Adware keeps coming back (2024)

Hello, Kevin!

Thanks for the help.

My name is Raphael.Sorry for not introducing myself.

I took all the steps you described. The logs (as you asked to copy them in the reply)are the following:

"Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/16/21
Scan Time: 4:47 PM
Log File: 8451b4ac-9eec-11eb-a0a3-8c04ba99afd2.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1251
Update Package Version: 1.0.39475
License: Premium

-System Information-
OS: Windows 10 (Build 19042.928)
CPU: x64
File System: NTFS
User: DESKTOP-P6BS5A2\rapha

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 689884
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 1 hr, 0 min, 46 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Adware.SpecialSearchOffer, HKLM\SOFTWARE\SProvide, Quarantined, 518, 840938, 1.0.39475, , ame, , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)"

"

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-03-22.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-16-2021
# Duration: 00:00:10
# OS: Windows 10 Home Single Language
# Cleaned: 18
# Awaiting reboot:4
# Failed: 0


***** [ Services ] *****

See Also
Help- - Virus, Trojan, Spyware, and Malware Removal HelpProblem with CMD - Page 2 - Virus, Trojan, Spyware, and Malware Removal HelpIP Address Lookup - IP Location Lookup For Any IP AddressComputador abrindo vários notepad e pastas

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.DellCommand|PowerManager Folder C:\Program Files\DELL\COMMANDPOWERMANAGER
Deleted Preinstalled.DellCommand|PowerManager Folder C:\ProgramData\DELL\COMMANDPOWERMANAGER
Deleted Preinstalled.DellCommand|PowerManager Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}
Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AGENT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\AGENT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5044D30-5C5F-481B-86B8-EEBF70B72BCD}
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5044D30-5C5F-481B-86B8-EEBF70B72BCD}
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Deleted Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files\DELL\UPDATE
Deleted Preinstalled.SmartByte Folder C:\Program Files\RIVET NETWORKS
Needs Reboot Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Needs Reboot Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Needs Reboot Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed C:\Program Files (x86)\DELL\UPDATESERVICE
Cleaning failed C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Cleaning failed C:\Program Files\DELL\SUPPORTASSISTAGENT
Cleaning failed C:\ProgramData\DELL\UPDATESERVICE

*************************

AdwCleaner[S00].txt - [3289 octets] - [16/04/2021 19:54:56]
AdwCleaner[S01].txt - [3350 octets] - [16/04/2021 19:59:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
"

"

