf5db829c.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "7ab34dc7-96e0-4c62-b656-37318c682058.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "8eb792f0-9990-420e-9066-b62214932fdf.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9b8063b4-6ad5-4daa-9018-11bf1e037891.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "32b8328e-d26c-441b-8786-8d5bc4c603a3.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "043aa73d-fd9b-4c17-b5bf-1579eff313fd.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "47a3ae87-8b65-431d-9926-7404257fc65d.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "56b137ab-b7e3-457b-8299-39d1f56f0a73.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "96ba76ba-682d-403e-9eee-85be73993f9b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "352b6379-3900-4275-97eb-3dd4df3a93dc.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "381f4c31-8957-4d5c-8ccc-cce18ca28f72.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "662dfdfc-0767-43d0-9dd7-aef86954df79.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "819a4d87-09ee-4509-8577-49e0dca8e7fd.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "871e8409-e8a0-432e-b94f-3654a3049a7e.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "1223ce69-4c32-40b5-ae22-6396b5288394.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "78982ec5-f75c-4a23-9838-d83c1d405a2a.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "53335201-90d5-4bfd-ba96-b4b9c1b00ab4.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "a5add8b4-f48b-4a01-a255-91a81ef82502.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "c6982afa-5772-4490-8152-6af459b0d420.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "e7e625c2-8675-4da2-870b-aa363146c97d.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "e12bd47d-c184-40af-932e-e7d482e34830.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f6dddbda-94b2-4f60-80c2-48237770aaab.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f3236af6-a737-48fc-b1ec-809708d51662.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "f7289286-bce3-4a24-89f7-27e5eb7cb068.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "fd28211d-86ab-4c45-b4e7-3325fdde7476.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "mat-debug-10288.log"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "449a6617-050b-4269-8db4-00aba3489ff1.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "405b60b4-7acb-43c3-9cb7-214b5eb1f21b.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "83e30f2c-fa2c-4c95-a107-bda1f7c5bcae.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "81cf91c2-67a7-4499-bf7a-206abd6f5a0d.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "49ef63ca-6c81-496c-bd5b-b7d757c225b1.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "44a1c997-e2ab-45c6-b17e-19a3f9ba3afd.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9ddd944d-ae10-4735-8e1f-62b2ac1f8af4.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "9d633e14-0644-4d8a-a0ad-e29855b6187d.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\StartupFolder: => "0bb3ccfa-2252-4056-b7bc-2ce36584e153.tmp"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "uTorrent"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "AMDNoiseSuppression"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "IDMan"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "NeatDM"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "Web Companion"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "ut"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_90C0C776FC4CC570E7FB3277B161E7B0"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "WingetUI"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "Opera GX Stable"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "TaskbarSystem"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B7C06C68F464209BF2BA4F21CB7E80AF"

HKU\S-1-5-21-1323333070-3634341992-397913038-1001\...\StartupApproved\Run: => "Opera Stable"

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{C09FA41F-D90F-4D51-BDF1-0A4A46B8D72A}] => (Allow) C:\Program Files\Fortect\MainService.exe (Fortect LTD -> Fortect LTD.)

FirewallRules: [{7F7B3E4F-ACD3-4B4A-8BD8-E7B765DD2FED}] => (Allow) C:\Program Files\Fortect\MainService.exe (Fortect LTD -> Fortect LTD.)

FirewallRules: [{AD3398AA-2440-4E1C-B84B-237164C72CDD}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

FirewallRules: [{FBD543E2-5868-4ED0-8A89-EEAAF3A1321E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

 

==================== Restore Points =========================

 

08-09-2023 05:25:26 Instalador de Módulos do Windows

10-09-2023 00:26:24 Ponto de verificação por HitmanPro

12-09-2023 10:38:52 Revo Uninstaller's restore point - Driver Booster 10

12-09-2023 10:42:23 Revo Uninstaller's restore point - Combo Cleaner

12-09-2023 10:43:48 Revo Uninstaller's restore point - Combo Cleaner

12-09-2023 10:44:51 Revo Uninstaller's restore point - Spider-Man 3 ™

12-09-2023 10:50:29 Removed HDD Regenerator.

