Can FRST64 logs reveal if a malicious trojan file that has already been removed by Microsoft Defender was active on my PC before removed? And also reveal real malware or false positives?
[Closed] Question FRST64 logs
- Thread starter classicaran
- Start date
- Status
Yes — FRST64 logs can often reveal evidence that a trojan or other malware was active on your system, even after Microsoft Defender (or another antivirus) has removed the actual malicious file.
However, it’s important to understand what FRST64 can and can’t do:
1. Persistence mechanisms left behind
Even if the malicious file has been deleted, FRST logs may still show:
Suppose Microsoft Defender quarantined
FRST might show something like:
This clearly indicates:
Bottom line:
FRST64 is extremely useful for forensics after malware removal. It often lets experienced analysts determine whether a trojan was truly active on your system, even if Defender already removed it. But it doesn’t “magically” see the past — its strength lies in the system changes the malware left behind.
However, it’s important to understand what FRST64 can and can’t do:
What FRST64 can reveal
1. Persistence mechanisms left behindEven if the malicious file has been deleted, FRST logs may still show:
- Run and RunOnce registry keys
- Scheduled Tasks created by the malware
- Startup entries (Startup folders, Services, Drivers, etc.)
- Explorer shell hijacks or unusual browser helper objects
- Proxy settings or DNS hijacks
- FRST includes a section called “LastRegBack”, “HKLM Run”, “HKCU Run”, “Winlogon”, and “Task Scheduler”. If there was a trojan that installed itself to persist on boot, traces often remain here even after removal.
- You might see a missing file path in startup entries or tasks (e.g.,
Task: C:\Users\User\AppData\Roaming\malware.exe (file missing)),
which strongly indicates the file once existed.
- Rogue DLLs or EXEs in temp directories
- Randomly named scheduled tasks or folders
- Modifications to browser settings or Windows services
- Unusual autorun entries
- FRST can’t by itself tell you with 100 % certainty whether something was malicious or a false positive.
- But it does help correlate:
- Where the file was located
- How it was launched or persisted
- Whether it was a known legitimate program or not (e.g., if it’s in
System32and signed vs. obscure temp folder with random name) - How the registry or system was modified
What FRST64 can’t do directly
- It cannot scan for active malware — it’s not an antivirus.
- It doesn’t detect behavior or network activity that happened in the past.
- If the malware cleaned up after itself perfectly, FRST may not show anything.
- It won’t definitively say “this was a trojan” or “this was a false positive” — but it gives strong indicators.
Practical example
Suppose Microsoft Defender quarantined C:\Users\John\AppData\Roaming\qkdpw.exe.FRST might show something like:
Code:
HKCU\...\Run: [qkdpw] => C:\Users\John\AppData\Roaming\qkdpw.exe (file missing)
Task: {73F45A3B-F83D-4B5D-8E3D-872F12345678} - System32\Tasks\qkdpw => C:\Users\John\AppData\Roaming\qkdpw.exe (file missing)- The file was set to auto-start.
- It existed and has since been removed.
- This pattern matches many common trojans — very likely a real infection, not a false positive.
How to proceed
- Analyze the FRST logs carefully (or post them on a trusted malware removal forum like MalwareTips or BleepingComputer for expert review).
- Check suspicious entries against:
- VirusTotal (hash or filename if known)
- Microsoft / legitimate software lists
- If traces remain, a custom FRST fixlist.txt can be used to clean them up.
- Run additional scans (Defender, Malwarebytes, ESET Online Scanner) to ensure no active remnants remain.
Summary
| Task | FRST64 can help with | FRST64 can’t |
|---|---|---|
| Detect past malware traces | Yes, if persistence or registry entries remain | If everything was wiped clean |
| Distinguish real vs. false positive |  Contextual clues only | Definitive verdict |
| Confirm active infection | | Antivirus required |
| Cleanup | With a proper fixlist | Automatic detection |
Bottom line:FRST64 is extremely useful for forensics after malware removal. It often lets experienced analysts determine whether a trojan was truly active on your system, even if Defender already removed it. But it doesn’t “magically” see the past — its strength lies in the system changes the malware left behind.
Hello..! Welcome to the Windows Malware Removal Help section. 
My name is icotonev and I'm here to help you remove malware ..! The purpose of this section is to help you remove malware from your device based on the analysis of the logs provided. If you think your computer is infected, please read and follow the following instructions:
Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT
If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
In your next reply, please include:
My name is icotonev and I'm here to help you remove malware ..! The purpose of this section is to help you remove malware from your device based on the analysis of the logs provided. If you think your computer is infected, please read and follow the following instructions:Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT
If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
- Press Scan button and wait for a while.
- The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
- Please attach the content of these two logs in your next reply. ... or copy and paste the entire contents of the logs
In your next reply, please include:
- FRST.txt
- Addition.txt
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2025
Ran by Retrogamer87 SSD (09-10-2025 07:09:02)
Running from C:\Users\Retrogamer87 SSD\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.6396 (X64) (2023-09-02 17:44:54)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrador (S-1-5-21-2307758842-2925553095-3651173823-500 - Administrator - Disabled)
Convidado (S-1-5-21-2307758842-2925553095-3651173823-501 - Limited - Enabled)
DefaultAccount (S-1-5-21-2307758842-2925553095-3651173823-503 - Limited - Disabled)
Retrogamer87 SSD (S-1-5-21-2307758842-2925553095-3651173823-1001 - Administrator - Enabled) => C:\Users\Retrogamer87 SSD
WDAGUtilityAccount (S-1-5-21-2307758842-2925553095-3651173823-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky (Disabled - Up to date) {70E35457-C7D9-669C-FEA5-55382EABDC78}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 25.01 (x64) (HKLM\...\7-Zip) (Version: 25.01 - Igor Pavlov)
AIDA64 Extreme v7.70 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 7.70 - FinalWire Ltd.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.6.1 - Advanced Micro Devices, Inc.)
ASRock eXtreme Tuner v0.1.434 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: 0.1.434 - ASRock Inc.)
ASRock XFast RAM v2.0.29 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)
aTube Catcher versão 10.10.0 (HKLM\...\{363C8C67-92B1-4FC9-BEC0-F5F197EFA07E}_is1) (Version: 10.10.0 - DsNET Corp. - Diego Uscanga)
balenaEtcher (HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\balena_etcher) (Version: 2.1.4 - Balena Ltd. <hello@balena.io>)
BlueStacks (HKLM\...\BlueStacks_nxt) (Version: 5.22.91.1029 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\BlueStacksServices) (Version: 3.0.9 - now.gg, Inc.)
Branding64 (HKLM\...\{0DB6E0DC-607A-42C1-A3CE-7567A9F85AF4}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
By Click Downloader (HKLM-x32\...\{8BB08C18-6BB5-4CF0-88AB-EA64B9F8992E}) (Version: 2.4.6 - ByClick) Hidden
CCleaner 7 (HKLM\...\CCleaner 7) (Version: 7.0.984.1153 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
ChomikBox (HKLM-x32\...\{8E4185CC-4FF3-46B9-A4DB-5B850B71ABC4}) (Version: 2.0.8.2 - Chomikuj.pl)
CPUID HWMonitor 1.59 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.59 - CPUID, Inc.)
CrystalDiskInfo 9.7.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.7.2 - Crystal Dew World)
CrystalDiskMark 8.0.4c (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.4c - Crystal Dew World)
CrystalDiskMark 9.0.1 (HKLM\...\CrystalDiskMark9_is1) (Version: 9.0.1 - Crystal Dew World)
DiskFresh 1.1 (HKLM\...\DiskFresh_is1) (Version: - Puran Software)
DownloadHelper CoApp (HKLM-x32\...\DownloadHelper CoApp) (Version: 2.0.19.0 - ACLAP)
Driver Booster 12 (HKLM-x32\...\Driver Booster_is1) (Version: 12.6.0 - IObit)
ENE_QSI_Loki_HAL (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
ENE_QSI_Loki_HAL (HKLM-x32\...\{205ef3a8-937b-43cb-90fc-2f58f71408d8}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
Foxit PDF Reader (HKLM\...\{01a75e1e-7567-11f0-b81f-54bf64a63c26}) (Version: 2025.2.0.33046 - Foxit Software Inc.) Hidden
Foxit PDF Reader (HKLM-x32\...\{07076c18-fbda-44e6-81c4-4bf87112af2a}) (Version: 2025.2.0.33046 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 141.0.7390.55 - Google LLC)
GSmartControl (HKLM\...\GSmartControl) (Version: 1.1.4 - Alexander Shaduri)
GSmartControl (HKLM-x32\...\gsmartcontrol) (Version: 2.0.2 - Alexander Shaduri)
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HP Deskjet 1510 series Software básico do dispositivo (HKLM\...\{4F67DA9C-821A-42EA-A23A-AF980EA17E7F}) (Version: 32.4.118.94128 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0.1 - AppWork GmbH)
Malwarebytes version 5.2.3.156 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.3.156 - Malwarebytes)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.17 (x86) (HKLM-x32\...\{54DE7EA9-E391-4BD2-A373-3A72A18EBDB5}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.36 (x86) (HKLM-x32\...\{FBC9D6AE-6396-4FC7-BC18-00852836F16D}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.20 (x64) (HKLM\...\{EE5EB03B-D65C-4991-848E-2C6E024326DB}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x86) (HKLM-x32\...\{AF01038B-6523-4EA7-9D9E-4F1E2927D88B}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.36 (x86) (HKLM-x32\...\{6F73FE7B-B9C3-4A05-8138-0E44543D755F}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.20 (x64) (HKLM\...\{B0FC828F-678C-4868-9B5B-99639758E6F3}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{59650A2A-3839-46EC-9D9C-6B3B1C743C55}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.36 (x86) (HKLM-x32\...\{89C09E22-01D0-41F6-BAD3-CA0A8B74AD22}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.20 (x64) (HKLM\...\{221BB52A-B763-4C9D-AA62-4B0B6C9AAD62}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 141.0.3537.57 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 141.0.3537.57 - Microsoft Corporation) Hidden
Microsoft GameInput (HKLM\...\{64D0CCB1-329E-D507-0886-47E53D59AE21}) (Version: 10.1.26100.6106 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35211 (HKLM-x32\...\{d8bbe9f9-7c5b-42c6-b715-9ee898a2e515}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.44.35211 (HKLM-x32\...\{0b5169e3-39da-4313-808e-1f9c0407f3bf}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.44.35211 (HKLM\...\{86AB2CC9-08BD-4643-B0F9-F82D006D72FF}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.44.35211 (HKLM\...\{43B0D101-A022-48F4-9D04-BA404CEB1D53}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.44.35211 (HKLM-x32\...\{C18FB403-1E88-43C8-AD8A-CED50F23DE8B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.44.35211 (HKLM-x32\...\{922480B5-CAEB-4B1B-AAA4-9716EFDCE26B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM\...\{5BEE5F3E-4D78-4DE8-A8F3-36D3E9D8868C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM-x32\...\{0eddeab6-01c1-4cf7-83ba-164ea8974c90}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{098c6ff7-1af1-4c4a-b86f-c60608c98e31}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{0D02D706-44F2-4957-A448-E7259A0B56B9}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x86) (HKLM-x32\...\{9A00C541-6944-4969-9DFE-A7289215800D}) (Version: 48.144.23186 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x86) (HKLM-x32\...\{c37854d7-1852-4785-82ff-86ff988e4caf}) (Version: 6.0.36.34217 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.20 (x64) (HKLM\...\{72C29BED-666F-4E5E-BC49-DF44C890742E}) (Version: 56.80.15245 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.20 (x64) (HKLM-x32\...\{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}) (Version: 7.0.20.33720 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 12.9 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.9 - MiniTool Software Limited)
MPC-HC 2.5.2 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 2.5.2 - MPC-HC Team)
OnScreen Control (HKLM-x32\...\{E5C1B339-0E4E-49A5-859E-5E1DE1938706}) (Version: 8.26.0 - LG Electronics Inc)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 5.0.2 - The qBittorrent project)
QuickMemoryTestOK (HKLM\...\QuickMemoryTestOK) (Version: - com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7560 - Realtek Semiconductor Corp.)
RetroArch (HKLM-x32\...\RetroArch) (Version: 1.21.0.0 - Libretro)
SD Card Formatter (HKLM-x32\...\{D02212EA-E02A-4521-9036-5367734FC66E}) (Version: 5.0.2 - SD Association)
SeaTools (HKLM-x32\...\SeaTools 5.1.182) (Version: 5.1.182 - Seagate)
Smart Defrag 11 (HKLM-x32\...\Smart Defrag_is1) (Version: 11.0.0.454 - IObit)
Speccy (HKLM\...\Speccy) (Version: 1.33 - Piriform)
Telegram Desktop (HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 6.1.3 - Telegram FZ-LLC)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation)
Verificação de integridade do PC Windows (HKLM\...\{2403B2D2-1FDC-497D-B181-F53D079FEAAA}) (Version: 3.6.2204.08001 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
Warsaw 2.50.0.13 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.50.0.13 - Topaz)
WifiAutoInstall version 2.0.0.8 (HKLM\...\{BBADB2D6-0408-42D0-AAF8-B79D3E8B994C}_is1) (Version: 2.0.0.8 - Realtek, Inc.)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
WinRAR 7.13 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.13.0 - win.rar GmbH)
Wise Folder Hider (HKLM-x32\...\Wise Folder Hider_is1) (Version: 5.0.9 - Lespeed Technology Co., Ltd.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => -> No File
ContextMenuHandlers1: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => -> No File
ContextMenuHandlers1: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => -> No File
ContextMenuHandlers1: [Kaspersky Standard 21.18] -> {2962565E-CA75-4BF1-B282-AE912144D3DA} => -> No File
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2025-04-22] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\rarext.dll [2025-07-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\rarext32.dll [2025-07-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => -> No File
ContextMenuHandlers2: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => -> No File
ContextMenuHandlers2: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => -> No File
ContextMenuHandlers2: [Kaspersky Standard 21.18] -> {2962565E-CA75-4BF1-B282-AE912144D3DA} => -> No File
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-12-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => -> No File
ContextMenuHandlers4: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => -> No File
ContextMenuHandlers4: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => -> No File
ContextMenuHandlers4: [Kaspersky Standard 21.18] -> {2962565E-CA75-4BF1-B282-AE912144D3DA} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-08-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => -> No File
ContextMenuHandlers6: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => -> No File
ContextMenuHandlers6: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => -> No File
ContextMenuHandlers6: [Kaspersky Standard 21.18] -> {2962565E-CA75-4BF1-B282-AE912144D3DA} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-12-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2025-04-22] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\rarext.dll [2025-07-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\rarext32.dll [2025-07-28] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000057856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\audio\qtaudio_windows.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000735232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000120832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000480256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5RemoteObjects.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000262144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [6962]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aDXs4 [3506]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddpp.sys:TWluaml1 [4310]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [6962]
AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [6962]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [6962]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 06:14 - 2024-09-29 19:55 - 000001342 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 easeus.com
127.0.0.1 www.easeus.com
127.0.0.1 activation.easeus.com
127.0.0.1 easeus.com.cn
127.0.0.1 www.easeus.com.cn
127.0.0.1 track.easeus.com
127.0.0.1 track.easeus.com.cn
127.0.0.1 api.easeus.com
127.0.0.1 update.easeus.com
127.0.0.1 map2.hwcdn.net
127.0.0.1 easeusinfo.us-east-1.log.aliyuncs.com
127.0.0.1 aaa100cd68bbe03f3.awsglobalaccelerator.com
127.0.0.1 uompro.easeus.com
127.0.0.1 order.easeus.com
127.0.0.1 curl.haxx.se
127.0.0.1 buy.easeus.com
127.0.0.1 v2api-uoss.easeus.com
==================== Network ===========================
(Currently there is no automatic fix for this section.)