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-04-2021
Ran by rapha (administrator) on DESKTOP-P6BS5A2 (Dell Inc. G5 5590) (16-04-2021 20:18:51)
Running from C:\Users\rapha\Desktop
Loaded Profiles: rapha
Platform: Windows 10 Home Single Language Version 20H2 19042.928 (X64) Language: Português (Brasil)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(A-Volute -> Nahimic) C:\Windows\System32\NahimicService.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicSvc64.exe
(A-Volute -> Nahimic) C:\Windows\SysWOW64\NahimicSvc32.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\AWCC.Background.Server.exe
(Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe
(Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\OCControlService\OCControl.Service.exe
(Dell Inc) C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.106.0_x64__htrsf667h5kn2\AWCC.exe
(Dell Inc) C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.106.0_x64__htrsf667h5kn2\GameLibrary\GameLibraryAppService.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(FonviUnderburg -> PeachPuffBird Inc) [File not signed] [File is in use] C:\Program Files (x86)\Common Files\ProgramSolsticetemsQ\ProgramSolsticetemsQ.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <21>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_c0fd909ca6e7d672\LMS.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_577b4722c749a41f\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9929feffd3ebcabb\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9929feffd3ebcabb\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_42f9d9bfb72d84cf\RstMwService.exe
(Last.fm) [File not signed] C:\Program Files (x86)\Last.fm\Last.fm Desktop Scrobbler\Last.fm Desktop Scrobbler.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\rapha\Downloads\adwcleaner_8.2.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.1.106.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_12\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\McAfee\MSC\MfeBrowserHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\rapha\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvdm.inf_amd64_032bbb1ad7418abc\Display.NvContainer\NVDisplay.Container.exe <2>
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(Rivet Networks LLC) C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.2.3262.0_x64__rh07ty8m5nkag\KillerControlCenter_v2\KillerControlCenter.exe
(TBT_DCH_DRV_PROD -> Intel Corporation) C:\Windows\ThunderboltService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1140000 2020-07-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWelcome.exe [345848 2019-06-20] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKU\S-1-5-21-3665187864-234993371-188156029-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-04-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-3665187864-234993371-188156029-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50041472 2021-03-12] (Google LLC -> )
HKU\S-1-5-21-3665187864-234993371-188156029-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3665187864-234993371-188156029-1001\...\Run: [BingWallpaperApp] => C:\Users\rapha\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [13120912 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.72\Installer\chrmstp.exe [2021-04-15] (Google LLC -> Google LLC)
Startup: C:\Users\rapha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Desktop Scrobbler.lnk [2020-03-22]
ShortcutTarget: Last.fm Desktop Scrobbler.lnk -> C:\Users\rapha\AppData\Roaming\Microsoft\Installer\{B13709CB-85AE-4F45-BFF9-2CB2B7A78F83}\_19B259572BFCF696C10AAD.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000a8877-61ac-4258-9202-d8c4419f0767} - no filepath
Task: {0132b078-622d-437e-a4a9-6ac1e8e4dbdd} - no filepath
Task: {01f802c5-a63f-4f84-a871-3476a5ad5da2} - no filepath
Task: {0654fbed-e609-433d-a684-c8c91a052268} - no filepath
Task: {093d4e1a-4575-4018-a8c0-efe53281ef1a} - no filepath
Task: {09969f7b-016e-4c9f-92f1-285e7f863df5} - no filepath
Task: {0a25322e-5aff-4299-8145-c85cbefaacc9} - no filepath
Task: {0a6ce3c5-b438-4cbe-85ad-ff1f0ef348f4} - no filepath
Task: {0a8d0b39-f62b-4dae-b1a8-401a34200dd5} - no filepath
Task: {0ab75f77-e5e3-439a-bb63-944190a5ac60} - no filepath
Task: {0ad013c0-5df5-48ee-be7e-e66a10b956b8} - no filepath
Task: {0c1b7e78-1264-49d7-ad70-dd229af70c83} - no filepath
Task: {0d0a8ae6-ecef-4c3d-8352-e9265dcd5bbd} - no filepath
Task: {0d919017-8999-457a-adff-02bcaea581e6} - no filepath
Task: {0F982983-FFB0-4628-B97C-5CD8FB34227A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0FD489AD-0EF3-4346-A19C-3EC61AAD052D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0fe2f385-3fcb-4e2d-a103-7585ad2f4a50} - no filepath
Task: {1003af95-b78f-418f-9f20-b518b0984800} - no filepath
Task: {11f34d45-2998-4cc4-a185-a7353b6b72d7} - no filepath
Task: {15EB2163-6816-44D6-AB30-FA118B267ACB} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {174ffd2b-d3e7-4a77-a60d-c25814eb16d8} - no filepath
Task: {1772ce84-0df7-4acf-9c90-c6412cb5558a} - no filepath
Task: {1aee7dde-0d0f-4162-b9c5-93098290c2ef} - no filepath
Task: {1cf7fea5-09d8-4fda-9f05-7e7f6992efe2} - no filepath
Task: {1db8129d-aca8-40ce-af34-0648b6c4b593} - no filepath
Task: {1e8ccc50-ca8c-4bd0-b368-f45189ac7a83} - no filepath
Task: {1f3fcc8c-9f00-437f-9da5-9c2a8de508c3} - no filepath
Task: {2142734f-755c-4094-97a9-c9618eed4a7e} - no filepath
Task: {21709078-d961-4753-afe0-592967bdfdc6} - no filepath
Task: {21b9dc41-8263-460a-ab5f-43c44d9e7bb4} - no filepath
Task: {2222be46-26fc-4f03-90d3-93f92bffd81e} - no filepath
