Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2023 Ran by new (12-03-2023 07:16:52) Running from C:\Users\new\Desktop Microsoft Windows 10 Home Single Language Version 22H2 19045.2604 (X64) (2021-03-22 19:30:50) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1842628812-1090097327-1321332273-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1842628812-1090097327-1321332273-503 - Limited - Disabled) Guest (S-1-5-21-1842628812-1090097327-1321332273-501 - Limited - Disabled) humbe (S-1-5-21-1842628812-1090097327-1321332273-1003 - Limited - Disabled) new (S-1-5-21-1842628812-1090097327-1321332273-1002 - Administrator - Enabled) => C:\Users\new tiago (S-1-5-21-1842628812-1090097327-1321332273-1004 - Administrator - Disabled) WDAGUtilityAccount (S-1-5-21-1842628812-1090097327-1321332273-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1046-1033-7760-BC15014EA700}) (Version: 23.001.20064 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601042}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 7.0.14 - philandro Software GmbH) Aplicativo Itaú (HKLM-x32\...\{215CACF7-0910-4B53-83BE-B54A2C9BD0B7}) (Version: 1.0.179 - Banco Itaú) Aplicativo Itaú (HKLM-x32\...\{4B6778AC-BABE-44D4-BDF3-1BA382F7D580}) (Version: 1.0.162 - Banco Itaú) Apple Mobile Device Support (HKLM\...\{065D0CC8-C382-48AF-8A88-0DD3366EB26C}) (Version: 16.0.0.25 - Apple Inc.) Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Coldmind Aplicativo para windows (HKLM-x32\...\{695AFF57-2B8F-4764-BDA6-73A57BAA6F32}) (Version: 2.001 - Coldmind) DU Meter (HKLM-x32\...\DUMeter3_is1) (Version: 7.30 - Hagel Technologies Ltd.) Epic Pen (HKLM-x32\...\Epic Pen_is1) (Version: v3.11.50.0 - Tank Studios ltd) Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 111.0.5563.65 - Google LLC) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6518 - Intel Corporation) iTunes (HKLM\...\{D309D5F1-21A1-4DB3-BDFF-A60E40ABC1F6}) (Version: 12.12.7.1 - Apple Inc.) Microsoft 365 - en-gb (HKLM\...\O365HomePremRetail - en-gb) (Version: 16.0.16130.20218 - Microsoft Corporation) Microsoft 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 16.0.16130.20218 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.69 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.69 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\OneDriveSetup.exe) (Version: 23.038.0219.0001 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\Teams) (Version: 1.6.00.1381 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 110.0.1 (x64 en-US)) (Version: 110.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 108.0.2 - Mozilla) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden plugin Autenticação.Gov (HKLM-x32\...\{53B4E1E3-E963-4B23-9AE8-D7F5D5871CBE}) (Version: 2.0.63 - Agência para a Modernização Administrativa) TurboTop 2.8 (HKLM-x32\...\TurboTop_is1) (Version: 2.8.0.21 - Savard Software) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.18 - VideoLAN) WinRAR 6.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH) Zoom (HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\ZoomUMX) (Version: 5.13.11 (13434) - Zoom Video Communications, Inc.) Packages: ========= AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52851.0_x64__8wekyb3d8bbwe [2023-03-03] (Microsoft Corporation) Move Mouse -> C:\Program Files\WindowsApps\1258EllAbi.MoveMouse_4.16.2.0_x64__hjfwaxvfbwh7t [2023-03-08] (ellabi) [Startup Task] Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.23.242.0_x64__dt26b99r8h8gj [2021-04-27] (Realtek Semiconductor Corp) WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x64__8wekyb3d8bbwe [2023-02-22] (Microsoft Corporation) WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x64__8wekyb3d8bbwe [2023-02-27] (Microsoft Corporation) WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x86__8wekyb3d8bbwe [2023-02-27] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1842628812-1090097327-1321332273-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\new\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22349.