DNS Servers: 177.37.220.17 - 177.37.220.18
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Wi-Fi: Realtek 8811CU Wireless LAN 802.11ac USB NIC -> rtwlanu.sys
nt_wsddntf: Topaz OFD Network Monitor
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Smart Projects\IsoBuster;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\;C:\Program Files\dotnet\
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\DesktopSpotlight\Assets\Images\image_1.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\Retrogamer87 SSD\Desktop\FRST64.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\Retrogamer87 SSD\Desktop\FRST64english.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\C:\Users\Retrogamer87 SSD\AppData\Roaming\secure\QtWebKit4.dll
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\C:\Users\Retrogamer87 SSD\Desktop\FRST64.exe
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AMD Crash Defender Service => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: CCleanerPerformanceOptimizerService => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: GameInput Service => 2
MSCONFIG\Services: GameInputSvc => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: GoogleUpdaterInternalService140.0.7273.0 => 2
MSCONFIG\Services: GoogleUpdaterService140.0.7273.0 => 2
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ucldr_mirm_gl => 3
MSCONFIG\Services: ucldr_MirTrilogy4_GL => 3
HKLM\...\StartupApproved\StartupFolder: => "~D Realtek.tmp"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Opera Browser Assistant"
HKLM\...\StartupApproved\Run: => "Reader_Sl"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "OnScreen Control"
HKLM\...\StartupApproved\Run32: => "Reader_Sl"
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_8EEAEEB46E33F9779E13CFEFDF016B9D"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{6A1A66FE-412F-4DE3-9801-FCE1E3250654}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{067B001C-5CE5-4C43-B391-C900B4A0B458}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{A36AC2FC-FF2E-4599-BDCC-BF81F8AC25CA}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{15B2B610-297A-46B3-970A-4BC5C9772622}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{BD6BF039-82F4-499D-8542-EB24C7AF4C1D}] => (Allow) LPort=42305
FirewallRules: [{E5C66399-F9CC-4BF7-B27E-D396C41F6BF5}] => (Allow) LPort=20902
FirewallRules: [{F7FB7F27-44E4-4ECA-81A9-C56908A9637C}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{8E1B8727-9805-4076-941B-98AAF3B2EB53}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{6BE1F60C-E081-477E-87A0-835E425FFFD5}] => (Allow) C:\Program Files\Topaz OFD\Warsaw\core.exe (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
FirewallRules: [{C9E0EEF5-DB55-4797-A5CF-F1E2D9905E60}] => (Allow) LPort=57209
FirewallRules: [{B3ADE6DD-5094-4D97-90CC-ED8A0CB9DB04}] => (Allow) LPort=57210
FirewallRules: [{C99A2F14-DCB6-45D0-ACFC-7E4D49B4B5BB}] => (Allow) LPort=57211
FirewallRules: [{1E46FD90-E282-4D54-AE4E-FA35E776E507}] => (Allow) LPort=57212
FirewallRules: [{9B18E5E9-8016-4BCA-95A0-DE33A71C980B}] => (Allow) LPort=57213
FirewallRules: [{5059AE68-6CD8-482F-9947-DCDF78E80450}] => (Allow) LPort=57214
FirewallRules: [{F10C107E-2FC3-460C-9B72-24ADBE61B5C1}] => (Allow) LPort=57215
FirewallRules: [{B560F0EC-0EC7-419B-81ED-FF6A9B73BE48}] => (Allow) LPort=57216
FirewallRules: [{D7B4AFC3-250C-4753-BDA4-704CE9FA393E}] => (Allow) LPort=57217
FirewallRules: [{D769806C-AAF9-4EA5-8EA9-FE1A4174A759}] => (Allow) LPort=57218
FirewallRules: [{7FB7F3F5-39EF-45D8-92B9-D13D1A1D9C6D}] => (Allow) LPort=57209
FirewallRules: [{AA5FEC70-5E20-40A1-9142-F30ADA239DDD}] => (Allow) LPort=57210
FirewallRules: [{9318F053-71FF-4D71-81A3-0E1AA3EE8E97}] => (Allow) LPort=57211
FirewallRules: [{4BAF74C4-AAD9-4E61-BFCB-174755911ECA}] => (Allow) LPort=57212
FirewallRules: [{D9475071-4577-417E-9077-116182A978AC}] => (Allow) LPort=57213
FirewallRules: [{ADD4DB77-B8DE-4C71-978E-DB395323390C}] => (Allow) LPort=57214
FirewallRules: [{290893F2-6E34-402E-960A-C4F91CAFF9D0}] => (Allow) LPort=57215
FirewallRules: [{8A141AD4-F1B6-4AA6-A133-2A95F3BE1ED9}] => (Allow) LPort=57216
FirewallRules: [{8420F260-B6E9-4FC2-B9B1-E12CB2941B5B}] => (Allow) LPort=57217
FirewallRules: [{63D8635D-5B63-4AB9-9AB7-8E8CE75E83B0}] => (Allow) LPort=57218
FirewallRules: [{AE9DAE80-A1D4-4FA5-8D13-7E7C2D22CA3B}] => (Allow) LPort=23007
FirewallRules: [{0FC5F4B4-40EA-4E4F-9622-46AC24AE030A}] => (Allow) LPort=23008
FirewallRules: [{BA9CA895-3A3F-4A81-A63B-7A026A10540D}] => (Allow) LPort=33009
FirewallRules: [{78527F6F-DBFE-4557-BEF9-4CF7073DB422}] => (Allow) LPort=33010
FirewallRules: [{0ECA6733-D950-4513-9666-C16A18379EE0}] => (Allow) LPort=33011
FirewallRules: [{D514889F-7CBA-4B42-8504-EC2515EFCCE7}] => (Allow) LPort=43012
FirewallRules: [{6B610729-5A59-4D2D-A186-458C65ABDC92}] => (Allow) LPort=43013
FirewallRules: [{5178EC68-E51C-4E10-A5FA-BED072AD437C}] => (Allow) LPort=53014
FirewallRules: [{2411528E-C292-4A27-B557-57C277EA9788}] => (Allow) LPort=53015
FirewallRules: [{DD975457-949F-400A-8D0C-63E79543D8CA}] => (Allow) LPort=53016
FirewallRules: [{8A97C1E7-4B11-47D3-BBC7-8E822533A567}] => (Allow) LPort=23007
FirewallRules: [{85C5D65C-5D6B-4DAF-801C-DA284C785873}] => (Allow) LPort=23008
FirewallRules: [{C9D1A772-F964-422F-B332-98432AB0E25D}] => (Allow) LPort=33009
FirewallRules: [{C84AABC6-42CD-44A0-838F-CAA4DACCEFC1}] => (Allow) LPort=33010
FirewallRules: [{AF9D6D83-AD5D-49FD-A866-64149CD31020}] => (Allow) LPort=33011
FirewallRules: [{C5CE2CE1-74C7-4B49-BD17-4330C7A8A27E}] => (Allow) LPort=43012
FirewallRules: [{FD1C1264-278D-4887-BC14-D30D8A8AA5E2}] => (Allow) LPort=43013
FirewallRules: [{B751B608-A00A-4824-8E87-9C2AA0CD6029}] => (Allow) LPort=53014
FirewallRules: [{B6067CEB-168F-4855-A563-FCEA1DC5280D}] => (Allow) LPort=53015
FirewallRules: [{937A9C2D-C492-43DC-AD73-34EB87112342}] => (Allow) LPort=53016
FirewallRules: [{042D6D10-9718-4552-88F4-59E6CD8C9082}] => (Allow) LPort=50053
FirewallRules: [{ED9287C7-B13A-4137-BB40-393B1572BBBB}] => (Allow) LPort=50053
FirewallRules: [{EC2232BF-F603-4E4C-BB74-A28F1C5153EE}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{FF0A555D-0273-4A91-A23B-136F3FB11E2A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{E855747A-D193-4DCF-9188-2A88FDEF5114}C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{782E90EC-CA3A-4585-81CF-8E59770EC791}C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{DDDE2468-9C79-47AD-95B3-F8E923CA4B42}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{6328117D-6D83-4319-AC38-B115161D8344}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)
FirewallRules: [TCP Query User{A61B4F83-EF94-4245-90D7-FCB65147837D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{5D08058E-DB99-4F90-BB25-1F805F9A6E96}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{1C3373A2-8EEC-4310-A34E-B700237758A1}C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{7AE6C5E7-4279-46E9-B2D1-40405CDDD435}C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{4AC4C7E6-D89F-4129-8F8C-04AD71FD1914}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [UDP Query User{440DBEAB-4C5E-4DB5-91DB-F4E7E8907819}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{3FFB5E28-A0FB-4137-9EAB-330B8FEC1695}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:475.88 GB) (Free:50.64 GB) (11%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (10/08/2025 03:04:40 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007045b, O sistema está sendo desligado..
Error: (10/08/2025 03:04:40 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} e nome CEventSystem. [0x8007045b, O sistema está sendo desligado.]
Error: (10/08/2025 12:33:52 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Erro ao atualizar o status para SECURITY_PRODUCT_STATE_SNOOZED.
Error: (10/08/2025 12:33:43 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: A Central de Segurança não validou o chamador com o erro %1.
Error: (10/07/2025 10:23:06 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em (G devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A)
Error: (10/06/2025 04:13:27 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: O Windows não pode acessar o arquivo por um destes motivos:
há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento
instalados neste computador, ou o disco está ausente.
O Windows fechou o programa gopher64 por causa desse erro.
Programa: gopher64
Arquivo:
O valor do erro está listado na seção Dados Adicionais.
Ação do Usuário
1. Abra o arquivo novamente.
Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente.
2.
Se o arquivo ainda não puder ser acessado e
- não estiver na rede,
o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado.
- Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador.
3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER.
4. Se o problema persistir, restaure o arquivo de uma cópia de backup.
5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para
obter assistência adicional.
Dados Adicionais
Valor do erro: 00000000
Tipo de disco: 0
Error: (10/06/2025 04:13:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: gopher64-windows-x86_64.exe, versão: 1.1.6.0, carimbo de data/hora: 0x68cd38d9
Nome do módulo com falha: gopher64-windows-x86_64.exe, versão: 1.1.6.0, carimbo de data/hora: 0x68cd38d9
Código de exceção: 0xc000001d
Deslocamento da falha: 0x0000000000cdfb93
ID do processo com falha: 0xf5c
Hora de início do aplicativo com falha: 0x01dc36f54b3217a3
Caminho do aplicativo com falha: C:\Users\Retrogamer87 SSD\Downloads\HDs Externos 2025\Emuladores\gopher64-windows-x86_64.exe
Caminho do módulo com falha: C:\Users\Retrogamer87 SSD\Downloads\HDs Externos 2025\Emuladores\gopher64-windows-x86_64.exe
ID do Relatório: 7aa5de95-1969-42bb-aba0-a16a80e298ea
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:
Error: (10/06/2025 04:12:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: O Windows não pode acessar o arquivo por um destes motivos:
há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento
instalados neste computador, ou o disco está ausente.
O Windows fechou o programa gopher64 por causa desse erro.
Programa: gopher64
Arquivo:
O valor do erro está listado na seção Dados Adicionais.
Ação do Usuário
1. Abra o arquivo novamente.
Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente.
2.
Se o arquivo ainda não puder ser acessado e
- não estiver na rede,
o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado.
- Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador.
3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER.
4. Se o problema persistir, restaure o arquivo de uma cópia de backup.
5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para
obter assistência adicional.
Dados Adicionais
Valor do erro: 00000000
Tipo de disco: 0
System errors:
=============
Error: (10/09/2025 03:10:10 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Error: (10/09/2025 03:10:10 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Error: (10/08/2025 03:10:10 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Error: (10/08/2025 03:10:10 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Error: (10/08/2025 08:06:24 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Error: (10/08/2025 08:06:24 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Error: (10/07/2025 08:06:24 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Error: (10/07/2025 08:06:24 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Windows Defender:
================
Date: 2025-10-09 07:05:10
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
Nome: Trojan:Win64/Malgent!MSR
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Users\Retrogamer87 SSD\Desktop\FRST64english.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: DESKTOP-3DM2P71\Retrogamer87 SSD
Nome do Processo: C:\Windows\explorer.exe
Versão da Inteligência de Segurança: AV: 1.439.24.0, AS: 1.439.24.0, NIS: 1.439.24.0
Versão do Mecanismo: AM: 1.1.25090.3001, NIS: 1.1.25090.3001
Date: 2025-10-08 21:17:31
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
Nome: Trojan:Win32/Wacatac.C!ml
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Users\Retrogamer87 SSD\AppData\Roaming\secure\QtWebKit4.dll
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: NT Authority\System
Nome do Processo: System
Versão da Inteligência de Segurança: AV: 1.439.24.0, AS: 1.439.24.0, NIS: 1.439.24.0
Versão do Mecanismo: AM: 1.1.25090.3001, NIS: 1.1.25090.3001
Date: 2025-10-08 21:10:14
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
Nome: Trojan:Win64/Malgent!MSR
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Users\Retrogamer87 SSD\Desktop\FRST64.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: DESKTOP-3DM2P71\Retrogamer87 SSD
Nome do Processo: C:\Windows\explorer.exe
Versão da Inteligência de Segurança: AV: 1.439.24.0, AS: 1.439.24.0, NIS: 1.439.24.0
Versão do Mecanismo: AM: 1.1.25090.3001, NIS: 1.1.25090.3001
Date: 2025-10-08 21:08:51
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
Nome: Trojan:Win64/Malgent!MSR
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Users\Retrogamer87 SSD\Downloads\FRST64.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: DESKTOP-3DM2P71\Retrogamer87 SSD
Nome do Processo: C:\Program Files\Topaz OFD\Warsaw\core.exe
Versão da Inteligência de Segurança: AV: 1.439.24.0, AS: 1.439.24.0, NIS: 1.439.24.0
Versão do Mecanismo: AM: 1.1.25090.3001, NIS: 1.1.25090.3001
Date: 2025-10-08 21:08:27
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
Nome: Trojan:Win64/Malgent!MSR
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Users\Retrogamer87 SSD\Downloads\FRST64.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: DESKTOP-3DM2P71\Retrogamer87 SSD
Nome do Processo: C:\Program Files\Topaz OFD\Warsaw\core.exe
Versão da Inteligência de Segurança: AV: 1.439.24.0, AS: 1.439.24.0, NIS: 1.439.24.0
Versão do Mecanismo: AM: 1.1.25090.3001, NIS: 1.1.25090.3001
CodeIntegrity:
===============
Date: 2025-10-09 04:46:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Topaz OFD\Warsaw\wslbdhm64.dll that did not meet the Microsoft signing level requirements.