Task: {2283cb8d-d31a-412e-a05d-a4ee40ddb2c1} - no filepath
Task: {23873c79-76fc-4aae-b890-8fd1046096ae} - no filepath
Task: {238b1c96-ef8a-4d78-ac83-18ec1caf28cb} - no filepath
Task: {238cf6d3-d97a-4932-b62c-f58818120521} - no filepath
Task: {26083e13-da68-48ee-9a3f-b577b9e2cf0a} - no filepath
Task: {260daba7-e32d-475a-a0ba-9c79bd92b9cf} - no filepath
Task: {2622a8a1-7bbb-4b95-9880-a1ef67dc6887} - no filepath
Task: {2724860f-261d-4fff-8a53-1561d839e42f} - no filepath
Task: {27f99c7e-861a-42df-b2f2-161c362ceead} - no filepath
Task: {2911e37d-283a-4532-ae1d-7f6f17281b5c} - no filepath
Task: {2b418989-85e7-4d93-b5c6-cd9770590ffe} - no filepath
Task: {2e74febf-ca4e-40c1-afef-6962f49d7b4d} - no filepath
Task: {2fe24ef7-43ae-44a3-a0bc-13978aee4bce} - no filepath
Task: {30313b9f-ec25-4af6-8be1-61b842a064fb} - no filepath
Task: {3142eec7-0eeb-4faa-aaa1-2aa9ed0352b2} - no filepath
Task: {3352815B-5549-47F3-B668-6EEEA5F44D95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-27] (Google LLC -> Google LLC)
Task: {336A56CA-4FCD-4A64-A89B-9AC770AF720E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {33B23691-134B-4FE9-9E94-67349E890532} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4054696 2021-01-18] (McAfee, LLC -> McAfee, LLC)
Task: {33d1ae12-e456-4058-9769-b1b54343e6e4} - no filepath
Task: {3713D7CD-E72D-48AC-8176-080BE46FC0C5} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [995848 2021-03-29] (McAfee, LLC -> McAfee, LLC)
Task: {375e1edc-75d3-4f03-b8c5-a8ff8fb1e3b1} - no filepath
Task: {3902bfc3-62ea-41fa-a09a-4f235eca3c8a} - no filepath
Task: {3988503d-2b80-41ee-867e-40037aaa56a4} - no filepath
Task: {3a891c7b-f002-4e9b-a0e2-f3364fa14ed3} - no filepath
Task: {3bacf94e-be99-4788-ba85-4e13a93fc44f} - no filepath
Task: {3bbf5ef7-5264-485e-85b1-4536118e46ac} - no filepath
Task: {3bd8a62d-6e27-4870-ac71-84259b2d8ca1} - no filepath
Task: {3BEB8CA9-FA72-4095-95DA-12B6D1A3A9C8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3c4e8627-7f6c-4188-938c-ac90a073264a} - no filepath
Task: {3fbdb2f7-81c2-4b83-8bd6-525babe32962} - no filepath
Task: {40ca5040-0291-4082-9b61-7eb42b58a514} - no filepath
Task: {4267a991-6b96-4e70-9f73-3cb6984427d3} - no filepath
Task: {42af5e1d-9044-4731-b6ff-509c2841e92e} - no filepath
Task: {42c8ba9b-1b87-462f-846f-da062623d02a} - no filepath
Task: {43c34df1-b900-432b-a5e0-e40992af6f1f} - no filepath
Task: {442547b3-727e-480c-829f-f423915f2501} - no filepath
Task: {44d3245b-ee10-4270-89e4-7fb8bfad4ea2} - no filepath
Task: {45b1016c-19fa-417e-8f44-2a395d13df8a} - no filepath
Task: {45fda142-c99c-4141-9899-e81db504400d} - no filepath
Task: {4aa99f30-641a-46da-9da0-83e8a71c9ee4} - no filepath
Task: {4cd8bb01-d631-482c-9ce3-387e24e06c57} - no filepath
Task: {505bb9f8-6e71-40e7-b0d1-d7c3b619c4f6} - no filepath
Task: {50CDB1AE-03AA-44BB-B205-480BD36B8BF1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248792 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {52bb7160-3643-4fb0-bad2-8de5c829509a} - no filepath
Task: {53FEADFC-F17A-4B05-81D3-94BA1BFE4333} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [995848 2021-03-29] (McAfee, LLC -> McAfee, LLC)
Task: {544af44f-eb12-448f-b623-009409a082fa} - no filepath
Task: {54fe12e9-af8a-4d49-8f61-516d4de19400} - no filepath
Task: {568feb37-50a7-480d-b81d-2acc81343f0e} - no filepath
Task: {584F9534-CE40-4323-B060-5B1C94E535B1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5aec41d4-f666-4b83-80b8-23facdce49e7} - no filepath
Task: {5AFD8A57-4CA7-4AC4-8474-B97CF714AAB3} - System32\Tasks\NahimicSvc32Run => C:\WINDOWS\SysWOW64\NahimicSvc32.exe [824744 2020-07-03] (A-Volute -> Nahimic)
Task: {5BEA3BCC-D6A0-4EA3-8C60-A67731C68E2F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5c264965-2ddd-4003-a1d2-fd54377266c7} - no filepath
Task: {5ec584b9-07bb-4b91-b8d5-64380784ec9c} - no filepath
Task: {60775469-c4c6-4d18-9503-b403199b22fd} - no filepath
Task: {610f5583-93c3-48a3-839e-7342285bddd4} - no filepath
Task: {61EFA46B-1496-42E8-8F80-0D1F501D975A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)
Task: {626c394a-b3d2-4190-aa0a-24cee44218c0} - no filepath
Task: {65173a8c-6e0b-4813-8165-ff122a82f727} - no filepath
Task: {6618694c-4484-459c-90d9-94d1a4331ce2} - no filepath
Task: {6681ef17-5bc4-4930-a839-6a5e72092fb1} - no filepath
Task: {68140074-96e6-45ce-b7dc-c58076bfd5af} - no filepath
Task: {686C0E64-CA1D-4CE8-BB60-192673C116A1} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [740760 2021-03-31] (McAfee, LLC -> McAfee, LLC)
Task: {68fe7361-20aa-4dee-8928-81d8d40a757e} - no filepath
Task: {6956512E-CD7D-433F-BC4E-EAA79F5BF851} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6b45adbd-abfe-42ad-a7e9-972cf94aa905} - no filepath
Task: {6b4602df-2a5d-4b29-bd6c-373353dc313a} - no filepath
Task: {6c095862-7b63-42da-b8c2-dd16cf669798} - no filepath
Task: {6ddd4196-ecb3-4941-b347-2c57c762a19e} - no filepath
Task: {6e9deff7-293b-486c-baa9-e7678e37492e} - no filepath
Task: {6f2ef96b-756f-464f-8aa9-704ef1dd016b} - no filepath
Task: {70f2bd4d-8c1c-482d-a081-b3d0d89c9101} - no filepath
Task: {71C2704B-3303-435F-B3A3-F07A93528B4C} - System32\Tasks\NahimicSvc64Run => C:\WINDOWS\system32\NahimicSvc64.exe [1066920 2020-07-03] (A-Volute -> Nahimic)
Task: {72040e93-ef6b-4720-a19a-d410fc7a71d2} - no filepath
Task: {745fadd1-2a54-4941-aee9-1a13d2ca0945} - no filepath
Task: {7a3d6e3b-62fd-4a0b-920b-3477d2ae95bf} - no filepath
Task: {7b7e92c0-d3ad-4f32-b53d-916432012d28} - no filepath
Task: {7c384900-9305-46ba-8329-9550e75cd5e6} - no filepath
Task: {7f0602f9-0aab-4be7-9a8a-e5e47b7bb49b} - no filepath
