Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-01-2023 Ran by Joao Paulo (administrator) on LAPTOP-G8GJENNS (LENOVO 80XN) (18-01-2023 11:23:42) Running from C:\Users\Joao Paulo\Desktop Loaded Profiles: Joao Paulo Platform: Microsoft Windows 10 Home Version 21H2 19044.2364 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3> (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCopyAccelerator.exe (C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.381.2283.0.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe (cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\Joao Paulo\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <58> (Malwarebytes Inc. -> Malwarebytes) C:\Users\Joao Paulo\Desktop\adwcleaner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (svchost.exe ->) (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (svchost.exe ->) (Intel(R) System Usage Report -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (svchost.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe <2> (svchost.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe <2> (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe <2> (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <2> (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <2> (wuauclt.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.381.2283.0.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2017-05-19] (LENOVO -> ) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391088 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321112 2019-07-29] (Intel(R) Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [829632 2016-06-24] (Dolby Laboratories, Inc. -> ) HKLM-x32\...\Run: [Backup] => C:\Program Files (x86)\Wondershare\drfone\Addins\Backup\DrFoneBackup.exe [1481736 2022-03-03] (Wondershare Technology Co.,Ltd -> Wondershare) HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [292120 2022-10-26] (Intel Corporation -> Intel) HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Joao Paulo\AppData\Local\Microsoft\Teams\Update.exe [2585824 2022-12-07] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\Run: [MicrosoftEdgeAutoLaunch_BF969105AA6EFC316474474FBDA0F7DB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188616 2023-01-15] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Joao Paulo\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File) HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Joao Paulo\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) HKU\S-1-5-21-967556649-2745294871-1311300776-1001\...\RunOnce: [Uninstall 22.238.1114.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joao Paulo\AppData\Local\Microsoft\OneDrive\22.238.1114.0002" (No File) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\108.0.5359.126\Installer\chrmstp.exe [2023-01-17] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06DC0CE5-7129-4957-B699-8B610CAFF65A} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-967556649-2745294871-1311300776-1001 => C:\Users\Joao Paulo\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [89096 2022-10-19] (Lenovo (Beijing) Limited -> Lenovo Group Limited) Task: {075D8673-4864-4A4F-B758-4ACC84F89568} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [190744 2016-10-07] (CyberLink Corp. -> CyberLink) Task: {160635D2-ACC3-4860-9A9D-66B7097C81B9} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.) Task: {1718FD9E-B4F3-45DE-BB10-862508392086} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.) Task: {1A0802ED-D01D-465F-A33E-2DDCB04FDFE7} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation) Task: {23FC0427-7D29-41E6-AC21-E3EF90F83843} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService Task: {38C55568-1F89-45A4-BEC0-D29CC006A811} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-21] (Google Inc -> Google Inc.) Task: {3C792BD9-CF82-4DFF-B643-FFFE31F340C1} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService Task: {4103613B-CE03-4677-B3B5-931B4BDF1D97} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [149280 2022-09-23] (Lenovo -> Lenovo Group Ltd.) Task: {52CE1D07-18C9-4369-B02B-234E5EA6512C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {5381F3BB-9B66-4A9F-999A-C3F906F66277} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {55CA1C27-0612-4083-A856-7348AFE69E21} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26308584 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {59DF6D7D-F78E-409F-8589-3FECC81C60A7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {6A7CBA0F-BA78-4D7B-9B59-A187CFAC3A05} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b725a58a-a554-4691-a0d2-baad0fedbefe => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {6F918C58-17CE-4BD7-94F2-5BD54D4F8D16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-21] (Google Inc -> Google Inc.) Task: {6FB14A92-C6C9-4305-93BE-6E7D21B33AEB} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [347416 2016-09-20] (CyberLink