Date: 2025-10-08 15:05:35
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Topaz OFD\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.
Date: 2025-10-08 15:05:35
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Topaz OFD\Warsaw\wslbscr64.dll that did not meet the Microsoft signing level requirements.
Date: 2025-10-08 12:33:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22\x64\com_antivirus.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. P1.40 10/01/2013
Motherboard: ASRock B75M-DGS R2.0
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 89%
Total physical RAM: 16329.95 MB
Available physical RAM: 1750.48 MB
Total Virtual: 29129.95 MB
Available Virtual: 5273.34 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:475.88 GB) (Free:50.63 GB) (Model: SATA3 512GB SSD) NTFS
Drive g: () (Fixed) (Total:464.7 GB) (Free:186.33 GB) (Model: WDC WD5000BEVT-00ZAT0) NTFS
\\?\Volume{ec57e732-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{ec57e732-0000-0000-0000-001b77000000}\ () (Fixed) (Total:0.52 GB) (Free:0.06 GB) NTFS
\\?\Volume{000777b1-0000-0000-0000-404f74000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: EC57E732)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=475.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=528 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 000777B1)
Partition 1: (Not Active) - (Size=464.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=534 MB) - (Type=27)
==================== End of Addition.txt =======================
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2025
Ran by Retrogamer87 SSD (administrator) on DESKTOP-3DM2P71 (09-10-2025 07:06:47)
Running from C:\Users\Retrogamer87 SSD\Desktop\FRST64english.exe
Loaded Profiles: Retrogamer87 SSD
Platform: Microsoft Windows 10 Pro Version 22H2 19045.6396 (X64) Language: Português (Brasil)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Windows\runSW.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <106>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Piriform\CCleaner 7\CCleaner_service.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exe
(services.exe ->) (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD) C:\Program Files\Topaz OFD\Warsaw\core.exe <2>
(svchost.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Piriform\CCleaner 7\CCleaner.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Reader_Sl] => C:\Program Files\Foxit Software\Foxit PDF Reader\reader_sl.exe [4312128 2025-06-29] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
HKLM-x32\...\Run: [OnScreen Control] => C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreenStartUpApp.exe [1823560 2022-08-29] (LG Electronics Inc. -> LG Electronics Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\Run: [MicrosoftEdgeAutoLaunch_8EEAEEB46E33F9779E13CFEFDF016B9D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4265000 2025-10-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\MountPoints2: {e26711fa-72e4-11f0-b6f3-bc5ff4cbae09} - "E:\WifiAutoInstallSetup.exe"
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [154112 2024-04-25] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP c111 Status Monitor: C:\WINDOWS\system32\hpinkstsc111LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\141.0.7390.55\Installer\chrmstp.exe [2025-10-07] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~D Realtek.tmp [2020-12-25] () [File not signed] <==== ATTENTION
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {136F3929-5B5F-4953-BF80-20243B9C01F0} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1708512 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {A79F4C40-F697-4DD7-A840-9EE02D8C3A36} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1708512 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {F47A8EF7-B3EF-493A-A5C8-67651BDD27D9} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302960 2025-07-09] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {8FE60A2E-B021-4B3C-8C2F-A7CD3A5AAD46} - System32\Tasks\Driver Booster SkipUAC (Retrogamer87 SSD) => C:\Program Files (x86)\IObit\Driver Booster\12.6.0\DriverBooster.exe [8295632 2025-07-23] (IObit CO., LTD -> IObit)
Task: {0EBC88FC-8ADF-45E0-AFAA-96C2B9772830} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem142.0.7416.0{BAF0BD8A-51DE-4CFF-A2AD-7EE4DFBD7C80} => C:\Program Files (x86)\Google\GoogleUpdater\142.0.7416.0\updater.exe [6863512 2025-09-15] (Google LLC -> Google LLC)
Task: {0A330237-D390-4D7F-9358-C025A2A37F7F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FAD3B4F2-8341-49E9-90D7-BC23102209F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {302F789E-68B3-4327-B9EB-1EDE598E9C47} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {67533EB3-7369-4BEB-934A-A59C867EF559} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8997E7F0-E9DB-4A2B-8337-4A6FB38A3974} - System32\Tasks\Piriform\CCleaner 7 - S-1-5-21-2307758842-2925553095-3651173823-1001 => C:\Program Files\Piriform\CCleaner 7\CCleaner.exe [4717688 2025-10-07] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {0A930782-7150-4E07-A4C3-52BB3AD42625} - System32\Tasks\Piriform\CCleaner 7 BugReport => C:\Program Files\Piriform\CCleaner 7\CCleanerBugReport.exe [6243960 2025-10-07] (Gen Digital Inc. -> Gen Digital Inc.) -> --send "dumps|report" --product 234 --programpath "C:\Program Files\Piriform\CCleaner 7" --configpath "C:\Program Files\Piriform\CCleaner 7\data" --path "C:\Program Files\Piriform\CCleaner 7\log" --path "C:\Program Files\Piriform\CCleaner 7\data\dumps" --logpath "C:\Program Files\Piriform\CCleaner 7 (the data entry has 58 more characters).
Task: {1927BCC8-5180-4FE8-86C7-EF9C3FFECD3D} - System32\Tasks\Piriform\CCleaner 7 Update => C:\Program Files\Common Files\Piriform\Icarus\piriform-ccl\icarus.exe [8971064 2025-10-02] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {B68F0D0B-728B-4995-BD9D-2BA50980E2DA} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3723600 2025-07-15] (IObit CO., LTD -> IObit)
Task: {82813D3B-0725-4145-B5FD-783C414E2BB3} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [57312 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {E3F39B2A-C2EC-43EE-BB06-4DAD95555DD1} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [263136 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 177.37.220.17 177.37.220.18
Tcpip\..\Interfaces\{2bacfdeb-3e05-4224-a52b-164005dad435}: [DhcpNameServer] 177.37.220.17 177.37.220.18
Tcpip\..\Interfaces\{5fde70cd-dbc3-46f8-9da7-9193dc3f0005}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default [2025-10-09]
Edge DownloadDir: Default -> G:\
Edge Notifications: Default -> hxxps://www.facebook.com; hxxps://www.physicsforums.com
Edge Session Restore: Default -> is enabled.
Edge Extension: (Google Tradutor) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2024-09-09]
Edge Extension: (Kaspersky Protection) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2025-10-04]
Edge Extension: (Free Download Manager) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2025-05-27]
Edge Extension: (Disable automatic tab discarding) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dnhngfnfolbmhgealdpolmhimnoliiok [2024-06-25]
Edge Extension: (MetaMask) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2025-05-27]
Edge Extension: (WA Web Plus by Elbruz Technologies) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ekcgkejcjdcmonfpmnljobemcbpnkamh [2025-09-26]
Edge Extension: (Browsec VPN - Free VPN for Edge) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fjnehcbecaggobjholekjijaaekbnlgj [2025-10-08]
Edge Extension: (Segurança do navegador Avira) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2024-08-20]
Edge Extension: (Documentos Google off-line) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-17]
Edge Extension: (Adblock Plus - bloqueador de anúncios grátis) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2025-10-04]
Edge Extension: (Tampermonkey) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iikmkjmpaadaobahmlepeloendndfphd [2025-10-08]
Edge Extension: (Edge relevant text changes) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-25]
Edge Extension: (Video DownloadHelper) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmkaglaafmhbcpleggkmaliipiilhldn [2025-10-09]
Edge Extension: (Auto Replay for YouTube™) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mcdpnidfhfjfbafmpppcplcejgepadbo [2022-07-18]
Edge Profile: C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2025-09-20]
Edge Extension: (Kaspersky Protection) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2024-01-10]
Edge Extension: (Documentos Google off-line) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-10]
Edge Extension: (Edge relevant text changes) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-10]
Edge HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
FireFox:
========
FF DefaultProfile: l66dl1iw.default
FF ProfilePath: C:\Users\Retrogamer87 SSD\AppData\Roaming\Mozilla\Firefox\Profiles\l66dl1iw.default [2025-01-10]
FF ProfilePath: C:\Users\Retrogamer87 SSD\AppData\Roaming\Mozilla\Firefox\Profiles\36sd0zyw.default-release-1733611670702 [2025-10-08]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2025-01-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2024-12-07] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2024-12-07] <==== ATTENTION
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default [2025-10-09]
CHR DownloadDir: G:\
CHR Notifications: Default -> hxxps://antiqueradios.com; hxxps://app.element.io; hxxps://chat.movidesk.com; hxxps://community.academydigitalpreservationforum.org; hxxps://community.element14.com; hxxps://community.sparkfun.com; hxxps://community.spiceworks.com; hxxps://community.synology.com; hxxps://community.wd.com; hxxps://eletronica2002.forumeiros.com; hxxps://eletronicabr.com; hxxps://engineerboards.com; hxxps://forum.adrenaline.com.br; hxxps://forum.arduino.cc; hxxps://forum.contextualelectronics.com; hxxps://forum.core-electronics.com.au; hxxps://forum.digikey.com; hxxps://forum.headphones.com; hxxps://forum.hifiguides.com; hxxps://forum.level1techs.com; hxxps://forum.outerspace.com.br; hxxps://forum.pedalpcb.com; hxxps://forum.zwame.pt; hxxps://forums.anandtech.com; hxxps://forums.libretro.com; hxxps://forums.overclockers.co.uk; hxxps://forums.truenas.com; hxxps://gbatemp.net; hxxps://h5-global.alimebot.aliexpress.com; hxxps://hackaday.io; hxxps://hardlevel.com.br; hxxps://itsfoss.community; hxxps://linustechtips.com; hxxps://mail.google.com; hxxps://malwaretips.com; hxxps://pchelpforum.net; hxxps://physicshelpforum.com; hxxps://pir2.forumeiros.com; hxxps://profes.com.br; hxxps://qltuh.alpenridge.top; hxxps://shopee.com.br; hxxps://smallseotools.com; hxxps://thewindowsforum.com; hxxps://web.telegram.org; hxxps://web.whatsapp.com; hxxps://windows10.help; hxxps://windowsforum.com; hxxps://www.airdroid.com; hxxps://www.avforums.com; hxxps://www.candlepowerforums.com; hxxps://www.clubedohardware.com.br; hxxps://www.edaboard.com; hxxps://www.electronics-talk.com; hxxps://www.elektroda.com; hxxps://www.elektroda.pl; hxxps://www.facebook.com; hxxps://www.hardwareluxx.de; hxxps://www.joom.com; hxxps://www.kwai.com; hxxps://www.metropoles.com; hxxps://www.pcreview.co.uk; hxxps://www.physicsforums.com; hxxps://www.seagate.com; hxxps://www.snbforums.com; hxxps://www.synoforum.com; hxxps://www.technibble.com; hxxps://www.techpowerup.com; hxxps://www.tenforums.com; hxxps://www.tenorshare.net; hxxps://x.com
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Tradutor) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2024-09-05]
CHR Extension: (Kaspersky Protection) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2025-10-02]
CHR Extension: (uBlock Origin Lite) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkjiahejlhfcafbddmgiahcphecmpfh [2025-10-07]
CHR Extension: (Tampermonkey) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2025-10-08]
CHR Extension: (WA Web Plus by Elbruz Technologies) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekcgkejcjdcmonfpmnljobemcbpnkamh [2025-09-22]
CHR Extension: (baixador de vídeo - CocoCut) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhbcipncbkfpkaianbjbcbmfehjflpf [2025-09-16]
CHR Extension: (Documentos Google off-line) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-16]
CHR Extension: (ChatGPT para PDF) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiiildgldbpfbegcfgemoliikibfhaeh [2025-09-25]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-28]
CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2025-09-16]
CHR Profile: C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\System Profile [2024-12-06]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 CCleaner7; C:\Program Files\Piriform\CCleaner 7\CCleaner_service.exe [28280440 2025-10-07] (Gen Digital Inc. -> Gen Digital Inc.)
R2 FoxitReaderUpdateService; C:\Program Files\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [3069024 2025-07-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 GameInputRedistService; C:\Program Files\Microsoft GameInput\x64\GameInputRedistService.exe [137616 2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9441760 2024-12-07] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-12-07] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.25080.5-0\MpDefenderCoreService.exe [2009656 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2025-08-06] (Realtek Semiconductor Corp -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [803064 2025-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 ucldr_mirm_gl; C:\Program Files\Common Files\Wellbia.com\ucldr_mirm_gl.exe [5551144 2023-01-30] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S4 ucldr_MirTrilogy4_GL; C:\Program Files\Common Files\UNCHEATER\ucldr_MirTrilogy4_GL.exe [6705392 2022-03-30] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R2 Warsaw Technology; C:\Program Files\Topaz OFD\Warsaw\core.exe [999736 2024-05-08] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.25080.5-0\NisSrv.exe [4414464 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WifiAutoInstallSrv; C:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exe [124864 2017-07-31] (Realtek Semiconductor Corp. -> Realtek)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.25080.5-0\MsMpEng.exe [282480 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [63096 2022-02-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2014-07-30] (ASROCK Incorporation -> ASRock Inc.)