12-09-2023 10:56:48 Restore Point Created by FRST

12-09-2023 11:48:09 Revo Uninstaller's restore point - Wondershare NativePush(Build 1.0.0.7)

12-09-2023 11:48:50 Revo Uninstaller's restore point - Epson Event Manager

12-09-2023 11:49:03 Removed Epson Event Manager

 

==================== Faulty Device Manager Devices ============

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (09/12/2023 06:48:43 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-RTLM44P)

Description: Nome do aplicativo com falha: ACCStd.exe, versão: 4.0.3042.0, carimbo de data/hora: 0x61cc5d9c

Nome do módulo com falha: KERNELBASE.dll, versão: 10.0.22621.2134, carimbo de data/hora: 0xc42b59fb

Código de exceção: 0xe0434352

Deslocamento da falha: 0x0000000000064c3c

ID do processo com falha: 0x0x2cb0

Hora de início do aplicativo com falha: 0x0x1d9e5bfdeef9c49

Caminho do aplicativo com falha: C:\Program Files (x86)\Acer\Care Center\ACCStd.exe

Caminho do módulo com falha: C:\WINDOWS\System32\KERNELBASE.dll

ID do Relatório: 91e74419-c947-47b3-88fe-083fd92c11b1

Nome completo do pacote com falha:

ID do aplicativo relativo ao pacote com falha:

 

Error: (09/12/2023 06:48:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Aplicativo: ACCStd.exe

Versão do Framework: v4.0.30319

Descrição: O processo foi terminado devido a uma exceção sem tratamento.

Informações da Exceção: System.InvalidOperationException

   em System.ThrowHelper.ThrowInvalidOperationException(System.ExceptionResource)

   em System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNextRare()

   em Acer.CareCenter.Diagnostic.MultiDevicesTests..ctor(DiagnosticPlugin.DeviceManager)

   em Acer.CareCenter.Diagnostic.DiagnosticController_Memory.GetAllTestItems()

   em Acer.CareCenter.ACCStd.DiagnosticManager_ACCStd_for_Memory.GetSpecificTestItems(DeviceType)

   em Acer.CareCenter.ACCStd.DiagnosticManager_ACCStd_for_Memory.DeviceInfoUpdate(System.Object, Acer.CareCenter.Diagnostic.DeviceInfoUpdateEventArgs)

   em Acer.CareCenter.Diagnostic.ADSPlgSimpleCtl.InfoUpdate(System.Object, DiagnosticEvent.InformationUpdateEventArgs)

   em WiFiDevice.WiFiManager.NetworkChange_NetworkAddressChanged(System.Object, System.EventArgs)

   em System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   em System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   em System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   em System.Net.NetworkInformation.NetworkChange+AddressChangeListener.AddressChangedCallback(System.Object, Boolean)

   em System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)

 

Error: (09/12/2023 06:48:42 PM) (Source: CertEnroll) (EventID: 86) (User: AUTORIDADE NT)

Description: Falha na inicialização do registro de certificado SCEP para WORKGROUP\DESKTOP-RTLM44P$ via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep:

 

GetCACaps

GetCACaps: Not Found

{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}

HTTP/1.1 404 Not Found

Date: Tue, 12 Sep 2023 21:48:44 GMT

Content-Length: 121

Content-Type: application/json; charset=utf-8

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000;includeSubDomains

x-ms-request-id: f88de6e1-8da7-4248-998b-ded4fdc9be1b

 

Método: GET(281ms)

Estágio: GetCACaps

Não encontrado (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

 

Error: (09/12/2023 06:48:41 PM) (Source: CertEnroll) (EventID: 86) (User: AUTORIDADE NT)

Description: Falha na inicialização do registro de certificado SCEP para Sistema local via https://AMD-KeyId-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net/templates/Aik/scep:

 

GetCACaps

GetCACaps: Not Found

{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}

HTTP/1.1 404 Not Found

Date: Tue, 12 Sep 2023 21:48:44 GMT

Content-Length: 121

Content-Type: application/json; charset=utf-8

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000;includeSubDomains

x-ms-request-id: 80e85dc8-a6c9-4d36-b82b-9654bf5dc490

 

Método: GET(594ms)

Estágio: GetCACaps

Não encontrado (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

 

Error: (09/12/2023 06:40:27 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\Users\Kaique-Vidal\AppData\Local\CapCut\Apps\CapCut.exe". Erro no arquivo de manifesto ou de política "", na linha .