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1842628812-1090097327-1321332273-1002_Classes\CLSID\{272D2E65-05FB-4500-BD7B-5905D5B0A1B8}\localserver32 -> C:\Users\new\AppData\Roaming\Nelogica\Profit\profitchart.exe => No File ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\shellext.dll -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\shellext.dll -> No File ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\shellext.dll -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_23508498288091ea\igfxDTCM.dll [2019-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData:chnpbmzkyg [370] AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [2834] AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [370] AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [2834] AlternateDataStreams: C:\ProgramData\Application Data:chnpbmzkyg [370] AlternateDataStreams: C:\ProgramData\Application Data:YXVtLmh6aQ [2834] ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 09:14 - 2021-03-23 16:49 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKCU\Environment\\Path -> %USERPROFILE%\AppData\Local\Microsoft\WindowsApps HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\Control Panel\Desktop\\Wallpaper -> D:\OneDrive\Viagens\2021-11 - Austria\20211128_112234968_iOS.jpg DNS Servers: 213.228.129.69 - 213.228.129.70 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0) HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\SOFTWARE\Microsoft\Windows Security Health\State => (AppAndBrowser_StoreAppsSmartScreenOff: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: cplspcon => 2 MSCONFIG\Services: edgeupdate => 2 MSCONFIG\Services: edgeupdatem => 3 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: FolderSize => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: HPPrintScanDoctorService => 2 MSCONFIG\Services: ibtsiva => 2 MSCONFIG\Services: igfxCUIService2.0.0.0 => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3 MSCONFIG\Services: Intel(R) TPM Provisioning Service => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: lfsvc => 3 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: MapsBroker => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: Net Driver HPZ12 => 2 MSCONFIG\Services: NordUpdaterService => 2 MSCONFIG\Services: nordvpn-service => 2 MSCONFIG\Services: Pml Driver HPZ12 => 2 MSCONFIG\Services: RtkAudioUniversalService => 2 MSCONFIG\Services: SDRSVC => 3 MSCONFIG\Services: SetupARService => 2 MSCONFIG\Services: SynTPEnhService => 2 MSCONFIG\Services: TapiSrv => 3 MSCONFIG\Services: Themes => 2 MSCONFIG\Services: WbioSrvc => 3 MSCONFIG\Services: WpcMonSvc => 3 MSCONFIG\Services: WSearch => 2 MSCONFIG\Services: wuauserv => 3 MSCONFIG\Services: XblAuthManager => 3 MSCONFIG\Services: XblGameSave => 3 MSCONFIG\Services: XboxGipSvc => 3 MSCONFIG\Services: XboxNetApiSvc => 3 HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "EpicPen" HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\StartupApproved\StartupFolder: => "Valid Agent Server - Cliente.lnk" HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_16B04F625458F19E7BAFDD89867ECCBC" HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\StartupApproved\Run: => "NordVPN" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D5B220B8-B787-4F57-A348-122432CCCBDE}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\Zoom.exe => No File FirewallRules: [{C9FD64B3-8E96-44AF-9900-6090D8676B4F}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{7F175414-8172-4882-8DA9-72C59E905C9B}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [TCP Query User{5B6AD09D-3F33-4F31-A566-9704FBE01F37}D:\tryd\jre\bin\javaw.exe] => (Allow) D:\tryd\jre\bin\javaw.exe FirewallRules: [UDP Query User{DCEA9890-A2A3-4BD7-AE2E-BE028E54B5F5}D:\tryd\jre\bin\javaw.exe] => (Allow) D:\tryd\jre\bin\javaw.exe FirewallRules: [TCP Query User{2A14A24E-C029-49EE-A5FB-2F33B138DE92}D:\tryd6\jre\bin\javaw.exe] => (Allow) D:\tryd6\jre\bin\javaw.exe => No File FirewallRules: [UDP Query User{2FA23ABA-D31E-4243-8879-890A97F36419}D:\tryd6\jre\bin\javaw.exe] => (Allow) D:\tryd6\jre\bin\javaw.exe => No File FirewallRules: [{26A76D04-999E-4F7B-827E-A2FD536C2D4B}] => (Allow) C:\Users\new\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{CF2C59E7-9453-4391-9D71-FFFE2789879B}] => (Allow) C:\Users\new\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{21E54F97-DF44-48B2-87B6-FCD7AEB2A3D1}] => (Allow) C:\Users\new\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [TCP