Corp. -> CyberLink Corp.) Task: {76BB19AA-3D3C-4193-8AB5-B0B7AE8F3359} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26308584 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {826386E4-6EE5-424A-AC73-CEDB6AA28D17} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {8435CE91-D02F-49FF-8C7E-FF3F4EDC82E3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {87BA84DF-290B-42CD-AB41-1E559BB2F682} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {9434C3B9-BE69-4022-9510-95220233202D} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {9B12D483-BBEA-4732-9D2F-38180A80D757} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.) Task: {A9377849-5810-450D-AA1E-165567A37855} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {AA2A7309-5C95-4D43-BE91-2DDCBDCB7F34} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f121ba81-4883-4e4d-aea1-ec97c41be3b4 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {AB5B9185-B25C-4597-B503-AFF2064A3F9A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ec194495-742c-4a57-a32a-e0666c4dd654 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {AFF4551E-2C05-4217-A2BC-9F3C9C828B39} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114656 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {B03B038B-648F-4AA1-B097-3171B49489FD} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2016-09-29] (CyberLink Corp. -> CyberLink Corp.) Task: {BAB3A5E5-E0C9-43B3-916A-E74DDC96C634} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.) Task: {CB3136C5-38A0-482A-9C30-365CE1154B76} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\93eea8e4-0028-4525-b6f9-84e865977da7 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {DE4433A9-91F5-4778-9BB1-106CB31DE537} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation) Task: {DF8B1850-B50E-417F-9F79-96A932F90F5E} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1900320 2022-09-29] (Lenovo -> ) Task: {E71BA277-A98F-4454-A716-A98A466C1B8F} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" Task: {EBB05E31-333D-4087-BB58-5EC65F6B01F2} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {F1EFDA1B-A98E-4E76-8795-D33A10744345} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F27DF891-0DE5-4305-9151-2DABAA5B7399} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1900320 2022-09-29] (Lenovo -> ) Task: {F8A27A36-7F0A-4BF8-BFDC-DECECCCE623A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114656 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {FE677045-F9D0-4111-9AF1-87FB14FFEE0C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.101.1 Tcpip\..\Interfaces\{21d9c648-867d-44cc-a8ee-b4c7a37f5f59}: [DhcpNameServer] 150.201.1.2 Tcpip\..\Interfaces\{2505d16f-0de9-46ad-bcde-abbbf6f21395}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{2505d16f-0de9-46ad-bcde-abbbf6f21395}: [DhcpNameServer] 192.168.101.1 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\Joao Paulo\AppData\Local\Microsoft\Edge\User Data\Default [2022-12-09] FireFox: ======== FF DefaultProfile: 09gaf2p1.default FF ProfilePath: C:\Users\Joao Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\09gaf2p1.default [2023-01-14] FF Extension: (Video DownloadHelper) - C:\Users\Joao Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\09gaf2p1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-01-03] FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-11-14] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-12] (Microsoft Corporation -> Microsoft Corporation) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2021-08-14] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Default [2023-01-18] CHR Extension: (ChromeQualis) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmphlehdnbaffijjbakolbdmicdifoeo [2023-01-16] CHR Extension: (Adobe Acrobat: ferramentas para editar, converter e assinar PDFs) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-01-02] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-01-02] CHR Extension: (Documentos Google off-line) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-09] CHR Extension: (Screen Recorder - Gravador de ecrã) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniebljpgcogalllopnjokppmgbhaden [2022-02-03] CHR Extension: (Excel Online) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2022-05-10] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-06] CHR Profile: C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-01-17] CHR Profile: C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-05-26] CHR Extension: (Apresentações) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-10-18] CHR Extension: (Documentos) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-10-18] CHR Extension: (Google Drive) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-10-18] CHR Extension: (YouTube) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-10-18] CHR Extension: (Planilhas) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-10-18] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-11-06] CHR