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2070_none_6ec11d2a87fe200c.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2070_none_2713e6537381f706.manifest.

 

Error: (09/12/2023 06:40:27 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\Users\Kaique-Vidal\AppData\Local\CapCut\Apps\CapCut.exe". Erro no arquivo de manifesto ou de política "", na linha .

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2070_none_6ec11d2a87fe200c.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2070_none_2713e6537381f706.manifest.

 

Error: (09/12/2023 06:24:03 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\Users\Kaique-Vidal\AppData\Local\CapCut\Apps\CapCut.exe". Erro no arquivo de manifesto ou de política "", na linha .

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2070_none_6ec11d2a87fe200c.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2070_none_2713e6537381f706.manifest.

 

Error: (09/12/2023 06:11:47 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\Users\Kaique-Vidal\AppData\Local\CapCut\Apps\CapCut.exe". Erro no arquivo de manifesto ou de política "", na linha .

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2070_none_6ec11d2a87fe200c.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.2070_none_2713e6537381f706.manifest.

 

 

System errors:

=============

Error: (09/12/2023 06:24:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço AMDRyzenMasterDriverV19 devido ao seguinte erro:

O sistema não pode encontrar o arquivo especificado.

 

Error: (09/12/2023 06:23:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT)

Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente.

 

Caminho do Módulo: C:\WINDOWS\system32\mtkihvx.dll

 

Error: (09/12/2023 06:23:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT)

Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente.

 

Caminho do Módulo: C:\WINDOWS\system32\mtkihvx.dll

 

Error: (09/12/2023 06:18:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: O serviço AMD User Experience Program Data Uploader foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

 

Error: (09/12/2023 06:18:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.

 

Error: (09/12/2023 06:18:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: O serviço Microsoft Office Click-to-Run Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

 

Error: (09/12/2023 06:18:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: O serviço McAfee WebAdvisor foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 1 milissegundos: Reiniciar o serviço.

 

Error: (09/12/2023 06:18:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: O serviço Macrium Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

 

 

Windows Defender:

================

Date: 2023-09-11 13:34:24

Description:

Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.

Para obter mais informações, veja a seguir:

https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.B!ml&threatid=2147735503&enterprise=0

Nome: Trojan:Script/Wacatac.B!ml

Gravidade: Grave

Categoria: Cavalo de Tróia

Caminho: file:_C:\Windows\Temp\tmp000002ee\tmp0041fc62

Origem da Detecção: Computador local

Tipo da Detecção: FastPath

Fonte da Detecção: Proteção em Tempo Real

Usuário: AUTORIDADE NT\SISTEMA

Nome do Processo: D:\ComboCleaner.Guard.exe

Versão da Inteligência de Segurança: AV: 1.397.779.0, AS: 1.397.779.0, NIS: 1.397.779.0

Versão do Mecanismo: AM: 1.1.23080.2005, NIS: 1.1.23080.2005

 

Date: 2023-09-11 13:32:09

Description:

Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.

Para obter mais informações, veja a seguir:

https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sabsik.FL.B!ml&threatid=2147780203&enterprise=0

Nome: Trojan:Win32/Sabsik.FL.B!ml

Gravidade: Grave

Categoria: Cavalo de Tróia

Caminho: file:_D:\Setup_123_Passwords_Full\Setup.exe

Origem da Detecção: Computador local

Tipo da Detecção: FastPath

Fonte da Detecção: Proteção em Tempo Real

Usuário: DESKTOP-RTLM44P\Kaique

Nome do Processo: C:\Users\Kaique-Vidal\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe

Versão da Inteligência de Segurança: AV: 1.397.779.0, AS: 1.397.779.0, NIS: 1.397.779.0

Versão do Mecanismo: AM: 1.1.23080.2005, NIS: 1.1.23080.2005

 

Date: 2023-09-11 13:18:30

Description:

Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.