S3 AxtuDrv; C:\WINDOWS\SysWOW64\Drivers\AxtuDrv.sys [21768 2022-04-12] (ASROCK Incorporation -> RW-Everything)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [394272 2025-07-09] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [333216 2025-10-08] (Microsoft Windows -> Microsoft Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [21208 2022-12-26] (北京铠信神州科技有限责任公司 -> )
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2021-03-26] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2021-03-26] (MiniTool Solution Ltd -> )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [12433696 2025-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2025-04-22] (IObit Information Technology -> IObit)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20880 2025-10-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [627104 2025-10-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [102816 2025-10-08] (Microsoft Windows -> Microsoft Corporation)
R2 WiseFs; C:\WINDOWS\WiseFs64.sys [50928 2025-09-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [45552 2025-10-08] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [54776 2025-06-09] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [59904 2025-10-08] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [54272 2025-06-02] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [1432232 2023-03-12] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X] <==== ATTENTION
S3 iobit_monitor_server2021; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-10-09 07:02 - 2025-10-09 07:03 - 000057572 _____ C:\Users\Retrogamer87 SSD\Desktop\Addition.txt
2025-10-09 06:59 - 2025-10-09 07:07 - 000027888 _____ C:\Users\Retrogamer87 SSD\Desktop\FRST.txt
2025-10-09 06:52 - 2025-10-09 06:56 - 000000521 _____ C:\Users\Retrogamer87 SSD\Desktop\Search.txt
2025-10-08 21:10 - 2025-10-08 21:10 - 002442752 _____ (Farbar) C:\Users\Retrogamer87 SSD\Desktop\FRST64english.exe
2025-10-08 12:05 - 2025-10-08 12:06 - 000987293 _____ C:\Users\Retrogamer87 SSD\Downloads\guias aurivania.pdf
2025-10-08 10:05 - 2025-10-08 10:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\RapidCRC
2025-10-07 20:40 - 2025-10-07 20:40 - 000000000 ___RD C:\Users\Retrogamer87 SSD\Proton Drive
2025-10-07 20:37 - 2025-10-07 20:37 - 000487317 _____ C:\Users\Retrogamer87 SSD\Downloads\proton-recovery-kit.pdf
2025-10-07 10:27 - 2025-10-07 10:28 - 495697853 _____ C:\Users\Retrogamer87 SSD\Desktop\Digerati.rar
2025-10-07 10:18 - 2025-10-07 13:40 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\JAM Software
2025-10-07 08:04 - 2025-10-07 08:04 - 000002158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 7.lnk
2025-10-07 08:04 - 2025-10-07 08:04 - 000002146 _____ C:\Users\Public\Desktop\CCleaner 7.lnk
2025-10-07 08:04 - 2025-10-07 08:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Piriform
2025-10-07 08:04 - 2025-10-07 08:04 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\CCleaner
2025-10-07 08:03 - 2025-10-07 08:03 - 000055064 _____ (Gen Digital Inc.) C:\WINDOWS\system32\icarus_rvrt.exe
2025-10-07 08:03 - 2025-10-07 08:03 - 000000000 ____D C:\Program Files\Piriform
2025-10-07 08:03 - 2025-10-07 08:03 - 000000000 ____D C:\Program Files\Common Files\Piriform
2025-10-06 14:25 - 2025-10-06 14:26 - 000069460 _____ C:\Users\Retrogamer87 SSD\Downloads\maria tia.ogg
2025-10-04 12:40 - 2025-10-04 12:40 - 000002516 _____ C:\Users\Retrogamer87 SSD\Desktop\balenaEtcher.lnk
2025-10-04 12:39 - 2025-10-04 12:40 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\balena_etcher
2025-10-04 12:27 - 2025-10-04 12:27 - 000000000 ____D C:\Program Files\TeraCopy
2025-10-03 20:20 - 2025-10-03 20:20 - 000000000 ___HD C:\$Windows.~WS
2025-10-03 19:52 - 2025-10-04 12:27 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\TeraCopy
2025-10-03 19:52 - 2025-10-03 19:52 - 000000000 ___HD C:\Users\Retrogamer87 SSD\AppData\Roaming\Obsidium x64
2025-10-03 19:52 - 2025-10-03 19:52 - 000000000 ___HD C:\Users\Retrogamer87 SSD\.obs64
2025-10-03 19:52 - 2025-10-03 19:52 - 000000000 ____D C:\ProgramData\Code Sector
2025-10-03 19:52 - 2025-10-03 19:52 - 000000000 ____D C:\ProgramData\Caphyon
2025-09-25 19:48 - 2025-09-29 12:26 - 000000000 ____D C:\ESD
2025-09-22 08:58 - 2025-09-22 08:58 - 000000000 ____D C:\ProgramData\CPUID Software
2025-09-19 20:17 - 2025-09-19 20:17 - 000936918 _____ C:\Users\Retrogamer87 SSD\Downloads\EP-AX1672_Instruction Manual _ English.pdf
2025-09-19 20:15 - 2025-09-19 20:15 - 000394470 _____ C:\Users\Retrogamer87 SSD\Downloads\EP-AX1672_Datasheet.pdf
2025-09-16 20:35 - 2025-10-01 12:18 - 000000000 ____D C:\Users\Retrogamer87 SSD\Downloads\HDs Externos 2025
2025-09-16 14:04 - 2025-09-16 14:04 - 009616736 _____ (Malwarebytes) C:\Users\Retrogamer87 SSD\Desktop\adwcleaner(1).exe
2025-09-13 20:27 - 2025-09-13 20:27 - 000001110 _____ C:\Users\Retrogamer87 SSD\Desktop\Telegram.lnk
2025-09-13 20:26 - 2025-09-13 20:26 - 000001287 _____ C:\Users\Public\Desktop\Wise Folder Hider.lnk
2025-09-13 20:26 - 2025-09-13 20:26 - 000000000 ____D C:\Program Files\Windows Kits
2025-09-13 20:26 - 2025-09-13 20:26 - 000000000 ____D C:\Program Files\Microsoft GameInput
2025-09-13 20:25 - 2025-09-16 14:20 - 000002528 _____ C:\WINDOWS\system32\Tasks\SmartDefrag_Update
2025-09-13 20:25 - 2025-09-13 20:25 - 000001235 _____ C:\Users\Public\Desktop\Smart Defrag 11.lnk
2025-09-13 20:25 - 2025-04-22 13:14 - 000178960 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2025-09-13 20:25 - 2025-04-22 13:14 - 000030744 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2025-09-13 20:23 - 2025-09-13 20:23 - 000001147 _____ C:\Users\Public\Desktop\Foxit PDF Reader.lnk
2025-09-13 20:23 - 2025-09-13 20:23 - 000000000 ____D C:\Users\Public\Documents\Foxit Software
2025-09-13 20:23 - 2025-09-13 20:23 - 000000000 ____D C:\Program Files\Foxit Software
2025-09-13 20:23 - 2025-09-13 20:23 - 000000000 ____D C:\Program Files\Common Files\Foxit
2025-09-13 20:21 - 2025-09-16 14:20 - 000002856 _____ C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Retrogamer87 SSD)
2025-09-13 20:21 - 2025-09-13 20:21 - 000002364 _____ C:\Users\Public\Desktop\Driver Booster 12.lnk
2025-09-13 20:21 - 2025-09-13 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 12
2025-09-13 20:20 - 2025-09-13 20:20 - 000001743 _____ C:\Users\Retrogamer87 SSD\Desktop\MPC-HC x64.lnk
2025-09-13 20:20 - 2025-09-13 20:20 - 000001252 _____ C:\Users\Retrogamer87 SSD\Desktop\AIDA64 Extreme.lnk
2025-09-13 20:20 - 2025-07-28 06:26 - 000667856 _____ (Alexander Roshal) C:\Program Files (x86)\RarExt.dll
2025-09-13 20:20 - 2025-07-28 06:26 - 000555728 _____ (Alexander Roshal) C:\Program Files (x86)\RarExt32.dll
2025-09-13 20:20 - 2024-11-17 19:08 - 000208504 _____ C:\Program Files (x86)\winrar.lng
2025-09-13 20:20 - 2024-11-14 18:51 - 000062864 _____ C:\Program Files (x86)\rar.lng
2025-09-13 20:20 - 2024-11-11 08:41 - 000016126 _____ C:\Program Files (x86)\uninstall.lng
2025-09-13 20:20 - 2023-11-23 17:24 - 000015144 _____ C:\Program Files (x86)\sfx.lng
2025-09-13 20:20 - 2023-01-23 12:13 - 000006370 _____ C:\Program Files (x86)\rarext.lng
2025-09-13 20:19 - 2025-09-13 20:19 - 000001851 _____ C:\Users\Retrogamer87 SSD\Desktop\CrystalDiskMark 9.lnk
2025-09-13 20:19 - 2025-09-13 20:19 - 000001830 _____ C:\Users\Retrogamer87 SSD\Desktop\CrystalDiskInfo.lnk
2025-09-13 20:19 - 2025-09-13 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSmartControl
2025-09-13 20:19 - 2025-09-13 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskMark9
2025-09-13 20:19 - 2025-09-13 20:19 - 000000000 ____D C:\Program Files\CrystalDiskMark9
2025-09-13 20:18 - 2025-09-16 14:20 - 000003018 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper_nxt
2025-09-13 20:18 - 2025-09-13 20:18 - 000002111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2025-09-13 20:18 - 2025-09-13 20:18 - 000002099 _____ C:\Users\Public\Desktop\BlueStacks Multi-Instance Manager.lnk
2025-09-13 20:18 - 2025-09-13 20:18 - 000002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk
2025-09-13 20:18 - 2025-09-13 20:18 - 000001979 _____ C:\Users\Public\Desktop\BlueStacks 5.lnk
2025-09-13 20:18 - 2025-09-13 20:18 - 000000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2025-09-13 20:17 - 2025-09-13 20:18 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2025-09-13 20:17 - 2025-09-13 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Store
2025-09-13 20:17 - 2025-09-13 20:17 - 000000000 ____D C:\Program5
2025-09-13 20:16 - 2025-09-13 20:17 - 000000000 ____D C:\Program Files\BlueStacks_nxt
2025-09-13 16:23 - 2025-10-08 15:05 - 000059904 ____N (Topaz OFD) C:\WINDOWS\system32\Drivers\wsddpp.sys
2025-09-13 16:23 - 2025-06-09 17:11 - 000054776 _____ (Topaz OFD) C:\WINDOWS\system32\Drivers\wsddntf.sys
2025-09-13 16:23 - 2025-06-02 11:12 - 000054272 ____N (Topaz OFD) C:\WINDOWS\system32\Drivers\wsddprm.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-10-09 07:07 - 2021-01-04 13:08 - 000000000 ____D C:\FRST
2025-10-09 06:44 - 2025-02-10 09:36 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\ChomikBox
2025-10-09 06:37 - 2023-09-02 14:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-10-09 04:10 - 2023-05-05 09:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-10-08 22:34 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-10-08 22:34 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-10-08 21:17 - 2024-12-08 15:22 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\secure
2025-10-08 15:48 - 2022-03-28 15:35 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\D3DSCache
2025-10-08 15:34 - 2025-02-12 16:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\Downloads\HDD 2.5
2025-10-08 15:11 - 2025-02-10 09:36 - 000000000 ____D C:\Users\Retrogamer87 SSD\.gstreamer-0.10
2025-10-08 15:10 - 2023-09-02 14:45 - 001741824 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-10-08 15:10 - 2019-12-07 11:53 - 000752436 _____ C:\WINDOWS\system32\prfh0416.dat
2025-10-08 15:10 - 2019-12-07 11:53 - 000148550 _____ C:\WINDOWS\system32\prfc0416.dat
2025-10-08 15:10 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF
2025-10-08 15:05 - 2023-09-02 14:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-10-08 15:05 - 2023-01-03 13:17 - 000045552 _____ (Topaz OFD) C:\WINDOWS\system32\Drivers\wsddfac.sys
2025-10-08 15:05 - 2020-11-13 07:42 - 000008192 ___SH C:\DumpStack.log.tmp
2025-10-08 15:04 - 2022-03-29 07:56 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2025-10-08 15:04 - 2022-03-28 15:54 - 000001154 ___SH C:\WINDOWS\wisefs.dat
2025-10-08 15:04 - 2019-12-07 06:03 - 000131072 _____ C:\WINDOWS\system32\config\BBI
2025-10-08 13:29 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-10-08 12:36 - 2022-03-28 15:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-10-08 12:36 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Windows Defender
2025-10-08 12:36 - 2019-12-07 06:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2025-10-08 12:34 - 2022-06-11 12:54 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2025-10-08 12:34 - 2019-12-07 06:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-10-08 12:33 - 2022-03-28 16:10 - 000000000 ____D C:\Program Files\Common Files\AV
2025-10-08 10:10 - 2022-09-17 20:42 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\vlc
2025-10-07 21:57 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-10-07 20:40 - 2023-09-02 14:38 - 000000000 ____D C:\Users\Retrogamer87 SSD
2025-10-07 20:28 - 2025-02-01 17:45 - 000001636 _____ C:\ProgramData\pdinst.ini
2025-10-07 18:14 - 2025-02-15 16:31 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Stella
2025-10-07 10:24 - 2021-12-14 13:25 - 000000000 ____D C:\Users\Retrogamer87 SSD\Desktop\Firmwares e OPL
2025-10-07 10:22 - 2022-12-26 09:47 - 000000000 ____D C:\Users\Retrogamer87 SSD\Desktop\drive
2025-10-07 09:28 - 2022-03-28 16:30 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2025-10-07 08:17 - 2022-03-30 07:27 - 000000000 ____D C:\ProgramData\ProductData
2025-10-07 08:17 - 2022-03-30 07:25 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\IObit
2025-10-07 08:17 - 2022-03-30 07:25 - 000000000 ____D C:\ProgramData\IObit
2025-10-07 08:06 - 2022-05-28 16:30 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\MPC-HC
2025-10-07 08:06 - 2022-04-30 13:35 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\CrashDumps
2025-10-07 08:03 - 2022-07-19 06:03 - 000000000 ____D C:\ProgramData\Piriform
2025-10-07 08:03 - 2022-03-28 16:57 - 000000000 ____D C:\Program Files\CCleaner
2025-10-07 08:02 - 2020-09-29 08:38 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-10-07 08:02 - 2020-09-29 08:38 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-10-06 12:45 - 2025-03-03 07:38 - 000003750 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{49527EF5-0EFA-43FF-8BEC-352339B1F95D}
2025-10-06 12:45 - 2025-03-03 07:38 - 000003624 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{10120E63-E937-48DB-8B1A-1B3D19E10AA9}
2025-10-05 23:13 - 2023-10-26 17:26 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2025-10-04 16:47 - 2020-11-11 20:31 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-10-04 16:47 - 2020-11-11 20:31 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-10-04 12:41 - 2025-03-08 17:07 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\balenaEtcher
2025-10-04 12:40 - 2025-03-08 17:07 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balena Ltd
2025-10-04 12:40 - 2025-03-08 17:06 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\SquirrelTemp
2025-10-03 15:59 - 2023-10-16 20:39 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\Malwarebytes
2025-10-03 09:14 - 2022-07-27 17:28 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\qBittorrent
2025-09-27 16:29 - 2022-03-29 14:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\AMD_Common
2025-09-26 21:43 - 2024-06-15 21:37 - 000000000 ____D C:\WINDOWS\system32\compatrel
2025-09-26 21:43 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\Provisioning
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-09-26 21:38 - 2023-09-02 14:41 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-09-19 14:52 - 2025-01-15 13:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\LaunchBox
2025-09-19 14:50 - 2024-05-22 16:31 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2025-09-17 16:51 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2025-09-17 16:20 - 2023-10-18 06:02 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2025-09-16 20:50 - 2024-12-08 15:00 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\JDownloader 2.0
2025-09-16 14:08 - 2023-09-02 14:37 - 000270248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-09-16 07:07 - 2022-03-28 17:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-09-16 07:03 - 2022-03-28 17:18 - 223939376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-09-13 20:31 - 2022-03-28 15:54 - 000050928 _____ C:\WINDOWS\WiseFs64.sys