Task: {80efd6ae-dd34-429e-8b02-75e4475b4959} - no filepath
Task: {83195569-7f36-4e3c-920a-e155b915696c} - no filepath
Task: {86323f80-5c81-4c81-a0da-ce469c866f97} - no filepath
Task: {865c56de-946a-45d7-917c-7ed96d8d38e6} - no filepath
Task: {87f850a9-3720-4527-9f86-16f968e20b21} - no filepath
Task: {88ca980f-ed7d-4fe5-bf7b-d5dfc8a4e627} - no filepath
Task: {8989665b-8514-4973-bc44-da6358c5c12d} - no filepath
Task: {8adcd05c-e9d5-4b87-b51f-9a8cff803dba} - no filepath
Task: {8d636d5d-12a4-4f36-a605-60cb2bed01c7} - no filepath
Task: {8dca9ce9-061e-4066-916b-ee68d8022e44} - no filepath
Task: {929e876d-0deb-49a9-b1b0-6283098d12ff} - no filepath
Task: {92c619e6-1740-464d-9dd1-f2b63fa53850} - no filepath
Task: {932E58B3-305C-46D0-B8A6-C6FCC48D31C6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248792 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {95543b4a-7ccb-413f-90ce-1bada590582d} - no filepath
Task: {95972462-79f5-4541-8934-92a118e10ed3} - no filepath
Task: {979e8fe4-7839-41f8-9580-9bbcada3c92e} - no filepath
Task: {980e5997-669f-49e3-aa12-dbd8ca466084} - no filepath
Task: {98589a49-ee1a-4e01-b47a-c74ddf0c0b58} - no filepath
Task: {98cbf4d9-d539-4056-98f7-b152ac70e05a} - no filepath
Task: {9b6dbc7b-b4f1-4436-beec-b7b6074d36e7} - no filepath
Task: {9bcb6c99-5322-4f2d-957e-fa0b5aee61bf} - no filepath
Task: {9d6aea2e-4320-458a-8fd8-9b30bb36ba35} - no filepath
Task: {9e3b8326-2a1d-4d38-839f-181d4d54ad38} - no filepath
Task: {9fbfc26c-af7c-4f14-8368-c1e49da85f19} - no filepath
Task: {a00be06d-64a2-4f57-b372-22089ae06379} - no filepath
Task: {a1bd50ac-9e81-4abf-8131-25ddfda95471} - no filepath
Task: {a269f86f-66f1-4907-b7b4-5cbfd08fbb8c} - no filepath
Task: {a40bebf0-2f4f-44e0-8ba9-7016a3142c17} - no filepath
Task: {aa3471e3-eb1d-40c0-a2f5-dde951760f75} - no filepath
Task: {aaa36506-eeba-4d72-bab3-6dcab98e3a40} - no filepath
Task: {aaf7b1a8-65d6-44e0-b7fa-714063082591} - no filepath
Task: {ab06dca4-570a-4285-a5e4-34016086266a} - no filepath
Task: {af57550c-5850-449d-9395-631345c97ceb} - no filepath
Task: {b0cf76ef-edfd-4974-aee8-4aec7bee8a48} - no filepath
Task: {b0eddf61-9270-43d0-bc14-17c6aa547185} - no filepath
Task: {b18486f3-44a3-4c8c-a5a6-fafd87c6e4af} - no filepath
Task: {b195b48c-4819-4d6a-8ef5-f010db97d777} - no filepath
Task: {b29f01e2-c24c-406c-ba6c-cad33b48e307} - no filepath
Task: {b3a197ad-55bd-479c-bc3b-75c53cc2af50} - no filepath
Task: {b58400bf-4cd2-4db9-aa2d-7489d96ac85c} - no filepath
Task: {b5ab962a-0eec-470e-a52a-d8a89697830e} - no filepath
Task: {b7b4b6c1-e8b7-4105-84d0-416c6465ee01} - no filepath
Task: {ba2154bb-95d9-4812-aa07-a0d962d3ab36} - no filepath
Task: {babbdd41-9751-4528-8429-43d5fb2312e5} - no filepath
Task: {bc8397c7-a507-4ba8-bb2c-efaa59062333} - no filepath
Task: {c0540759-e860-4ad9-8743-c3d33ea3f931} - no filepath
Task: {c1e1f001-26cc-4a63-af52-d04809d323d6} - no filepath
Task: {c3db3bca-21ba-467e-8e68-b47598bca13f} - no filepath
Task: {c681168b-4d07-434b-8e16-6dba3b947490} - no filepath
Task: {c6e84cf3-1483-4028-8626-25030931c0b8} - no filepath
Task: {C72D2D1F-452E-4374-9575-A58C2527137C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {ca02f454-d3e7-4985-9bfc-bcbb0615cda6} - no filepath
Task: {cb78fa87-ceb9-4cab-a941-b491a0f29590} - no filepath
Task: {CC669EBD-00DD-46CC-B7EB-B7685C99CD4E} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {ccec5cc9-39a0-4e9d-8a03-335a86672463} - no filepath
Task: {CE2E20FE-FB43-4562-A276-D5ABBFC3D789} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-27] (Google LLC -> Google LLC)
Task: {d46b50fd-f155-48cc-814b-08afa345ae76} - no filepath
Task: {D6898665-3E88-4C3A-BD3B-591C6618F94D} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {d7f20d0a-c280-4d85-97df-1678e1025c66} - no filepath
Task: {d9d76acc-0b6d-41a4-980c-cdef90e8b7a2} - no filepath
Task: {dbcc0054-af66-4dff-89cf-064623daf02f} - no filepath
Task: {dc1f8c2e-2bc1-43c6-9192-b516bb10267d} - no filepath
Task: {dceb0c20-05f4-44b1-83c9-14c834c51583} - no filepath
Task: {DD1AF7C8-8C3F-4AA0-940C-3BC4F49D6153} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {e03bbb6f-4f21-4da1-8299-c063f707d3fc} - no filepath
Task: {E0E948B9-0BFE-424C-81D8-7F597AADE45D} - System32\Tasks\NahimicTask32 => C:\WINDOWS\system32\..\SysWOW64\NahimicSvc32.exe [824744 2020-07-03] (A-Volute -> Nahimic)
Task: {e0ea8070-df8f-4fee-a8aa-6e103d6c2953} - no filepath
Task: {e3baa8ff-894d-4d02-a09b-3c98c25ab87e} - no filepath
Task: {e42f196b-6adf-4404-80f4-183a9997f6a9} - no filepath
Task: {e4f4ba0a-4909-49eb-80ab-cb0b30f02535} - no filepath
Task: {e8f52c3e-3f54-4111-b850-a6108f6c4608} - no filepath
Task: {E94B3AE9-2CCA-4C64-AE57-A7922AE4F2D1} - System32\Tasks\NahimicTask64 => C:\WINDOWS\system32\.\NahimicSvc64.exe [1066920 2020-07-03] (A-Volute -> Nahimic)
Task: {e98b8a23-a18d-47d2-9204-ab26b5f56a7e} - no filepath
Task: {eb15308c-0811-47f5-b147-3bf44b3324d9} - no filepath
Task: {eeaa3045-c0bc-4be7-9b57-ef076d18a0a2} - no filepath
Task: {eeb73338-69b6-404d-832d-4e240b0616cb} - no filepath
Task: {eed1ccd1-0dea-4943-8f2a-aaf4a70cfc4f} - no filepath
Task: {F0255E0B-B37C-45E4-A879-0E98062076D0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {f18cd3fc-4b76-4d3a-9e72-1d45478568ae} - no filepath
Task: {f1b4a889-2a4c-4242-badc-1ce733ab9beb} - no filepath
Task: {f1fbc701-f1a7-4695-b266-647bca80fd10} - no filepath
Task: {f3dc36cb-b897-4dd0-ad0a-66670bdcee99} - no filepath
Task: {f48fe464-565b-4d15-8daa-1601b5c5483d} - no filepath
Task: {f93e0bd5-bd03-4bfe-a351-b1c64e2d194b} - no filepath
Task: {fcc6ce2b-ae00-47a9-9fb1-1be792932d60} - no filepath
Task: {fe53b527-a818-4447-ac73-a88c6c67b385} - no filepath