Para obter mais informações, veja a seguir:

https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AgentTesla!ml&threatid=2147760503&enterprise=0

Nome: Trojan:Win32/AgentTesla!ml

Gravidade: Grave

Categoria: Cavalo de Tróia

Caminho: file:_C:\Windows\Temp\tmp000002ee\tmp001576f5

Origem da Detecção: Computador local

Tipo da Detecção: FastPath

Fonte da Detecção: Proteção em Tempo Real

Usuário: AUTORIDADE NT\SISTEMA

Nome do Processo: D:\ComboCleaner.Guard.exe

Versão da Inteligência de Segurança: AV: 1.397.779.0, AS: 1.397.779.0, NIS: 1.397.779.0

Versão do Mecanismo: AM: 1.1.23080.2005, NIS: 1.1.23080.2005

 

Date: 2023-09-11 13:11:07

Description:

Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.

Para obter mais informações, veja a seguir:

https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sabsik.FL.B!ml&threatid=2147780203&enterprise=0

Nome: Trojan:Win32/Sabsik.FL.B!ml

Gravidade: Grave

Categoria: Cavalo de Tróia

Caminho: file:_D:\Setup_123_Passwords_Full\Setup.exe

Origem da Detecção: Computador local

Tipo da Detecção: FastPath

Fonte da Detecção: Proteção em Tempo Real

Usuário: AUTORIDADE NT\SISTEMA

Nome do Processo: D:\ComboCleaner.Guard.exe

Versão da Inteligência de Segurança: AV: 1.397.779.0, AS: 1.397.779.0, NIS: 1.397.779.0

Versão do Mecanismo: AM: 1.1.23080.2005, NIS: 1.1.23080.2005

 

Date: 2023-09-11 13:10:17

Description:

Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.

Para obter mais informações, veja a seguir:

https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sabsik.FL.B!ml&threatid=2147780203&enterprise=0

Nome: Trojan:Win32/Sabsik.FL.B!ml

Gravidade: Grave

Categoria: Cavalo de Tróia

Caminho: file:_D:\Setup_123_Passwords_Full\Setup.exe

Origem da Detecção: Computador local

Tipo da Detecção: FastPath

Fonte da Detecção: Proteção em Tempo Real

Usuário: DESKTOP-RTLM44P\Kaique

Nome do Processo: C:\Users\Kaique-Vidal\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe

Versão da Inteligência de Segurança: AV: 1.397.779.0, AS: 1.397.779.0, NIS: 1.397.779.0

Versão do Mecanismo: AM: 1.1.23080.2005, NIS: 1.1.23080.2005

Event[0]

 

Date: 2023-09-11 13:19:20

Description:

Microsoft Defender Antivírus encontrou um erro ao tentar carregar um arquivo suspeito para análise posterior.

Nome do Arquivo: C:\Windows\Temp\tmp000002ee\tmp0016a9fe

Sha256: 705c9a5f54d00a8e96a3c0bf6ee5494af89211a1af8dbe41c8e1d82c283747b8

Versão da Inteligência de Segurança Atual: AV: 1.397.779.0, AS: 1.397.779.0

Versão Atual do Mecanismo: 1.1.23080.2005

Código de Erro: 0x80508016

 

 

Date: 2023-09-11 13:18:45

Description:

Microsoft Defender Antivírus encontrou um erro ao tentar carregar um arquivo suspeito para análise posterior.

Nome do Arquivo: C:\Windows\Temp\tmp000002ee\tmp0015bf6d

Sha256: 932fe2bfcc0c739b212d91f127f99edbf22c82c0dc8d190dfd79f1bb1a6942cf

Versão da Inteligência de Segurança Atual: AV: 1.397.779.0, AS: 1.397.779.0

Versão Atual do Mecanismo: 1.1.23080.2005

Código de Erro: 0x80508016

 

 

Date: 2023-09-11 13:18:45

Description:

Microsoft Defender Antivírus encontrou um erro ao tentar carregar um arquivo suspeito para análise posterior.