2025-09-13 20:27 - 2023-12-09 09:39 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Telegram Desktop
2025-09-13 20:27 - 2021-07-26 08:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2025-09-13 20:26 - 2022-03-29 13:58 - 000000000 ____D C:\ProgramData\Package Cache
2025-09-13 20:26 - 2020-09-30 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Folder Hider
2025-09-13 20:25 - 2024-09-22 06:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2025-09-13 20:23 - 2022-03-28 16:02 - 000000000 ____D C:\Users\Public\Foxit Software
2025-09-13 20:23 - 2021-11-04 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Reader
2025-09-13 20:21 - 2025-02-01 17:46 - 000000000 ____D C:\ProgramData\ProductData3
2025-09-13 20:20 - 2023-10-30 20:44 - 000001101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2025-09-13 20:20 - 2023-10-30 20:44 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-09-13 20:20 - 2023-10-30 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-09-13 20:20 - 2022-05-28 16:29 - 000000000 ____D C:\Program Files\MPC-HC
2025-09-13 20:20 - 2021-04-28 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2025-09-13 20:19 - 2023-10-27 09:56 - 000000000 ____D C:\Program Files\GSmartControl
2025-09-13 20:19 - 2023-10-26 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2025-09-13 20:16 - 2022-04-20 10:16 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\BlueStacks
==================== Files in the root of some directories ========
2023-06-07 06:02 - 2023-06-07 06:02 - 000032768 _____ () C:\Program Files\LICENSE.txt
2023-06-07 06:04 - 2023-06-07 06:04 - 001493018 _____ () C:\Program Files\NEWS.txt
2023-06-07 06:01 - 2023-06-07 06:01 - 000103192 _____ (Python Software Foundation) C:\Program Files\python.exe
2023-06-07 06:01 - 2023-06-07 06:01 - 000067352 _____ (Python Software Foundation) C:\Program Files\python3.dll
2023-06-07 06:01 - 2023-06-07 06:01 - 005762840 _____ (Python Software Foundation) C:\Program Files\python311.dll
2023-06-07 06:01 - 2023-06-07 06:01 - 000101656 _____ (Python Software Foundation) C:\Program Files\pythonw.exe
2023-06-07 06:02 - 2023-06-07 06:02 - 000109392 _____ (Microsoft Corporation) C:\Program Files\vcruntime140.dll
2023-06-07 06:02 - 2023-06-07 06:02 - 000049520 _____ (Microsoft Corporation) C:\Program Files\vcruntime140_1.dll
2023-10-30 20:44 - 2025-07-24 07:34 - 000228048 _____ (Igor Pavlov) C:\Program Files (x86)\7zxa.dll
2023-10-30 20:44 - 2025-07-24 17:48 - 000497448 _____ () C:\Program Files (x86)\Default.SFX
2024-10-02 12:23 - 2025-07-24 17:48 - 000402216 _____ () C:\Program Files (x86)\Default32.SFX
2023-10-30 20:44 - 2023-09-18 10:26 - 000399870 _____ () C:\Program Files (x86)\Default64.SFX
2023-10-30 20:44 - 2024-11-10 23:17 - 000001892 _____ () C:\Program Files (x86)\Descript.ion
2023-10-30 20:44 - 2014-06-11 08:45 - 000007435 _____ () C:\Program Files (x86)\License.txt
2023-10-30 20:44 - 2025-03-25 00:30 - 000003927 _____ () C:\Program Files (x86)\Order.htm
2023-10-30 20:44 - 2025-07-28 06:26 - 000835792 _____ (Alexander Roshal) C:\Program Files (x86)\Rar.exe
2025-09-13 20:20 - 2024-11-14 18:51 - 000062864 _____ () C:\Program Files (x86)\rar.lng
2023-10-30 20:44 - 2025-03-25 00:35 - 000125942 _____ () C:\Program Files (x86)\Rar.txt
2025-09-13 20:20 - 2025-07-28 06:26 - 000667856 _____ (Alexander Roshal) C:\Program Files (x86)\RarExt.dll
2025-09-13 20:20 - 2023-01-23 12:13 - 000006370 _____ () C:\Program Files (x86)\rarext.lng
2025-09-13 20:20 - 2025-07-28 06:26 - 000555728 _____ (Alexander Roshal) C:\Program Files (x86)\RarExt32.dll
2023-10-30 20:44 - 2025-07-28 06:26 - 000223952 _____ (Alexander Roshal) C:\Program Files (x86)\RarExtInstaller.exe
2023-10-30 20:44 - 2021-08-17 15:32 - 000001190 _____ () C:\Program Files (x86)\RarExtInstaller.exe.manifest
2023-10-30 20:44 - 2021-10-21 13:36 - 000002183 _____ () C:\Program Files (x86)\RarExtLogo.altform-unplated_targetsize-32.png
2023-10-30 20:44 - 2021-10-21 13:36 - 000004179 _____ () C:\Program Files (x86)\RarExtLogo.altform-unplated_targetsize-48.png
2023-10-30 20:44 - 2021-10-21 14:54 - 000006234 _____ () C:\Program Files (x86)\RarExtLogo.altform-unplated_targetsize-64.png
2023-10-30 20:44 - 2025-07-28 06:25 - 000024444 _____ () C:\Program Files (x86)\RarExtPackage.msix
2023-10-30 20:44 - 2023-11-23 17:30 - 000001430 _____ () C:\Program Files (x86)\RarFiles.lst
2023-10-30 20:44 - 2023-10-30 20:44 - 000000024 _____ () C:\Program Files (x86)\rarnew.dat
2023-10-30 20:44 - 2021-11-16 08:19 - 000001485 _____ () C:\Program Files (x86)\ReadMe.txt
2023-10-30 20:44 - 2025-02-26 05:39 - 000001640 _____ () C:\Program Files (x86)\Resources.pri
2025-09-13 20:20 - 2023-11-23 17:24 - 000015144 _____ () C:\Program Files (x86)\sfx.lng
2023-10-30 20:44 - 2025-07-28 06:26 - 000412368 _____ (Alexander Roshal) C:\Program Files (x86)\Uninstall.exe
2025-09-13 20:20 - 2024-11-11 08:41 - 000016126 _____ () C:\Program Files (x86)\uninstall.lng
2023-10-30 20:44 - 2023-11-23 16:42 - 000000793 _____ () C:\Program Files (x86)\Uninstall.lst
2023-10-30 20:44 - 2025-07-28 06:26 - 000561872 _____ (Alexander Roshal) C:\Program Files (x86)\UnRAR.exe
2022-03-28 15:50 - 2006-04-14 18:54 - 000000157 _____ () C:\Program Files (x86)\UnrarSrc.txt
2023-10-30 20:44 - 2025-07-28 06:22 - 000057844 _____ () C:\Program Files (x86)\WhatsNew.txt
2023-10-30 20:44 - 2025-07-24 17:49 - 000487312 _____ (Alexander Roshal) C:\Program Files (x86)\WinCon.SFX
2024-10-02 12:23 - 2025-07-24 17:49 - 000404880 _____ (Alexander Roshal) C:\Program Files (x86)\WinCon32.SFX
2023-10-30 20:44 - 2023-09-18 10:27 - 000414828 _____ (Alexander Roshal) C:\Program Files (x86)\WinCon64.SFX
2023-10-30 20:44 - 2025-03-25 00:26 - 002520782 _____ () C:\Program Files (x86)\WinRAR.chm
2023-10-30 20:44 - 2025-07-28 06:26 - 003412176 _____ (Alexander Roshal) C:\Program Files (x86)\WinRAR.exe
2025-09-13 20:20 - 2024-11-17 19:08 - 000208504 _____ () C:\Program Files (x86)\winrar.lng
2023-10-30 20:44 - 2025-07-24 17:48 - 000858408 _____ () C:\Program Files (x86)\Zip.SFX
2024-10-02 12:23 - 2025-07-24 15:40 - 000349184 _____ () C:\Program Files (x86)\Zip32.SFX
2023-10-30 20:44 - 2023-09-18 10:26 - 000337406 _____ () C:\Program Files (x86)\Zip64.SFX
2023-10-30 20:44 - 2023-10-30 20:44 - 000000022 _____ () C:\Program Files (x86)\zipnew.dat
2023-11-18 20:35 - 2023-11-18 20:35 - 000000018 _____ () C:\Users\Retrogamer87 SSD\AppData\Roaming\.cache9050425797200915815.dat
2022-04-01 13:59 - 2022-04-01 13:59 - 000000068 _____ () C:\Users\Retrogamer87 SSD\AppData\Roaming\changzhi_leidian.data
2022-04-01 13:59 - 2022-04-01 13:59 - 000000050 _____ () C:\Users\Retrogamer87 SSD\AppData\Roaming\changzhi_leidianmac.data
2022-10-24 10:35 - 2022-10-24 10:35 - 000000064 _____ () C:\Users\Retrogamer87 SSD\AppData\Roaming\changzhi_mplayer.data
2023-11-03 22:48 - 2023-11-03 22:48 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\llftool.4.40.agreement
2025-02-15 13:57 - 2025-02-15 13:57 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\llftool.4.50.agreement
2023-09-21 05:40 - 2023-09-21 05:40 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\RawCopy.1.10.agreement
2023-09-21 05:47 - 2023-09-21 12:25 - 000000003 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\RawCopy.savedialog.dir
2023-09-21 05:47 - 2023-09-21 12:25 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\RawCopy.savedialog.filterindex
2023-09-21 05:40 - 2023-09-21 12:25 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\RawCopy.sourcedisk.index
==================== FCheck ================================
(If an entry is included in the fixlist, the file/folder will be moved.)
FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2022-08-31] <==== ATTENTION (zero byte File/Folder)
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2025
Ran by Retrogamer87 SSD (09-10-2025 07:09:02)
Running from C:\Users\Retrogamer87 SSD\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.6396 (X64) (2023-09-02 17:44:54)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrador (S-1-5-21-2307758842-2925553095-3651173823-500 - Administrator - Disabled)
Convidado (S-1-5-21-2307758842-2925553095-3651173823-501 - Limited - Enabled)
DefaultAccount (S-1-5-21-2307758842-2925553095-3651173823-503 - Limited - Disabled)
Retrogamer87 SSD (S-1-5-21-2307758842-2925553095-3651173823-1001 - Administrator - Enabled) => C:\Users\Retrogamer87 SSD
WDAGUtilityAccount (S-1-5-21-2307758842-2925553095-3651173823-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky (Disabled - Up to date) {70E35457-C7D9-669C-FEA5-55382EABDC78}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 25.01 (x64) (HKLM\...\7-Zip) (Version: 25.01 - Igor Pavlov)
AIDA64 Extreme v7.70 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 7.70 - FinalWire Ltd.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.6.1 - Advanced Micro Devices, Inc.)
ASRock eXtreme Tuner v0.1.434 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: 0.1.434 - ASRock Inc.)
ASRock XFast RAM v2.0.29 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)
aTube Catcher versão 10.10.0 (HKLM\...\{363C8C67-92B1-4FC9-BEC0-F5F197EFA07E}_is1) (Version: 10.10.0 - DsNET Corp. - Diego Uscanga)
balenaEtcher (HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\balena_etcher) (Version: 2.1.4 - Balena Ltd. <hello@balena.io>)
BlueStacks (HKLM\...\BlueStacks_nxt) (Version: 5.22.91.1029 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\BlueStacksServices) (Version: 3.0.9 - now.gg, Inc.)
Branding64 (HKLM\...\{0DB6E0DC-607A-42C1-A3CE-7567A9F85AF4}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
By Click Downloader (HKLM-x32\...\{8BB08C18-6BB5-4CF0-88AB-EA64B9F8992E}) (Version: 2.4.6 - ByClick) Hidden
CCleaner 7 (HKLM\...\CCleaner 7) (Version: 7.0.984.1153 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
ChomikBox (HKLM-x32\...\{8E4185CC-4FF3-46B9-A4DB-5B850B71ABC4}) (Version: 2.0.8.2 - Chomikuj.pl)
CPUID HWMonitor 1.59 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.59 - CPUID, Inc.)
CrystalDiskInfo 9.7.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.7.2 - Crystal Dew World)
CrystalDiskMark 8.0.4c (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.4c - Crystal Dew World)
CrystalDiskMark 9.0.1 (HKLM\...\CrystalDiskMark9_is1) (Version: 9.0.1 - Crystal Dew World)
DiskFresh 1.1 (HKLM\...\DiskFresh_is1) (Version: - Puran Software)
DownloadHelper CoApp (HKLM-x32\...\DownloadHelper CoApp) (Version: 2.0.19.0 - ACLAP)
Driver Booster 12 (HKLM-x32\...\Driver Booster_is1) (Version: 12.6.0 - IObit)
ENE_QSI_Loki_HAL (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
ENE_QSI_Loki_HAL (HKLM-x32\...\{205ef3a8-937b-43cb-90fc-2f58f71408d8}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
Foxit PDF Reader (HKLM\...\{01a75e1e-7567-11f0-b81f-54bf64a63c26}) (Version: 2025.2.0.33046 - Foxit Software Inc.) Hidden
Foxit PDF Reader (HKLM-x32\...\{07076c18-fbda-44e6-81c4-4bf87112af2a}) (Version: 2025.2.0.33046 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 141.0.7390.55 - Google LLC)
GSmartControl (HKLM\...\GSmartControl) (Version: 1.1.4 - Alexander Shaduri)
GSmartControl (HKLM-x32\...\gsmartcontrol) (Version: 2.0.2 - Alexander Shaduri)
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HP Deskjet 1510 series Software básico do dispositivo (HKLM\...\{4F67DA9C-821A-42EA-A23A-AF980EA17E7F}) (Version: 32.4.118.94128 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0.1 - AppWork GmbH)
Malwarebytes version 5.2.3.156 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.3.156 - Malwarebytes)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.17 (x86) (HKLM-x32\...\{54DE7EA9-E391-4BD2-A373-3A72A18EBDB5}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.36 (x86) (HKLM-x32\...\{FBC9D6AE-6396-4FC7-BC18-00852836F16D}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.20 (x64) (HKLM\...\{EE5EB03B-D65C-4991-848E-2C6E024326DB}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x86) (HKLM-x32\...\{AF01038B-6523-4EA7-9D9E-4F1E2927D88B}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.36 (x86) (HKLM-x32\...\{6F73FE7B-B9C3-4A05-8138-0E44543D755F}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.20 (x64) (HKLM\...\{B0FC828F-678C-4868-9B5B-99639758E6F3}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{59650A2A-3839-46EC-9D9C-6B3B1C743C55}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.36 (x86) (HKLM-x32\...\{89C09E22-01D0-41F6-BAD3-CA0A8B74AD22}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.20 (x64) (HKLM\...\{221BB52A-B763-4C9D-AA62-4B0B6C9AAD62}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 141.0.3537.57 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 141.0.3537.57 - Microsoft Corporation) Hidden
Microsoft GameInput (HKLM\...\{64D0CCB1-329E-D507-0886-47E53D59AE21}) (Version: 10.1.26100.6106 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35211 (HKLM-x32\...\{d8bbe9f9-7c5b-42c6-b715-9ee898a2e515}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.44.35211 (HKLM-x32\...\{0b5169e3-39da-4313-808e-1f9c0407f3bf}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.44.35211 (HKLM\...\{86AB2CC9-08BD-4643-B0F9-F82D006D72FF}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.44.35211 (HKLM\...\{43B0D101-A022-48F4-9D04-BA404CEB1D53}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.44.35211 (HKLM-x32\...\{C18FB403-1E88-43C8-AD8A-CED50F23DE8B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.44.35211 (HKLM-x32\...\{922480B5-CAEB-4B1B-AAA4-9716EFDCE26B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM\...\{5BEE5F3E-4D78-4DE8-A8F3-36D3E9D8868C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM-x32\...\{0eddeab6-01c1-4cf7-83ba-164ea8974c90}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{098c6ff7-1af1-4c4a-b86f-c60608c98e31}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{0D02D706-44F2-4957-A448-E7259A0B56B9}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x86) (HKLM-x32\...\{9A00C541-6944-4969-9DFE-A7289215800D}) (Version: 48.144.23186 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x86) (HKLM-x32\...\{c37854d7-1852-4785-82ff-86ff988e4caf}) (Version: 6.0.36.34217 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.20 (x64) (HKLM\...\{72C29BED-666F-4E5E-BC49-DF44C890742E}) (Version: 56.80.15245 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.20 (x64) (HKLM-x32\...\{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}) (Version: 7.0.20.33720 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 12.9 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.9 - MiniTool Software Limited)
MPC-HC 2.5.2 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 2.5.2 - MPC-HC Team)
OnScreen Control (HKLM-x32\...\{E5C1B339-0E4E-49A5-859E-5E1DE1938706}) (Version: 8.26.0 - LG Electronics Inc)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 5.0.2 - The qBittorrent project)
QuickMemoryTestOK (HKLM\...\QuickMemoryTestOK) (Version: - com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7560 - Realtek Semiconductor Corp.)