Query User{D4D68022-A4DF-46C1-91D5-D06F8B51CAF0}D:\tryd_novo\jre\bin\javaw.exe] => (Allow) D:\tryd_novo\jre\bin\javaw.exe => No File FirewallRules: [UDP Query User{DC3F6576-167E-4A9C-8556-20C7CDEFD8F7}D:\tryd_novo\jre\bin\javaw.exe] => (Allow) D:\tryd_novo\jre\bin\javaw.exe => No File FirewallRules: [{7CB32806-A2EF-4D71-A28B-444C2557E301}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F2C844AB-B469-4C1C-8256-842306D42DDC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4C1961E6-DE63-4BCC-932B-D48C8DEB44E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{ADC2D47E-F7F0-40CF-947F-F8552FC2C08A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{BDBAAC99-65E4-4706-9409-B90FE598DB48}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File FirewallRules: [UDP Query User{7D89EA86-9274-4AB6-B922-84CF0B569BBD}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File FirewallRules: [TCP Query User{6CAF497F-E00D-4012-841B-D885DF5387C2}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File FirewallRules: [UDP Query User{CB7AAAEA-79FE-441F-9177-7CC0C137A14C}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File FirewallRules: [TCP Query User{E05E512B-5894-46D9-BCFF-13C3A624D402}D:\tryd_btg\jre\bin\javaw.exe] => (Allow) D:\tryd_btg\jre\bin\javaw.exe => No File FirewallRules: [UDP Query User{F296CCC1-A120-49CC-90EA-642295EF3737}D:\tryd_btg\jre\bin\javaw.exe] => (Allow) D:\tryd_btg\jre\bin\javaw.exe => No File FirewallRules: [TCP Query User{C512A18E-A5F3-42F7-88FF-BF11747B5C1D}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File FirewallRules: [UDP Query User{25D45B14-4E62-46AF-9269-8E1230B5309C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File FirewallRules: [TCP Query User{8031F840-5C09-4FCE-AFCF-8052B79BF03C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File FirewallRules: [UDP Query User{5885233D-76D7-44B7-805D-B1D8D656FF30}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File FirewallRules: [{AFD3AAF7-DFC3-4F4A-8A91-655F8CEF5F08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{72D27552-E169-41F4-B4AA-EA5DB56081D2}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.) FirewallRules: [{C82283E1-F033-4F2D-8E63-BAF5DFDBBBD0}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.) FirewallRules: [{ABDF6C39-F96A-4F49-AE7F-B620D06D93DF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{12373063-44B1-4EE9-B42E-C53AF66D4BF9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3B6EF6EA-D5CF-4940-90EB-66F57F498623}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{CD8E1674-B3A4-4C8D-9E0D-67D30EC778B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{98996901-111B-448B-8E80-10999744DB78}] => (Allow) D:\itunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1B969E85-D2E8-4E44-B636-EBD1246C2BE1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{D4982ED5-49CE-45D9-B56C-1E39A4B9B333}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{1B578165-1652-44BA-A6F0-7CBEF4953185}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{67F92D59-1D48-4C9C-8283-985DB78629B1}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{AE2DAEA5-F333-4276-A0F8-04A0610BC18F}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{5FB5349D-BC4E-4DEF-96E0-DB4112922A89}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{D1FECD8B-0FAB-4C2F-AA3E-9A44B8664F81}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{4AD67CB1-4876-4618-8925-A472FC4468FB}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{BF1637E5-3144-4844-B739-9FBFE966E9FA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{E369019F-5244-4E1E-B354-BE7762AE4189}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{75D3BB61-54F5-4909-A3FE-805A66EACF2A}] => (Allow) C:\Users\new\AppData\Local\Temp\utorrent\utorrent.exe (Rainberry Inc -> BitTorrent Inc.) FirewallRules: [{204CB1E2-F054-44CE-A577-293BA13D3AF4}] => (Allow) C:\Users\new\AppData\Local\Temp\utorrent\utorrent.exe (Rainberry Inc -> BitTorrent Inc.