Extension: (Documentos Google off-line) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-18] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-18] CHR Extension: (Gmail) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-10-18] CHR Profile: C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-05-16] CHR Extension: (Apresentações) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-12-07] CHR Extension: (Documentos) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-12-07] CHR Extension: (Google Drive) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-12-07] CHR Extension: (YouTube) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-12-07] CHR Extension: (Planilhas) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-12-07] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-12-07] CHR Extension: (Documentos Google off-line) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-07] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-07] CHR Extension: (Gmail) - C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-12-07] CHR Profile: C:\Users\Joao Paulo\AppData\Local\Google\Chrome\User Data\System Profile [2023-01-17] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.) S4 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [680288 2016-12-06] (LENOVO -> Lenovo) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12540928 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) S2 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [1051648 2022-02-11] (wondershare) [File not signed] S2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2018-09-25] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) S2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [41240 2022-10-26] (Intel Corporation -> Intel) S3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [201496 2022-10-26] (Intel Corporation -> Intel) S2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Backup\ElevationService.exe [913408 2022-03-03] () [File not signed] S2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) S4 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe [31248 2021-09-16] (Lenovo -> Lenovo Group Ltd.) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\4.1.213\McCHSvc.exe [317904 2022-03-25] (McAfee, LLC -> McAfee, LLC) S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12849960 2021-03-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation) S2 WirelessBackupService; C:\Program Files (x86)\Wondershare\drfone\Addins\Backup\WirelessBackupService.exe [3094536 2022-03-03] (Wondershare Technology Co.,Ltd -> ) S2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262880 2022-03-17] (Wondershare Technology Co.,Ltd -> Wondershare) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] R3 MpKsl4e3ce27e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1DC1D5D-54A5-4D93-AACA-2D16800D87CC}\MpKslDrv.sys [214280 2023-01-17] (Microsoft Windows -> Microsoft Corporation) S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [203296 2020-07-19] (Disc Soft Ltd -> Duplex Secure Ltd) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2022-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [473376 2022-12-09] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-09] (Microsoft Windows -> Microsoft Corporation) R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [61456 2020-08-11] (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-01-18 11:23 - 2023-01-18 11:38 - 000028176 _____ C:\Users\Joao Paulo\Desktop\FRST.txt 2023-01-17 13:24 - 2023-01-17 13:24 - 000002645 _____ C:\Users\Joao Paulo\Desktop\AdwCleaner[C00].txt 2023-01-17 12:53 - 2023-01-17 12:53 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-01-14 00:31 - 2023-01-14 00:31 - 002376704 _____ (Farbar) C:\Users\Joao Paulo\Desktop\FRST64.exe 2023-01-14 00:18 - 2023-01-14 00:24 - 000000000 ____D C:\AdwCleaner 2023-01-14 00:12 - 2023-01-14 00:13 - 008791352 _____ (Malwarebytes) C:\Users\Joao Paulo\Desktop\adwcleaner.exe 2023-01-10 12:00 - 2023-01-10 12:00 - 000065376 _____ C:\Users\Joao Paulo\Downloads\Plano de Ação - Transição Calben.xlsx 2023-01-10 10:33 - 2023-01-10 10:33 - 000002623 _____ C:\Users\Joao Paulo\Desktop\oficce2019.cmd 2023-01-10 10:31 - 2023-01-10 10:31 - 000000000 _____ C:\Users\Joao Paulo\Desktop\oficce2019.txt 2023-01-10 10:19 - 2023-01-10 10:19 - 000000000 ___HD C:\$WinREAgent 2023-01-03 10:17 - 2023-01-03 10:17 - 000613081 _____ C:\Users\Joao Paulo\Downloads\1672751874672_arquivo.pdf 2023-01-03 10:13 - 2023-01-03 10:13 - 000326289 _____ C:\Users\Joao Paulo\Downloads\1672751611054_arquivo.pdf 2023-01-02 10:37 - 2023-01-02 10:37 - 009766381 _____ C:\Users\Joao Paulo\Downloads\Folder .pdf 2022-12-26 23:07 - 2022-12-27 08:29 - 000000000 ____D C:\Users\Joao Paulo\Desktop\apagar ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-01-18 11:38 - 2018-04-05 07:51 - 000000000 ____D C:\Users\Joao Paulo\AppData\LocalLow\Mozilla 