RetroArch (HKLM-x32\...\RetroArch) (Version: 1.21.0.0 - Libretro)
SD Card Formatter (HKLM-x32\...\{D02212EA-E02A-4521-9036-5367734FC66E}) (Version: 5.0.2 - SD Association)
SeaTools (HKLM-x32\...\SeaTools 5.1.182) (Version: 5.1.182 - Seagate)
Smart Defrag 11 (HKLM-x32\...\Smart Defrag_is1) (Version: 11.0.0.454 - IObit)
Speccy (HKLM\...\Speccy) (Version: 1.33 - Piriform)
Telegram Desktop (HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 6.1.3 - Telegram FZ-LLC)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation)
Verificação de integridade do PC Windows (HKLM\...\{2403B2D2-1FDC-497D-B181-F53D079FEAAA}) (Version: 3.6.2204.08001 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
Warsaw 2.50.0.13 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.50.0.13 - Topaz)
WifiAutoInstall version 2.0.0.8 (HKLM\...\{BBADB2D6-0408-42D0-AAF8-B79D3E8B994C}_is1) (Version: 2.0.0.8 - Realtek, Inc.)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
WinRAR 7.13 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.13.0 - win.rar GmbH)
Wise Folder Hider (HKLM-x32\...\Wise Folder Hider_is1) (Version: 5.0.9 - Lespeed Technology Co., Ltd.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => -> No File
ContextMenuHandlers1: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => -> No File
ContextMenuHandlers1: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => -> No File
ContextMenuHandlers1: [Kaspersky Standard 21.18] -> {2962565E-CA75-4BF1-B282-AE912144D3DA} => -> No File
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2025-04-22] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\rarext.dll [2025-07-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\rarext32.dll [2025-07-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => -> No File
ContextMenuHandlers2: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => -> No File
ContextMenuHandlers2: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => -> No File
ContextMenuHandlers2: [Kaspersky Standard 21.18] -> {2962565E-CA75-4BF1-B282-AE912144D3DA} => -> No File
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-12-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => -> No File
ContextMenuHandlers4: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => -> No File
ContextMenuHandlers4: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => -> No File
ContextMenuHandlers4: [Kaspersky Standard 21.18] -> {2962565E-CA75-4BF1-B282-AE912144D3DA} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-08-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => -> No File
ContextMenuHandlers6: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => -> No File
ContextMenuHandlers6: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => -> No File
ContextMenuHandlers6: [Kaspersky Standard 21.18] -> {2962565E-CA75-4BF1-B282-AE912144D3DA} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-12-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2025-04-22] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\rarext.dll [2025-07-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\rarext32.dll [2025-07-28] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000057856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\audio\qtaudio_windows.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000735232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000120832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000480256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5RemoteObjects.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000262144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [6962]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aDXs4 [3506]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddpp.sys:TWluaml1 [4310]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [6962]
AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [6962]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [6962]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 06:14 - 2024-09-29 19:55 - 000001342 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 easeus.com
127.0.0.1 www.easeus.com
127.0.0.1 activation.easeus.com
127.0.0.1 easeus.com.cn
127.0.0.1 www.easeus.com.cn
127.0.0.1 track.easeus.com
127.0.0.1 track.easeus.com.cn
127.0.0.1 api.easeus.com
127.0.0.1 update.easeus.com
127.0.0.1 map2.hwcdn.net
127.0.0.1 easeusinfo.us-east-1.log.aliyuncs.com
127.0.0.1 aaa100cd68bbe03f3.awsglobalaccelerator.com
127.0.0.1 uompro.easeus.com
127.0.0.1 order.easeus.com
127.0.0.1 curl.haxx.se
127.0.0.1 buy.easeus.com
127.0.0.1 v2api-uoss.easeus.com
==================== Network ===========================
(Currently there is no automatic fix for this section.)
DNS Servers: 177.37.220.17 - 177.37.220.18
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Wi-Fi: Realtek 8811CU Wireless LAN 802.11ac USB NIC -> rtwlanu.sys
nt_wsddntf: Topaz OFD Network Monitor
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Smart Projects\IsoBuster;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\;C:\Program Files\dotnet\
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\DesktopSpotlight\Assets\Images\image_1.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\Retrogamer87 SSD\Desktop\FRST64.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\Retrogamer87 SSD\Desktop\FRST64english.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\C:\Users\Retrogamer87 SSD\AppData\Roaming\secure\QtWebKit4.dll
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\C:\Users\Retrogamer87 SSD\Desktop\FRST64.exe
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AMD Crash Defender Service => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: CCleanerPerformanceOptimizerService => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: GameInput Service => 2
MSCONFIG\Services: GameInputSvc => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: GoogleUpdaterInternalService140.0.7273.0 => 2
MSCONFIG\Services: GoogleUpdaterService140.0.7273.0 => 2
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ucldr_mirm_gl => 3
MSCONFIG\Services: ucldr_MirTrilogy4_GL => 3
HKLM\...\StartupApproved\StartupFolder: => "~D Realtek.tmp"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Opera Browser Assistant"
HKLM\...\StartupApproved\Run: => "Reader_Sl"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "OnScreen Control"
HKLM\...\StartupApproved\Run32: => "Reader_Sl"
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_8EEAEEB46E33F9779E13CFEFDF016B9D"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{6A1A66FE-412F-4DE3-9801-FCE1E3250654}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{067B001C-5CE5-4C43-B391-C900B4A0B458}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{A36AC2FC-FF2E-4599-BDCC-BF81F8AC25CA}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{15B2B610-297A-46B3-970A-4BC5C9772622}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{BD6BF039-82F4-499D-8542-EB24C7AF4C1D}] => (Allow) LPort=42305
FirewallRules: [{E5C66399-F9CC-4BF7-B27E-D396C41F6BF5}] => (Allow) LPort=20902
FirewallRules: [{F7FB7F27-44E4-4ECA-81A9-C56908A9637C}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{8E1B8727-9805-4076-941B-98AAF3B2EB53}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{6BE1F60C-E081-477E-87A0-835E425FFFD5}] => (Allow) C:\Program Files\Topaz OFD\Warsaw\core.exe (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
FirewallRules: [{C9E0EEF5-DB55-4797-A5CF-F1E2D9905E60}] => (Allow) LPort=57209
FirewallRules: [{B3ADE6DD-5094-4D97-90CC-ED8A0CB9DB04}] => (Allow) LPort=57210
FirewallRules: [{C99A2F14-DCB6-45D0-ACFC-7E4D49B4B5BB}] => (Allow) LPort=57211
FirewallRules: [{1E46FD90-E282-4D54-AE4E-FA35E776E507}] => (Allow) LPort=57212
FirewallRules: [{9B18E5E9-8016-4BCA-95A0-DE33A71C980B}] => (Allow) LPort=57213
FirewallRules: [{5059AE68-6CD8-482F-9947-DCDF78E80450}] => (Allow) LPort=57214
FirewallRules: [{F10C107E-2FC3-460C-9B72-24ADBE61B5C1}] => (Allow) LPort=57215
FirewallRules: [{B560F0EC-0EC7-419B-81ED-FF6A9B73BE48}] => (Allow) LPort=57216
FirewallRules: [{D7B4AFC3-250C-4753-BDA4-704CE9FA393E}] => (Allow) LPort=57217
FirewallRules: [{D769806C-AAF9-4EA5-8EA9-FE1A4174A759}] => (Allow) LPort=57218
FirewallRules: [{7FB7F3F5-39EF-45D8-92B9-D13D1A1D9C6D}] => (Allow) LPort=57209
FirewallRules: [{AA5FEC70-5E20-40A1-9142-F30ADA239DDD}] => (Allow) LPort=57210
FirewallRules: [{9318F053-71FF-4D71-81A3-0E1AA3EE8E97}] => (Allow) LPort=57211
FirewallRules: [{4BAF74C4-AAD9-4E61-BFCB-174755911ECA}] => (Allow) LPort=57212
FirewallRules: [{D9475071-4577-417E-9077-116182A978AC}] => (Allow) LPort=57213
FirewallRules: [{ADD4DB77-B8DE-4C71-978E-DB395323390C}] => (Allow) LPort=57214
FirewallRules: [{290893F2-6E34-402E-960A-C4F91CAFF9D0}] => (Allow) LPort=57215
FirewallRules: [{8A141AD4-F1B6-4AA6-A133-2A95F3BE1ED9}] => (Allow) LPort=57216
FirewallRules: [{8420F260-B6E9-4FC2-B9B1-E12CB2941B5B}] => (Allow) LPort=57217
FirewallRules: [{63D8635D-5B63-4AB9-9AB7-8E8CE75E83B0}] => (Allow) LPort=57218
FirewallRules: [{AE9DAE80-A1D4-4FA5-8D13-7E7C2D22CA3B}] => (Allow) LPort=23007
FirewallRules: [{0FC5F4B4-40EA-4E4F-9622-46AC24AE030A}] => (Allow) LPort=23008
FirewallRules: [{BA9CA895-3A3F-4A81-A63B-7A026A10540D}] => (Allow) LPort=33009
FirewallRules: [{78527F6F-DBFE-4557-BEF9-4CF7073DB422}] => (Allow) LPort=33010
FirewallRules: [{0ECA6733-D950-4513-9666-C16A18379EE0}] => (Allow) LPort=33011
FirewallRules: [{D514889F-7CBA-4B42-8504-EC2515EFCCE7}] => (Allow) LPort=43012
FirewallRules: [{6B610729-5A59-4D2D-A186-458C65ABDC92}] => (Allow) LPort=43013
FirewallRules: [{5178EC68-E51C-4E10-A5FA-BED072AD437C}] => (Allow) LPort=53014
FirewallRules: [{2411528E-C292-4A27-B557-57C277EA9788}] => (Allow) LPort=53015
FirewallRules: [{DD975457-949F-400A-8D0C-63E79543D8CA}] => (Allow) LPort=53016
FirewallRules: [{8A97C1E7-4B11-47D3-BBC7-8E822533A567}] => (Allow) LPort=23007
FirewallRules: [{85C5D65C-5D6B-4DAF-801C-DA284C785873}] => (Allow) LPort=23008
FirewallRules: [{C9D1A772-F964-422F-B332-98432AB0E25D}] => (Allow) LPort=33009
FirewallRules: [{C84AABC6-42CD-44A0-838F-CAA4DACCEFC1}] => (Allow) LPort=33010
FirewallRules: [{AF9D6D83-AD5D-49FD-A866-64149CD31020}] => (Allow) LPort=33011
FirewallRules: [{C5CE2CE1-74C7-4B49-BD17-4330C7A8A27E}] => (Allow) LPort=43012
FirewallRules: [{FD1C1264-278D-4887-BC14-D30D8A8AA5E2}] => (Allow) LPort=43013
FirewallRules: [{B751B608-A00A-4824-8E87-9C2AA0CD6029}] => (Allow) LPort=53014
FirewallRules: [{B6067CEB-168F-4855-A563-FCEA1DC5280D}] => (Allow) LPort=53015
FirewallRules: [{937A9C2D-C492-43DC-AD73-34EB87112342}] => (Allow) LPort=53016
FirewallRules: [{042D6D10-9718-4552-88F4-59E6CD8C9082}] => (Allow) LPort=50053
FirewallRules: [{ED9287C7-B13A-4137-BB40-393B1572BBBB}] => (Allow) LPort=50053
FirewallRules: [{EC2232BF-F603-4E4C-BB74-A28F1C5153EE}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{FF0A555D-0273-4A91-A23B-136F3FB11E2A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{E855747A-D193-4DCF-9188-2A88FDEF5114}C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{782E90EC-CA3A-4585-81CF-8E59770EC791}C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{DDDE2468-9C79-47AD-95B3-F8E923CA4B42}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{6328117D-6D83-4319-AC38-B115161D8344}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)
FirewallRules: [TCP Query User{A61B4F83-EF94-4245-90D7-FCB65147837D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{5D08058E-DB99-4F90-BB25-1F805F9A6E96}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{1C3373A2-8EEC-4310-A34E-B700237758A1}C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{7AE6C5E7-4279-46E9-B2D1-40405CDDD435}C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{4AC4C7E6-D89F-4129-8F8C-04AD71FD1914}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [UDP Query User{440DBEAB-4C5E-4DB5-91DB-F4E7E8907819}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{3FFB5E28-A0FB-4137-9EAB-330B8FEC1695}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:475.88 GB) (Free:50.64 GB) (11%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (10/08/2025 03:04:40 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007045b, O sistema está sendo desligado..
Error: (10/08/2025 03:04:40 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} e nome CEventSystem. [0x8007045b, O sistema está sendo desligado.]
Error: (10/08/2025 12:33:52 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Erro ao atualizar o status para SECURITY_PRODUCT_STATE_SNOOZED.
Error: (10/08/2025 12:33:43 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: A Central de Segurança não validou o chamador com o erro %1.
Error: (10/07/2025 10:23:06 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em (G
devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A)Error: (10/06/2025 04:13:27 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: O Windows não pode acessar o arquivo por um destes motivos:
há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento
instalados neste computador, ou o disco está ausente.
O Windows fechou o programa gopher64 por causa desse erro.
Programa: gopher64
Arquivo:
O valor do erro está listado na seção Dados Adicionais.
Ação do Usuário
1. Abra o arquivo novamente.
Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente.
2.
Se o arquivo ainda não puder ser acessado e
- não estiver na rede,
o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado.
- Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador.
3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER.
4. Se o problema persistir, restaure o arquivo de uma cópia de backup.
5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para
obter assistência adicional.
Dados Adicionais
Valor do erro: 00000000
Tipo de disco: 0
Error: (10/06/2025 04:13:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: gopher64-windows-x86_64.exe, versão: 1.1.6.0, carimbo de data/hora: 0x68cd38d9
Nome do módulo com falha: gopher64-windows-x86_64.exe, versão: 1.1.6.0, carimbo de data/hora: 0x68cd38d9
Código de exceção: 0xc000001d
Deslocamento da falha: 0x0000000000cdfb93
ID do processo com falha: 0xf5c
Hora de início do aplicativo com falha: 0x01dc36f54b3217a3
Caminho do aplicativo com falha: C:\Users\Retrogamer87 SSD\Downloads\HDs Externos 2025\Emuladores\gopher64-windows-x86_64.exe
Caminho do módulo com falha: C:\Users\Retrogamer87 SSD\Downloads\HDs Externos 2025\Emuladores\gopher64-windows-x86_64.exe
ID do Relatório: 7aa5de95-1969-42bb-aba0-a16a80e298ea
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:
Error: (10/06/2025 04:12:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: O Windows não pode acessar o arquivo por um destes motivos:
há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento
instalados neste computador, ou o disco está ausente.
O Windows fechou o programa gopher64 por causa desse erro.
Programa: gopher64
Arquivo:
O valor do erro está listado na seção Dados Adicionais.
Ação do Usuário
1. Abra o arquivo novamente.
Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente.
2.
Se o arquivo ainda não puder ser acessado e
- não estiver na rede,
o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado.
- Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador.
3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER.
4. Se o problema persistir, restaure o arquivo de uma cópia de backup.
5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para
obter assistência adicional.
Dados Adicionais
Valor do erro: 00000000
Tipo de disco: 0
System errors:
=============
Error: (10/09/2025 03:10:10 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Error: (10/09/2025 03:10:10 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Error: (10/08/2025 03:10:10 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Error: (10/08/2025 03:10:10 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Error: (10/08/2025 08:06:24 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Error: (10/08/2025 08:06:24 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Error: (10/07/2025 08:06:24 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Error: (10/07/2025 08:06:24 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: AUTORIDADE NT)
Description: A atualização de Inicialização Segura falhou ao atualizar uma variável de Inicialização Segura com o erro (-2147020471 = A Inicialização Segura não está habilitada neste computador.). Para mais informações, consulte Secure Boot DB and DBX variable update events - Microsoft Support
Windows Defender:
================
Date: 2025-10-09 07:05:10
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
Nome: Trojan:Win64/Malgent!MSR
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Users\Retrogamer87 SSD\Desktop\FRST64english.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: DESKTOP-3DM2P71\Retrogamer87 SSD
Nome do Processo: C:\Windows\explorer.exe
Versão da Inteligência de Segurança: AV: 1.439.24.0, AS: 1.439.24.0, NIS: 1.439.24.0
Versão do Mecanismo: AM: 1.1.25090.3001, NIS: 1.1.25090.3001
Date: 2025-10-08 21:17:31
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
Nome: Trojan:Win32/Wacatac.C!ml
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Users\Retrogamer87 SSD\AppData\Roaming\secure\QtWebKit4.dll
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: NT Authority\System
Nome do Processo: System
Versão da Inteligência de Segurança: AV: 1.439.24.0, AS: 1.439.24.0, NIS: 1.439.24.0
Versão do Mecanismo: AM: 1.1.25090.3001, NIS: 1.1.25090.3001
Date: 2025-10-08 21:10:14
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
Nome: Trojan:Win64/Malgent!MSR
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Users\Retrogamer87 SSD\Desktop\FRST64.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: DESKTOP-3DM2P71\Retrogamer87 SSD
Nome do Processo: C:\Windows\explorer.exe
Versão da Inteligência de Segurança: AV: 1.439.24.0, AS: 1.439.24.0, NIS: 1.439.24.0
Versão do Mecanismo: AM: 1.1.25090.3001, NIS: 1.1.25090.3001
Date: 2025-10-08 21:08:51
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
Nome: Trojan:Win64/Malgent!MSR
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Users\Retrogamer87 SSD\Downloads\FRST64.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: DESKTOP-3DM2P71\Retrogamer87 SSD
Nome do Processo: C:\Program Files\Topaz OFD\Warsaw\core.exe
Versão da Inteligência de Segurança: AV: 1.439.24.0, AS: 1.439.24.0, NIS: 1.439.24.0
Versão do Mecanismo: AM: 1.1.25090.3001, NIS: 1.1.25090.3001
Date: 2025-10-08 21:08:27
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
Nome: Trojan:Win64/Malgent!MSR
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Users\Retrogamer87 SSD\Downloads\FRST64.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: DESKTOP-3DM2P71\Retrogamer87 SSD
Nome do Processo: C:\Program Files\Topaz OFD\Warsaw\core.exe
Versão da Inteligência de Segurança: AV: 1.439.24.0, AS: 1.439.24.0, NIS: 1.439.24.0
Versão do Mecanismo: AM: 1.1.25090.3001, NIS: 1.1.25090.3001
CodeIntegrity:
===============
Date: 2025-10-09 04:46:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Topaz OFD\Warsaw\wslbdhm64.dll that did not meet the Microsoft signing level requirements.
Date: 2025-10-08 15:05:35
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Topaz OFD\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.
Date: 2025-10-08 15:05:35
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Topaz OFD\Warsaw\wslbscr64.dll that did not meet the Microsoft signing level requirements.
Date: 2025-10-08 12:33:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22\x64\com_antivirus.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. P1.40 10/01/2013
Motherboard: ASRock B75M-DGS R2.0
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 89%
Total physical RAM: 16329.95 MB
Available physical RAM: 1750.48 MB
Total Virtual: 29129.95 MB
Available Virtual: 5273.34 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:475.88 GB) (Free:50.63 GB) (Model: SATA3 512GB SSD) NTFS
Drive g: () (Fixed) (Total:464.7 GB) (Free:186.33 GB) (Model: WDC WD5000BEVT-00ZAT0) NTFS
\\?\Volume{ec57e732-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{ec57e732-0000-0000-0000-001b77000000}\ () (Fixed) (Total:0.52 GB) (Free:0.06 GB) NTFS
\\?\Volume{000777b1-0000-0000-0000-404f74000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: EC57E732)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=475.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=528 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 000777B1)
Partition 1: (Not Active) - (Size=464.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=534 MB) - (Type=27)
==================== End of Addition.txt =======================
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2025
Ran by Retrogamer87 SSD (administrator) on DESKTOP-3DM2P71 (09-10-2025 07:06:47)
Running from C:\Users\Retrogamer87 SSD\Desktop\FRST64english.exe
Loaded Profiles: Retrogamer87 SSD
Platform: Microsoft Windows 10 Pro Version 22H2 19045.6396 (X64) Language: Português (Brasil)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Windows\runSW.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <106>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Piriform\CCleaner 7\CCleaner_service.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exe
(services.exe ->) (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD) C:\Program Files\Topaz OFD\Warsaw\core.exe <2>
(svchost.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Piriform\CCleaner 7\CCleaner.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Reader_Sl] => C:\Program Files\Foxit Software\Foxit PDF Reader\reader_sl.exe [4312128 2025-06-29] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
HKLM-x32\...\Run: [OnScreen Control] => C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreenStartUpApp.exe [1823560 2022-08-29] (LG Electronics Inc. -> LG Electronics Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\Run: [MicrosoftEdgeAutoLaunch_8EEAEEB46E33F9779E13CFEFDF016B9D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4265000 2025-10-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\MountPoints2: {e26711fa-72e4-11f0-b6f3-bc5ff4cbae09} - "E:\WifiAutoInstallSetup.exe"
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [154112 2024-04-25] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP c111 Status Monitor: C:\WINDOWS\system32\hpinkstsc111LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\141.0.7390.55\Installer\chrmstp.exe [2025-10-07] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~D Realtek.tmp [2020-12-25] () [File not signed] <==== ATTENTION
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {136F3929-5B5F-4953-BF80-20243B9C01F0} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1708512 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {A79F4C40-F697-4DD7-A840-9EE02D8C3A36} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1708512 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {F47A8EF7-B3EF-493A-A5C8-67651BDD27D9} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302960 2025-07-09] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {8FE60A2E-B021-4B3C-8C2F-A7CD3A5AAD46} - System32\Tasks\Driver Booster SkipUAC (Retrogamer87 SSD) => C:\Program Files (x86)\IObit\Driver Booster\12.6.0\DriverBooster.exe [8295632 2025-07-23] (IObit CO., LTD -> IObit)
Task: {0EBC88FC-8ADF-45E0-AFAA-96C2B9772830} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem142.0.7416.0{BAF0BD8A-51DE-4CFF-A2AD-7EE4DFBD7C80} => C:\Program Files (x86)\Google\GoogleUpdater\142.0.7416.0\updater.exe [6863512 2025-09-15] (Google LLC -> Google LLC)
Task: {0A330237-D390-4D7F-9358-C025A2A37F7F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FAD3B4F2-8341-49E9-90D7-BC23102209F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {302F789E-68B3-4327-B9EB-1EDE598E9C47} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {67533EB3-7369-4BEB-934A-A59C867EF559} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8997E7F0-E9DB-4A2B-8337-4A6FB38A3974} - System32\Tasks\Piriform\CCleaner 7 - S-1-5-21-2307758842-2925553095-3651173823-1001 => C:\Program Files\Piriform\CCleaner 7\CCleaner.exe [4717688 2025-10-07] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {0A930782-7150-4E07-A4C3-52BB3AD42625} - System32\Tasks\Piriform\CCleaner 7 BugReport => C:\Program Files\Piriform\CCleaner 7\CCleanerBugReport.exe [6243960 2025-10-07] (Gen Digital Inc. -> Gen Digital Inc.) -> --send "dumps|report" --product 234 --programpath "C:\Program Files\Piriform\CCleaner 7" --configpath "C:\Program Files\Piriform\CCleaner 7\data" --path "C:\Program Files\Piriform\CCleaner 7\log" --path "C:\Program Files\Piriform\CCleaner 7\data\dumps" --logpath "C:\Program Files\Piriform\CCleaner 7 (the data entry has 58 more characters).
Task: {1927BCC8-5180-4FE8-86C7-EF9C3FFECD3D} - System32\Tasks\Piriform\CCleaner 7 Update => C:\Program Files\Common Files\Piriform\Icarus\piriform-ccl\icarus.exe [8971064 2025-10-02] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {B68F0D0B-728B-4995-BD9D-2BA50980E2DA} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3723600 2025-07-15] (IObit CO., LTD -> IObit)
Task: {82813D3B-0725-4145-B5FD-783C414E2BB3} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [57312 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {E3F39B2A-C2EC-43EE-BB06-4DAD95555DD1} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [263136 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 177.37.220.17 177.37.220.18
Tcpip\..\Interfaces\{2bacfdeb-3e05-4224-a52b-164005dad435}: [DhcpNameServer] 177.37.220.17 177.37.220.18
Tcpip\..\Interfaces\{5fde70cd-dbc3-46f8-9da7-9193dc3f0005}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default [2025-10-09]
Edge DownloadDir: Default -> G:\
Edge Notifications: Default -> hxxps://www.facebook.com; hxxps://www.physicsforums.com
Edge Session Restore: Default -> is enabled.
Edge Extension: (Google Tradutor) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2024-09-09]
Edge Extension: (Kaspersky Protection) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2025-10-04]
Edge Extension: (Free Download Manager) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2025-05-27]
Edge Extension: (Disable automatic tab discarding) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dnhngfnfolbmhgealdpolmhimnoliiok [2024-06-25]
Edge Extension: (MetaMask) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2025-05-27]
Edge Extension: (WA Web Plus by Elbruz Technologies) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ekcgkejcjdcmonfpmnljobemcbpnkamh [2025-09-26]
Edge Extension: (Browsec VPN - Free VPN for Edge) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fjnehcbecaggobjholekjijaaekbnlgj [2025-10-08]
Edge Extension: (Segurança do navegador Avira) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2024-08-20]
Edge Extension: (Documentos Google off-line) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-17]
Edge Extension: (Adblock Plus - bloqueador de anúncios grátis) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2025-10-04]
Edge Extension: (Tampermonkey) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iikmkjmpaadaobahmlepeloendndfphd [2025-10-08]
Edge Extension: (Edge relevant text changes) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-25]
Edge Extension: (Video DownloadHelper) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmkaglaafmhbcpleggkmaliipiilhldn [2025-10-09]
Edge Extension: (Auto Replay for YouTube™) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mcdpnidfhfjfbafmpppcplcejgepadbo [2022-07-18]
Edge Profile: C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2025-09-20]
Edge Extension: (Kaspersky Protection) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2024-01-10]
Edge Extension: (Documentos Google off-line) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-10]
Edge Extension: (Edge relevant text changes) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-10]
Edge HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
FireFox:
========
FF DefaultProfile: l66dl1iw.default
FF ProfilePath: C:\Users\Retrogamer87 SSD\AppData\Roaming\Mozilla\Firefox\Profiles\l66dl1iw.default [2025-01-10]
FF ProfilePath: C:\Users\Retrogamer87 SSD\AppData\Roaming\Mozilla\Firefox\Profiles\36sd0zyw.default-release-1733611670702 [2025-10-08]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2025-01-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2024-12-07] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2024-12-07] <==== ATTENTION
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default [2025-10-09]
CHR DownloadDir: G:\
CHR Notifications: Default -> hxxps://antiqueradios.com; hxxps://app.element.io; hxxps://chat.movidesk.com; hxxps://community.academydigitalpreservationforum.org; hxxps://community.element14.com; hxxps://community.sparkfun.com; hxxps://community.spiceworks.com; hxxps://community.synology.com; hxxps://community.wd.com; hxxps://eletronica2002.forumeiros.com; hxxps://eletronicabr.com; hxxps://engineerboards.com; hxxps://forum.adrenaline.com.br; hxxps://forum.arduino.cc; hxxps://forum.contextualelectronics.com; hxxps://forum.core-electronics.com.au; hxxps://forum.digikey.com; hxxps://forum.headphones.com; hxxps://forum.hifiguides.com; hxxps://forum.level1techs.com; hxxps://forum.outerspace.com.br; hxxps://forum.pedalpcb.com; hxxps://forum.zwame.pt; hxxps://forums.anandtech.com; hxxps://forums.libretro.com; hxxps://forums.overclockers.co.uk; hxxps://forums.truenas.com; hxxps://gbatemp.net; hxxps://h5-global.alimebot.aliexpress.com; hxxps://hackaday.io; hxxps://hardlevel.com.br; hxxps://itsfoss.community; hxxps://linustechtips.com; hxxps://mail.google.com; hxxps://malwaretips.com; hxxps://pchelpforum.net; hxxps://physicshelpforum.com; hxxps://pir2.forumeiros.com; hxxps://profes.com.br; hxxps://qltuh.alpenridge.top; hxxps://shopee.com.br; hxxps://smallseotools.com; hxxps://thewindowsforum.com; hxxps://web.telegram.org; hxxps://web.whatsapp.com; hxxps://windows10.help; hxxps://windowsforum.com; hxxps://www.airdroid.com; hxxps://www.avforums.com; hxxps://www.candlepowerforums.com; hxxps://www.clubedohardware.com.br; hxxps://www.edaboard.com; hxxps://www.electronics-talk.com; hxxps://www.elektroda.com; hxxps://www.elektroda.pl; hxxps://www.facebook.com; hxxps://www.hardwareluxx.de; hxxps://www.joom.com; hxxps://www.kwai.com; hxxps://www.metropoles.com; hxxps://www.pcreview.co.uk; hxxps://www.physicsforums.com; hxxps://www.seagate.com; hxxps://www.snbforums.com; hxxps://www.synoforum.com; hxxps://www.technibble.com; hxxps://www.techpowerup.com; hxxps://www.tenforums.com; hxxps://www.tenorshare.net; hxxps://x.com
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Tradutor) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2024-09-05]
CHR Extension: (Kaspersky Protection) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2025-10-02]
CHR Extension: (uBlock Origin Lite) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkjiahejlhfcafbddmgiahcphecmpfh [2025-10-07]
CHR Extension: (Tampermonkey) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2025-10-08]
CHR Extension: (WA Web Plus by Elbruz Technologies) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekcgkejcjdcmonfpmnljobemcbpnkamh [2025-09-22]
CHR Extension: (baixador de vídeo - CocoCut) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhbcipncbkfpkaianbjbcbmfehjflpf [2025-09-16]
CHR Extension: (Documentos Google off-line) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-16]
CHR Extension: (ChatGPT para PDF) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiiildgldbpfbegcfgemoliikibfhaeh [2025-09-25]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-28]
CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2025-09-16]
CHR Profile: C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\System Profile [2024-12-06]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 CCleaner7; C:\Program Files\Piriform\CCleaner 7\CCleaner_service.exe [28280440 2025-10-07] (Gen Digital Inc. -> Gen Digital Inc.)