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled (Total:111.18 GB) (Free:63.84 GB) (57%) ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/10/2023 11:23:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program AdobeARM.exe version 1.824.460.1042 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2984 Start Time: 01d953a727c31810 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Report Id: cc69bfc1-11fb-4aec-9c34-6ecf809f7e31 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle Error: (03/09/2023 04:07:37 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: ) Description: Event-ID 12007 Error: (03/09/2023 04:07:37 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/23/2023 12:08:44 AM) (Source: AnyDesk) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/23/2023 12:08:43 AM) (Source: AnyDesk) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/23/2023 12:08:43 AM) (Source: AnyDesk) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/23/2023 12:08:43 AM) (Source: AnyDesk) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/23/2023 12:08:43 AM) (Source: AnyDesk) (EventID: 0) (User: ) Description: Event-ID 0 System errors: ============= Error: (03/12/2023 07:13:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The DU Meter Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/12/2023 07:13:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Serviço Clique para Executar do Microsoft Office service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (03/12/2023 07:13:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (03/12/2023 07:13:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Serviço do Bonjour service terminated unexpectedly. It has done this 1 time(s). Error: (03/11/2023 12:19:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/10/2023 10:22:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (03/10/2023 10:22:16 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\new\AppData\Local\Temp\ehdrv.sys Error: (03/10/2023 10:22:15 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\new\AppData\Local\Temp\ehdrv.sys Windows Defender: ================ Date: 2022-03-08 17:43:42 Description: The window cannot act on the sent message. Date: 2022-03-07 19:56:17 Description: The window cannot act on the sent message. Date: 2022-02-22 18:37:34 Description: The window cannot act on the sent message. Date: 2022-02-15 15:53:43 Description: The window cannot act on the sent message. Date: 2022-02-07 19:27:43 Description: The window cannot act on the sent message. Event[0]: Date: 2022-02-02 08:38:57 Description: The specified driver is invalid. Date: 2022-02-02 08:38:57 Description: The specified driver is invalid. Date: 2022-02-02 08:38:57 Description: The specified driver is invalid. Date: 2022-02-02 08:38:57 Description: The specified driver is invalid. Date: 2022-02-02 08:38:57 Description: The specified driver is invalid. CodeIntegrity: =============== Date: 2023-03-12 07:14:55 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2023-03-12 06:59:50 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\WaaSMedicAgent.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2023-03-12 06:59:48 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: Positivo Informatica SA 1.07.09X 06/13/2018 Motherboard: Positivo Informatica SA N250JU Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz Percentage of memory in use: 48% Total physical RAM: 8081.73 MB Available physical RAM: 4122.96 MB Total Virtual: 9361.73 MB Available Virtual: 5632.24 MB ==================== Drives ================================ Drive c: (SSD 120Gb) (Fixed) (Total:111.18 GB) (Free:63.84 GB) (Model: KINGSTON SA400M8120G) NTFS Drive d: (SATA 1Tb) (Fixed) (Total:930.88 GB) (Free:746.8 GB) (Model: WDC WD10SPZX-00Z10T0) NTFS \\?\Volume{a538e4a4-2cb0-414f-be1d-3f4932b4f711}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS \\?\Volume{719602c9-de27-4ce1-9e4f-e938067adffa}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS \\?\Volume{226041bf-672f-4d6e-b1e4-02eb14e33fc4}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32 \\?\Volume{d39a4b69-93bf-404f-b14e-29e153748236}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 3B76CB12) Partition: GPT. ========================================================== Disk: 1 (Size: 111.8 GB) (Disk ID: 41BBEF3E) Partition: GPT. ==================== End of Addition.txt =======================