2023-01-18 11:37 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-01-18 11:34 - 2022-05-11 23:11 - 000000000 ____D C:\FRST 2023-01-18 11:33 - 2018-02-21 15:15 - 000000000 ____D C:\Program Files (x86)\Google 2023-01-18 11:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-01-18 11:14 - 2022-12-09 17:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-01-17 21:25 - 2018-02-21 15:15 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-01-17 21:25 - 2018-02-21 15:15 - 000002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2023-01-17 20:58 - 2022-12-09 18:03 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-967556649-2745294871-1311300776-1001 2023-01-17 20:58 - 2022-12-09 18:03 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-967556649-2745294871-1311300776-1001 2023-01-17 20:58 - 2022-12-08 07:44 - 000002401 _____ C:\Users\Joao Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-01-17 20:57 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-01-17 13:08 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF 2023-01-17 13:07 - 2018-03-03 11:55 - 000000000 ____D C:\WINDOWS\system32\MRT 2023-01-17 12:53 - 2020-07-19 09:01 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-01-17 12:19 - 2018-03-03 11:54 - 150199536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2023-01-14 00:24 - 2020-01-25 20:45 - 000000000 ____D C:\Users\Joao Paulo\AppData\Local\Lavasoft 2023-01-10 12:19 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-01-10 12:06 - 2018-02-21 15:09 - 000000000 ____D C:\Users\Joao Paulo\AppData\Local\Packages 2023-01-10 10:36 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\ServiceState 2023-01-10 10:18 - 2022-12-09 18:03 - 000003674 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-01-10 10:18 - 2022-12-09 18:03 - 000003550 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-01-03 10:09 - 2022-12-09 18:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2023-01-03 10:09 - 2018-04-05 07:50 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-01-03 10:09 - 2018-04-05 07:50 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-01-03 10:09 - 2018-04-05 07:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-01-03 09:59 - 2018-02-21 15:09 - 000000000 __SHD C:\Users\Joao Paulo\IntelGraphicsProfiles 2023-01-03 09:56 - 2022-12-09 18:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-01-03 09:56 - 2020-12-12 20:13 - 000008192 ___SH C:\DumpStack.log.tmp 2022-12-30 17:40 - 2022-12-08 07:44 - 000000000 ____D C:\Users\Joao Paulo 2022-12-30 17:25 - 2022-12-09 17:36 - 001746352 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-12-30 17:25 - 2022-12-08 04:42 - 000755624 _____ C:\WINDOWS\system32\prfh0416.dat 2022-12-30 17:25 - 2022-12-08 04:42 - 000149894 _____ C:\WINDOWS\system32\prfc0416.dat 2022-12-30 17:20 - 2022-12-09 17:09 - 000382664 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-12-30 17:18 - 2019-12-07 06:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2022-12-30 17:15 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2022-12-30 17:15 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2022-12-30 17:15 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2022-12-30 17:15 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2022-12-30 17:15 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2022-12-30 17:15 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2022-12-30 17:14 - 2019-12-07 06:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2022-12-30 17:14 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-12-30 17:14 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2022-12-30 17:14 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2022-12-30 17:14 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2022-12-30 17:14 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2022-12-30 17:14 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2022-12-30 17:14 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2022-12-30 17:13 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\Provisioning 2022-12-30 17:13 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-12-30 17:13 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\System 2022-12-30 17:12 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemApps 2022-12-29 09:15 - 2017-05-19 02:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2022-12-27 01:41 - 2022-12-08 02:27 - 000000000 ___DC C:\WINDOWS\Panther 2022-12-27 00:53 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\servicing 2022-12-26 23:31 - 2022-12-09 17:14 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll ==================== Files in the root of some directories ======== 2021-12-18 17:47 - 2021-12-18 17:47 - 000000017 _____ () C:\Users\Joao Paulo\AppData\Local\resmon.resmoncfg 2022-04-24 09:25 - 2022-04-24 09:25 - 000017408 _____ () C:\Users\Joao Paulo\AppData\Local\WebpageIcons.db ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================