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6027e46f-dda6-406a-b71f-aa30fb99bafc}: [DhcpNameServer] 201.6.2.124 201.6.2.224
Tcpip\..\Interfaces\{a5fd2b1e-2c3d-4ddb-825e-a564e92504c6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ad7b483e-7e9d-4201-b1d6-b862ac42b168}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c5a7f35b-d0c0-470c-96fb-61c6be2e8e22}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\rapha\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-16]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-04-15] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-04-12] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-03-31] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-03-31] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\rapha\AppData\Local\Google\Chrome\User Data\Default [2021-04-16]
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://web.skype.com
CHR HomePage: Default -> hxxp://google.com.br/
CHR Extension: (Apresentações) - C:\Users\rapha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-01-27]
CHR Extension: (Documentos) - C:\Users\rapha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-01-27]
CHR Extension: (Google Drive) - C:\Users\rapha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\rapha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-27]
CHR Extension: (Planilhas) - C:\Users\rapha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-01-27]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\rapha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-04-06]
CHR Extension: (Documentos Google off-line) - C:\Users\rapha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-12]
CHR Extension: (AdBlock — o melhor bloqueador de anúncios) - C:\Users\rapha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-04-12]
CHR Extension: (DotVPN — a Better way to VPN) - C:\Users\rapha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2020-05-28]
CHR Extension: (Acesso rápido a apps para o Drive (do Google)) - C:\Users\rapha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-23]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\rapha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\rapha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\rapha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-3665187864-234993371-188156029-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AWCCService; C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe [17104 2020-12-14] (Dell Inc -> Dell Technologies)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788392 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe [985584 2021-01-15] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{06F5EB26-E6A4-4F56-A1A9-C4973E632472} [21312 2020-10-16] (Microsoft Windows -> Microsoft Corporation)
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{06F5EB26-E6A4-4F56-A1A9-C4973E632472} [21312 2020-10-16] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2021-01-19] (Dell Inc -> )
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 KAPSService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KAPSService.exe [73728 2020-04-08] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 Killer Analytics Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [1775640 2020-04-08] (Rivet Networks LLC -> Rivet Networks)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2666000 2020-04-08] (Rivet Networks LLC -> Rivet Networks)
S3 KNDBWM; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [73736 2020-04-08] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-13] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [952992 2021-04-15] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_12\McApExe.exe [780032 2021-03-31] (McAfee, LLC -> McAfee, LLC)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [460704 2019-08-14] (McAfee, LLC. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.1.106.0\\McCSPServiceHost.exe [2787160 2021-03-29] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [645736 2020-12-10] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1631736 2021-03-29] (McAfee, LLC -> McAfee, LLC)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [2701728 2020-07-03] (A-Volute -> Nahimic)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2536536 2021-04-07] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3481176 2021-04-07] (Electronic Arts, Inc. -> Electronic Arts)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4241112 2021-03-29] (McAfee, LLC -> McAfee, LLC)
R2 ProgramSolsticetemsQ; C:\Program Files (x86)\Common Files\ProgramSolsticetemsQ\ProgramSolsticetemsQ.exe [2414744 2021-03-29] (FonviUnderburg -> PeachPuffBird Inc) [File not signed] [File is in use]
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39432 2021-01-09] (Dell Inc -> Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [73744 2020-04-08] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [73744 2020-04-08] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 dcpm-notify; "C:\Program Files\Dell\CommandPowerManager\NotifyService.exe" [X]
S2 Dell SupportAssist Remediation; "C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_032bbb1ad7418abc\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_032bbb1ad7418abc\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S2 RAPSService; "C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe" [X]
S3 RNDBWM; "C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe" [X]
S2 SmartByte Analytics Service; "C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe" [X]
S2 SmartByte Network Service x64; "C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AWCCDriver; C:\WINDOWS\System32\drivers\AWCCDriver.sys [51168 2020-01-22] (IndiLogic LLC -> Dell Inc.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75712 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-05] (Malwarebytes Inc -> Malwarebytes)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218960 2020-05-26] (McAfee, LLC -> McAfee, Inc.)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [178832 2020-04-08] (Rivet Networks LLC -> Rivet Networks, LLC.)
R1 legendasdrv; C:\WINDOWS\System32\drivers\legendasdrv.sys [89808 2019-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-04-16] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-04-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-04-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-04-16] (Malwarebytes Inc -> Malwarebytes)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [89112 2021-01-18] (McAfee, LLC -> McAfee, LLC)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [544704 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [385984 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85944 2020-12-11] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [522176 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1027520 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [608192 2020-12-17] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107968 2020-12-17] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116672 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252352 2020-12-11] (McAfee, Inc. -> McAfee, LLC)