Nome do Arquivo: C:\Windows\Temp\tmp000002ee\tmp00159a34

Sha256: 2beeff984388461c867cc062039a464d6a9131968c4b14c51df0b37d5fcc6d1b

Versão da Inteligência de Segurança Atual: AV: 1.397.779.0, AS: 1.397.779.0

Versão Atual do Mecanismo: 1.1.23080.2005

Código de Erro: 0x80508016

 

 

Date: 2023-09-11 13:18:28

Description:

Microsoft Defender Antivírus encontrou um erro ao tentar carregar um arquivo suspeito para análise posterior.

Nome do Arquivo: C:\Windows\Temp\tmp000002ee\tmp0014e75c

Sha256: 67a648e12deedf8cc55970868ba68a9b1114e05821dfcf974ac623986cde8f90

Versão da Inteligência de Segurança Atual: AV: 1.397.779.0, AS: 1.397.779.0

Versão Atual do Mecanismo: 1.1.23080.2005

Código de Erro: 0x80508016

 

 

Date: 2023-09-10 00:32:38

Description:

Microsoft Defender Antivírus encontrou um erro ao tentar carregar um arquivo suspeito para análise posterior.

Nome do Arquivo: C:\Windows\Temp\tmp00000585\tmp0002a8bf

Sha256: 9cf1c37a7566fc3bb5ebcf58a633f4574f32addf6082f2b504e33857c9cf6ca5

Versão da Inteligência de Segurança Atual: AV: 1.397.696.0, AS: 1.397.696.0

Versão Atual do Mecanismo: 1.1.23080.2005

Código de Erro: 0x80508016

 

 

CodeIntegrity:

===============

Date: 2023-09-09 22:12:41

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info ===========================

 

BIOS: INSYDE Corp. V1.14 07/04/2023

Motherboard: LN Calla_LC

Processor: AMD Ryzen 7 5700U with Radeon Graphics

Percentage of memory in use: 39%

Total physical RAM: 19818.31 MB

Available physical RAM: 11954.9 MB

Total Virtual: 21098.31 MB

Available Virtual: 11545.86 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:930.66 GB) (Free:789.92 GB) (Model: WD_BLACK SN770 1TB) NTFS

Drive e: () (Fixed) (Total:0.09 GB) (Free:0.06 GB) (Model: WD_BLACK SN770 1TB) FAT32

 

\\?\Volume{46d56a73-b334-4276-848e-02e8f72da849}\ () (Fixed) (Total:0.72 GB) (Free:0.08 GB) NTFS

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt =======================


#15 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:23 PM

Posted 13 September 2023 - 11:39 AM

Greetings.

There was evidence in your previous reports indicating Microsoft Office Professional 2016 might not be properly activated (cracked). If that is the case I would like you to uninstall the program using Revo Uninstaller.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix From Installed Recovery Partition

--------------------
  • If necessary, download Farbar Recover Scan Tool for 64 bit systems and save it to a USB device
  • Download Attached File  fixlist.txt   18.73KB   2 downloads and save it in the same USB device
  • Insert the USB device into your compromised computer
  • Holding down the Shift Key click Start, click the power icon, then select Reboot
  • Click Troubleshoot
  • Click Advanced options
  • Click Command Prompt
  • Choose an account to continue
  • If necessary, enter the password then hit Continue
  • You should be presented with a black command prompt screen
  • In the command window type in Notepad and press Enter.
  • Under File menu select Open
  • Select This PC and double click on your USB drive letter
  • Next to Files of type: select All Files
  • Right click on the FRST icon and select Run as administrator
  • Click Yes to disclaimer that may appear
  • Press Fix button
  • Reboot your computer
  • A fixlog.txt file will be saved on the USB drive. Please copy and paste it to your reply. If the report is too large attach it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Uninstall Office?
  • Fixlog

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

Back to Virus, Trojan, Spyware, and Malware Removal Help


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·