S3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [48608 2020-02-25] (Microsoft Windows Hardware Compatibility Publisher -> STMicroelectronics)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-16 20:18 - 2021-04-16 20:19 - 000043590 _____ C:\Users\rapha\Desktop\FRST.txt
2021-04-16 20:06 - 2021-04-16 20:19 - 000000000 ____D C:\FRST
2021-04-16 20:04 - 2021-04-16 20:04 - 002298368 _____ (Farbar) C:\Users\rapha\Desktop\FRST64English.exe
2021-04-16 20:03 - 2021-04-16 20:03 - 000004132 _____ C:\Users\rapha\Desktop\AdwCleaner[C01].txt
2021-04-16 20:02 - 2021-04-16 20:02 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-04-16 20:02 - 2021-04-16 20:02 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-04-16 20:02 - 2021-04-16 20:02 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-04-16 20:02 - 2021-04-16 20:02 - 000003112 _____ C:\WINDOWS\system32\Tasks\NahimicTask32
2021-04-16 20:02 - 2021-04-16 20:02 - 000003092 _____ C:\WINDOWS\system32\Tasks\NahimicTask64
2021-04-16 19:54 - 2021-04-16 20:00 - 000000000 ____D C:\AdwCleaner
2021-04-16 19:45 - 2021-04-16 19:53 - 008534696 _____ (Malwarebytes) C:\Users\rapha\Downloads\adwcleaner_8.2.exe
2021-04-16 17:52 - 2021-04-16 17:52 - 000001645 _____ C:\Users\rapha\Desktop\Diagnosis Malwarebytes SProvide.txt
2021-04-16 14:11 - 2021-04-16 14:11 - 000000000 _____ C:\WINDOWS\invcol.tmp
2021-04-16 13:25 - 2021-04-16 13:25 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-16 13:25 - 2021-04-16 13:25 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-16 13:25 - 2021-04-16 13:25 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-16 00:27 - 2021-04-16 00:27 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-16 00:27 - 2021-04-16 00:27 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-13 22:17 - 2021-04-13 22:17 - 000000000 ____D C:\Users\rapha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bing Wallpaper
2021-04-12 18:48 - 2021-04-12 18:48 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3665187864-234993371-188156029-1001
2021-04-12 18:48 - 2021-04-12 18:48 - 000002371 _____ C:\Users\rapha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-12 17:15 - 2021-04-12 17:15 - 000003300 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2021-04-11 21:35 - 2021-04-11 21:35 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-04-11 18:28 - 2021-04-11 18:28 - 000016438 _____ C:\Users\rapha\AppData\Local\partner.bmp
2021-04-11 18:24 - 2021-04-11 18:27 - 000000000 ____D C:\Users\rapha\AppData\Roaming\PhotogenicChlorine
2021-04-11 18:24 - 2021-04-11 18:24 - 000000000 ____D C:\Program Files (x86)\PhotogenicChlorinebabApp
2021-04-11 18:16 - 2021-04-11 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\AGEIA
2021-04-11 18:16 - 2021-04-11 18:16 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2021-04-11 16:51 - 2021-04-11 16:51 - 000000589 _____ C:\ProgramData\Desktop\Mass Effect 2.lnk
2021-04-08 11:24 - 2021-04-08 11:24 - 000075779 _____ C:\Users\rapha\Downloads\Currículo Raphael.pdf
2021-04-04 14:11 - 2021-04-11 18:23 - 000000000 ____D C:\Users\rapha\Documents\BioWare
2021-04-04 14:01 - 2021-04-10 11:36 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-04-04 14:00 - 2021-04-08 15:25 - 000000000 ____D C:\Program Files (x86)\Origin
2021-04-04 14:00 - 2021-04-04 14:00 - 000001064 _____ C:\ProgramData\Desktop\Origin.lnk
2021-04-04 14:00 - 2021-04-04 14:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2021-04-04 14:00 - 2021-04-04 14:00 - 000000000 ____D C:\ProgramData\Electronic Arts
2021-04-04 13:06 - 2021-04-10 11:38 - 000000000 ____D C:\Users\rapha\AppData\Roaming\Origin
2021-04-04 13:06 - 2021-04-10 11:38 - 000000000 ____D C:\ProgramData\Origin
2021-04-04 13:06 - 2021-04-04 13:06 - 000000000 ____D C:\Users\rapha\.QtWebEngineProcess
2021-04-04 13:06 - 2021-04-04 13:06 - 000000000 ____D C:\Users\rapha\.Origin
2021-04-04 12:56 - 2021-04-04 12:56 - 000000949 _____ C:\ProgramData\Desktop\Mass Effect Ultimate Edition.lnk
2021-04-04 12:56 - 2021-04-04 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect Ultimate Edition
2021-04-02 18:31 - 2021-03-09 04:49 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-04-02 18:31 - 2021-03-09 04:49 - 001027992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-04-02 18:31 - 2021-03-09 04:49 - 000817560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2021-04-02 18:31 - 2021-03-09 04:49 - 000673520 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-04-02 18:31 - 2021-03-09 04:49 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-04-02 18:31 - 2021-03-09 04:49 - 000555248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-04-02 18:31 - 2021-03-09 04:49 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-04-02 18:31 - 2021-03-09 04:48 - 007707544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-04-02 18:31 - 2021-03-09 04:48 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-04-02 18:31 - 2021-03-09 04:48 - 004175256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-04-02 18:31 - 2021-03-09 04:48 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-04-02 18:31 - 2021-03-09 04:48 - 002096880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-04-02 18:31 - 2021-03-09 04:48 - 001584368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-04-02 18:31 - 2021-03-09 04:48 - 001159920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-04-02 18:31 - 2021-03-09 04:48 - 000812272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-04-02 18:31 - 2021-03-09 04:48 - 000657304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-04-02 18:31 - 2021-03-09 04:48 - 000590576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-04-02 18:31 - 2021-03-09 04:48 - 000444656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-04-02 18:31 - 2021-03-09 04:48 - 000144016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-04-02 18:31 - 2021-03-09 04:48 - 000047248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-04-02 18:31 - 2021-03-09 04:47 - 007006728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-04-02 18:31 - 2021-03-09 04:47 - 000850840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-04-02 18:31 - 2021-03-09 04:46 - 005978016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-04-02 18:31 - 2021-03-09 04:18 - 000081086 _____ C:\WINDOWS\system32\nvinfo.pb
2021-04-01 18:40 - 2021-04-01 18:40 - 000074569 _____ C:\Users\rapha\Downloads\Currículo Raphael Abreu Comissário.pdf
2021-03-30 20:19 - 2021-04-02 19:20 - 000438816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-28 21:33 - 2021-03-28 21:33 - 000000000 ____D C:\Users\rapha\AppData\Local\WorldOfWarships
2021-03-28 18:12 - 2021-03-28 18:12 - 000000297 _____ C:\Users\rapha\Desktop\World of Warships.url
2021-03-25 21:51 - 2021-03-25 21:51 - 000002081 _____ C:\ProgramData\Desktop\Google Slides.lnk
2021-03-25 21:51 - 2021-03-25 21:51 - 000002079 _____ C:\ProgramData\Desktop\Google Sheets.lnk
2021-03-25 21:51 - 2021-03-25 21:51 - 000002069 _____ C:\ProgramData\Desktop\Google Docs.lnk
2021-03-21 15:38 - 2021-01-09 02:49 - 000107643 _____ C:\Users\rapha\Downloads\rupauls.drag.race.s13e02.720p.web.h264-secretos[eztv.re].srt
2021-03-21 15:37 - 2021-01-09 02:49 - 000107643 _____ C:\Users\rapha\Downloads\RuPauls.Drag.Race.S13E02.WEB-DL.1080p-FN.ptbr.srt
2021-03-19 20:07 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2021-03-19 20:07 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2021-03-19 20:07 - 2020-11-11 03:54 - 000043376 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ss_conn_usb_driver2.sys
2021-03-17 09:10 - 2021-03-17 09:10 - 001402200 _____ C:\Users\rapha\Downloads\Apresentação1 2.pdf
2021-03-17 09:09 - 2021-03-17 09:09 - 000114657 _____ C:\Users\rapha\Downloads\Apresentação1.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-16 20:17 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-16 20:16 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-16 20:09 - 2020-12-13 16:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-04-16 20:06 - 2020-06-17 14:11 - 001741824 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-16 20:06 - 2019-12-07 11:54 - 000754118 _____ C:\WINDOWS\system32\prfh0416.dat
2021-04-16 20:06 - 2019-12-07 11:54 - 000149216 _____ C:\WINDOWS\system32\prfc0416.dat
2021-04-16 20:06 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-16 20:04 - 2020-08-09 11:51 - 000000000 ____D C:\Program Files\CCleaner
2021-04-16 20:04 - 2020-01-27 20:17 - 000000000 ___RD C:\Users\rapha\Google Drive
2021-04-16 20:04 - 2020-01-22 16:38 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-16 20:03 - 2020-12-14 11:42 - 000000000 __RSD C:\Users\rapha\Documents\McAfee Vaults
2021-04-16 20:03 - 2020-01-27 19:54 - 000000000 ____D C:\Program Files (x86)\Steam
2021-04-16 20:02 - 2020-01-27 19:13 - 000000000 __SHD C:\Users\rapha\IntelGraphicsProfiles
2021-04-16 20:02 - 2019-12-07 06:03 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2021-04-16 20:01 - 2021-01-13 12:21 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-16 20:01 - 2020-06-17 14:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-16 20:01 - 2020-01-22 16:30 - 000000000 ____D C:\Intel
2021-04-16 20:01 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-16 20:01 - 2019-12-07 06:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-04-16 20:00 - 2020-01-22 16:38 - 000000000 ____D C:\ProgramData\Dell
2021-04-16 20:00 - 2020-01-22 16:33 - 000000000 ____D C:\Program Files\Dell
2021-04-16 18:32 - 2020-06-17 14:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-16 17:53 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-16 16:46 - 2020-02-14 18:26 - 000000000 ___HD C:\Users\rapha\Documents\.tmp.drivedownload
2021-04-16 14:09 - 2020-01-22 16:45 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-04-16 14:08 - 2019-12-07 06:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-16 14:08 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-16 14:08 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-16 13:20 - 2020-01-30 01:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-16 13:18 - 2020-01-30 01:09 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-16 13:17 - 2020-06-19 12:56 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-16 13:17 - 2020-06-19 12:56 - 000002280 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-04-16 13:17 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-16 11:49 - 2020-06-17 14:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-04-16 11:34 - 2020-01-27 20:18 - 000000000 ____D C:\Users\rapha\AppData\Local\CrashDumps
2021-04-16 00:29 - 2020-01-19 14:20 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-15 16:39 - 2020-01-27 19:50 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-15 16:39 - 2020-01-27 19:50 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-13 13:21 - 2020-08-13 19:40 - 000000000 ____D C:\Users\rapha\AppData\Roaming\qBittorrent
2021-04-12 18:48 - 2020-01-27 19:15 - 000000000 ___RD C:\Users\rapha\OneDrive
2021-04-12 17:15 - 2020-01-22 16:45 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-04-11 21:41 - 2020-08-09 11:55 - 000000000 ____D C:\Users\rapha\Documents\Erros de Registros
2021-04-11 21:38 - 2020-05-12 18:37 - 000000000 ____D C:\Users\rapha\AppData\Roaming\MPC-HC
2021-04-11 18:23 - 2020-01-27 20:11 - 000000000 ____D C:\Users\rapha\AppData\Local\D3DSCache
2021-04-11 18:16 - 2020-07-05 23:38 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-04-11 18:16 - 2020-01-22 16:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-04-10 11:36 - 2020-05-11 19:24 - 000000000 ____D C:\Users\rapha\AppData\Local\Origin
2021-04-09 19:40 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-08 11:13 - 2020-01-27 19:13 - 000000000 ____D C:\Users\rapha\AppData\Local\Packages
2021-04-07 15:10 - 2020-08-04 11:46 - 000000000 ____D C:\Users\rapha\Documents\Zoom
2021-04-05 16:40 - 2020-08-09 11:35 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-04 13:16 - 2020-04-15 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer
2021-04-04 13:16 - 2020-04-15 18:48 - 000000000 ____D C:\Program Files (x86)\Tribo Gamer
2021-04-04 13:06 - 2020-06-17 13:56 - 000000000 ____D C:\Users\rapha
2021-04-02 19:19 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-02 19:19 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-02 19:19 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-02 19:19 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-02 19:19 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-02 19:19 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-02 19:19 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-02 19:19 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-02 19:19 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-02 19:14 - 2020-06-17 14:10 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-03-31 23:52 - 2020-06-09 13:22 - 000000000 ____D C:\Users\rapha\.irpf
2021-03-30 20:19 - 2020-06-17 12:56 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-30 20:18 - 2020-01-22 16:34 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-30 20:18 - 2020-01-22 16:34 - 000000000 ____D C:\Program Files (x86)\Intel
2021-03-28 12:39 - 2020-07-05 23:39 - 000000000 ____D C:\Users\rapha\AppData\Roaming\Surviving Mars
2021-03-25 21:51 - 2020-01-27 20:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-03-18 19:55 - 2020-04-16 20:44 - 000000000 ____D C:\ProgramData\Epic

==================== Files in the root of some directories ========

2021-04-11 18:28 - 2021-04-11 18:28 - 000016438 _____ () C:\Users\rapha\AppData\Local\partner.bmp
2020-07-05 22:52 - 2020-07-05 22:52 - 000007602 _____ () C:\Users\rapha\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

"

Addition.txt

Adware keeps coming back (2024)
Top Articles
The Winchendon Courier - Obituaries
Obituaries in Gardner, MA | The Gardner News
Unitedhealthcare Community Plan Eye Doctors
Jilino.1 Club
UK election latest: Starmer embarks on 'reset' tour - as Tory leadership hopefuls 'coming to the fore'
Popular YouTuber dies 'suddenly and unexpectedly' aged 30
Kent-Forest Lawn Funeral Home and Cemetery | Panama City, FL
Tributes - Obituaries Panama City, FL | Kent-Forest Lawn Funeral Home and Cemeteries & Cremations
Koninklijk Theater Tuschinski
Pathé Amsterdam Noord
Greg's Botanicals
Richie Reception Hall
Latest Posts
The Winchendon Courier - Obituaries
The Winchendon Courier - Obituaries
Article information

Author: Dong Thiel

Last Updated:

Views: 5503

Rating: 4.9 / 5 (59 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Dong Thiel

Birthday: 2001-07-14

Address: 2865 Kasha Unions, West Corrinne, AK 05708-1071

Phone: +3512198379449

Job: Design Planner

Hobby: Graffiti, Foreign language learning, Gambling, Metalworking, Rowing, Sculling, Sewing

Introduction: My name is Dong Thiel, I am a brainy, happy, tasty, lively, splendid, talented, cooperative person who loves writing and wants to share my knowledge and understanding with you.