R2 FoxitReaderUpdateService; C:\Program Files\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [3069024 2025-07-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 GameInputRedistService; C:\Program Files\Microsoft GameInput\x64\GameInputRedistService.exe [137616 2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9441760 2024-12-07] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-12-07] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.25080.5-0\MpDefenderCoreService.exe [2009656 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2025-08-06] (Realtek Semiconductor Corp -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [803064 2025-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 ucldr_mirm_gl; C:\Program Files\Common Files\Wellbia.com\ucldr_mirm_gl.exe [5551144 2023-01-30] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S4 ucldr_MirTrilogy4_GL; C:\Program Files\Common Files\UNCHEATER\ucldr_MirTrilogy4_GL.exe [6705392 2022-03-30] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R2 Warsaw Technology; C:\Program Files\Topaz OFD\Warsaw\core.exe [999736 2024-05-08] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.25080.5-0\NisSrv.exe [4414464 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WifiAutoInstallSrv; C:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exe [124864 2017-07-31] (Realtek Semiconductor Corp. -> Realtek)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.25080.5-0\MsMpEng.exe [282480 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [63096 2022-02-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2014-07-30] (ASROCK Incorporation -> ASRock Inc.)
S3 AxtuDrv; C:\WINDOWS\SysWOW64\Drivers\AxtuDrv.sys [21768 2022-04-12] (ASROCK Incorporation -> RW-Everything)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [394272 2025-07-09] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [333216 2025-10-08] (Microsoft Windows -> Microsoft Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [21208 2022-12-26] (北京铠信神州科技有限责任公司 -> )
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2021-03-26] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2021-03-26] (MiniTool Solution Ltd -> )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [12433696 2025-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2025-04-22] (IObit Information Technology -> IObit)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20880 2025-10-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [627104 2025-10-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [102816 2025-10-08] (Microsoft Windows -> Microsoft Corporation)
R2 WiseFs; C:\WINDOWS\WiseFs64.sys [50928 2025-09-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [45552 2025-10-08] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [54776 2025-06-09] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [59904 2025-10-08] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [54272 2025-06-02] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [1432232 2023-03-12] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X] <==== ATTENTION
S3 iobit_monitor_server2021; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-10-09 07:02 - 2025-10-09 07:03 - 000057572 _____ C:\Users\Retrogamer87 SSD\Desktop\Addition.txt
2025-10-09 06:59 - 2025-10-09 07:07 - 000027888 _____ C:\Users\Retrogamer87 SSD\Desktop\FRST.txt
2025-10-09 06:52 - 2025-10-09 06:56 - 000000521 _____ C:\Users\Retrogamer87 SSD\Desktop\Search.txt
2025-10-08 21:10 - 2025-10-08 21:10 - 002442752 _____ (Farbar) C:\Users\Retrogamer87 SSD\Desktop\FRST64english.exe
2025-10-08 12:05 - 2025-10-08 12:06 - 000987293 _____ C:\Users\Retrogamer87 SSD\Downloads\guias aurivania.pdf
2025-10-08 10:05 - 2025-10-08 10:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\RapidCRC
2025-10-07 20:40 - 2025-10-07 20:40 - 000000000 ___RD C:\Users\Retrogamer87 SSD\Proton Drive
2025-10-07 20:37 - 2025-10-07 20:37 - 000487317 _____ C:\Users\Retrogamer87 SSD\Downloads\proton-recovery-kit.pdf
2025-10-07 10:27 - 2025-10-07 10:28 - 495697853 _____ C:\Users\Retrogamer87 SSD\Desktop\Digerati.rar
2025-10-07 10:18 - 2025-10-07 13:40 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\JAM Software
2025-10-07 08:04 - 2025-10-07 08:04 - 000002158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 7.lnk
2025-10-07 08:04 - 2025-10-07 08:04 - 000002146 _____ C:\Users\Public\Desktop\CCleaner 7.lnk
2025-10-07 08:04 - 2025-10-07 08:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Piriform
2025-10-07 08:04 - 2025-10-07 08:04 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\CCleaner
2025-10-07 08:03 - 2025-10-07 08:03 - 000055064 _____ (Gen Digital Inc.) C:\WINDOWS\system32\icarus_rvrt.exe
2025-10-07 08:03 - 2025-10-07 08:03 - 000000000 ____D C:\Program Files\Piriform
2025-10-07 08:03 - 2025-10-07 08:03 - 000000000 ____D C:\Program Files\Common Files\Piriform
2025-10-06 14:25 - 2025-10-06 14:26 - 000069460 _____ C:\Users\Retrogamer87 SSD\Downloads\maria tia.ogg
2025-10-04 12:40 - 2025-10-04 12:40 - 000002516 _____ C:\Users\Retrogamer87 SSD\Desktop\balenaEtcher.lnk
2025-10-04 12:39 - 2025-10-04 12:40 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\balena_etcher
2025-10-04 12:27 - 2025-10-04 12:27 - 000000000 ____D C:\Program Files\TeraCopy
2025-10-03 20:20 - 2025-10-03 20:20 - 000000000 ___HD C:\$Windows.~WS
2025-10-03 19:52 - 2025-10-04 12:27 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\TeraCopy
2025-10-03 19:52 - 2025-10-03 19:52 - 000000000 ___HD C:\Users\Retrogamer87 SSD\AppData\Roaming\Obsidium x64
2025-10-03 19:52 - 2025-10-03 19:52 - 000000000 ___HD C:\Users\Retrogamer87 SSD\.obs64
2025-10-03 19:52 - 2025-10-03 19:52 - 000000000 ____D C:\ProgramData\Code Sector
2025-10-03 19:52 - 2025-10-03 19:52 - 000000000 ____D C:\ProgramData\Caphyon
2025-09-25 19:48 - 2025-09-29 12:26 - 000000000 ____D C:\ESD
2025-09-22 08:58 - 2025-09-22 08:58 - 000000000 ____D C:\ProgramData\CPUID Software
2025-09-19 20:17 - 2025-09-19 20:17 - 000936918 _____ C:\Users\Retrogamer87 SSD\Downloads\EP-AX1672_Instruction Manual _ English.pdf
2025-09-19 20:15 - 2025-09-19 20:15 - 000394470 _____ C:\Users\Retrogamer87 SSD\Downloads\EP-AX1672_Datasheet.pdf
2025-09-16 20:35 - 2025-10-01 12:18 - 000000000 ____D C:\Users\Retrogamer87 SSD\Downloads\HDs Externos 2025
2025-09-16 14:04 - 2025-09-16 14:04 - 009616736 _____ (Malwarebytes) C:\Users\Retrogamer87 SSD\Desktop\adwcleaner(1).exe
2025-09-13 20:27 - 2025-09-13 20:27 - 000001110 _____ C:\Users\Retrogamer87 SSD\Desktop\Telegram.lnk
2025-09-13 20:26 - 2025-09-13 20:26 - 000001287 _____ C:\Users\Public\Desktop\Wise Folder Hider.lnk
2025-09-13 20:26 - 2025-09-13 20:26 - 000000000 ____D C:\Program Files\Windows Kits
2025-09-13 20:26 - 2025-09-13 20:26 - 000000000 ____D C:\Program Files\Microsoft GameInput
2025-09-13 20:25 - 2025-09-16 14:20 - 000002528 _____ C:\WINDOWS\system32\Tasks\SmartDefrag_Update
2025-09-13 20:25 - 2025-09-13 20:25 - 000001235 _____ C:\Users\Public\Desktop\Smart Defrag 11.lnk
2025-09-13 20:25 - 2025-04-22 13:14 - 000178960 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2025-09-13 20:25 - 2025-04-22 13:14 - 000030744 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2025-09-13 20:23 - 2025-09-13 20:23 - 000001147 _____ C:\Users\Public\Desktop\Foxit PDF Reader.lnk
2025-09-13 20:23 - 2025-09-13 20:23 - 000000000 ____D C:\Users\Public\Documents\Foxit Software
2025-09-13 20:23 - 2025-09-13 20:23 - 000000000 ____D C:\Program Files\Foxit Software
2025-09-13 20:23 - 2025-09-13 20:23 - 000000000 ____D C:\Program Files\Common Files\Foxit
2025-09-13 20:21 - 2025-09-16 14:20 - 000002856 _____ C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Retrogamer87 SSD)
2025-09-13 20:21 - 2025-09-13 20:21 - 000002364 _____ C:\Users\Public\Desktop\Driver Booster 12.lnk
2025-09-13 20:21 - 2025-09-13 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 12
2025-09-13 20:20 - 2025-09-13 20:20 - 000001743 _____ C:\Users\Retrogamer87 SSD\Desktop\MPC-HC x64.lnk
2025-09-13 20:20 - 2025-09-13 20:20 - 000001252 _____ C:\Users\Retrogamer87 SSD\Desktop\AIDA64 Extreme.lnk
2025-09-13 20:20 - 2025-07-28 06:26 - 000667856 _____ (Alexander Roshal) C:\Program Files (x86)\RarExt.dll
2025-09-13 20:20 - 2025-07-28 06:26 - 000555728 _____ (Alexander Roshal) C:\Program Files (x86)\RarExt32.dll
2025-09-13 20:20 - 2024-11-17 19:08 - 000208504 _____ C:\Program Files (x86)\winrar.lng
2025-09-13 20:20 - 2024-11-14 18:51 - 000062864 _____ C:\Program Files (x86)\rar.lng
2025-09-13 20:20 - 2024-11-11 08:41 - 000016126 _____ C:\Program Files (x86)\uninstall.lng
2025-09-13 20:20 - 2023-11-23 17:24 - 000015144 _____ C:\Program Files (x86)\sfx.lng
2025-09-13 20:20 - 2023-01-23 12:13 - 000006370 _____ C:\Program Files (x86)\rarext.lng
2025-09-13 20:19 - 2025-09-13 20:19 - 000001851 _____ C:\Users\Retrogamer87 SSD\Desktop\CrystalDiskMark 9.lnk
2025-09-13 20:19 - 2025-09-13 20:19 - 000001830 _____ C:\Users\Retrogamer87 SSD\Desktop\CrystalDiskInfo.lnk
2025-09-13 20:19 - 2025-09-13 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSmartControl
2025-09-13 20:19 - 2025-09-13 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskMark9
2025-09-13 20:19 - 2025-09-13 20:19 - 000000000 ____D C:\Program Files\CrystalDiskMark9
2025-09-13 20:18 - 2025-09-16 14:20 - 000003018 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper_nxt
2025-09-13 20:18 - 2025-09-13 20:18 - 000002111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2025-09-13 20:18 - 2025-09-13 20:18 - 000002099 _____ C:\Users\Public\Desktop\BlueStacks Multi-Instance Manager.lnk
2025-09-13 20:18 - 2025-09-13 20:18 - 000002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk
2025-09-13 20:18 - 2025-09-13 20:18 - 000001979 _____ C:\Users\Public\Desktop\BlueStacks 5.lnk
2025-09-13 20:18 - 2025-09-13 20:18 - 000000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2025-09-13 20:17 - 2025-09-13 20:18 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2025-09-13 20:17 - 2025-09-13 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Store
2025-09-13 20:17 - 2025-09-13 20:17 - 000000000 ____D C:\Program5
2025-09-13 20:16 - 2025-09-13 20:17 - 000000000 ____D C:\Program Files\BlueStacks_nxt
2025-09-13 16:23 - 2025-10-08 15:05 - 000059904 ____N (Topaz OFD) C:\WINDOWS\system32\Drivers\wsddpp.sys
2025-09-13 16:23 - 2025-06-09 17:11 - 000054776 _____ (Topaz OFD) C:\WINDOWS\system32\Drivers\wsddntf.sys
2025-09-13 16:23 - 2025-06-02 11:12 - 000054272 ____N (Topaz OFD) C:\WINDOWS\system32\Drivers\wsddprm.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-10-09 07:07 - 2021-01-04 13:08 - 000000000 ____D C:\FRST
2025-10-09 06:44 - 2025-02-10 09:36 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\ChomikBox
2025-10-09 06:37 - 2023-09-02 14:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-10-09 04:10 - 2023-05-05 09:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-10-08 22:34 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-10-08 22:34 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-10-08 21:17 - 2024-12-08 15:22 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\secure
2025-10-08 15:48 - 2022-03-28 15:35 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\D3DSCache
2025-10-08 15:34 - 2025-02-12 16:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\Downloads\HDD 2.5
2025-10-08 15:11 - 2025-02-10 09:36 - 000000000 ____D C:\Users\Retrogamer87 SSD\.gstreamer-0.10
2025-10-08 15:10 - 2023-09-02 14:45 - 001741824 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-10-08 15:10 - 2019-12-07 11:53 - 000752436 _____ C:\WINDOWS\system32\prfh0416.dat
2025-10-08 15:10 - 2019-12-07 11:53 - 000148550 _____ C:\WINDOWS\system32\prfc0416.dat
2025-10-08 15:10 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF
2025-10-08 15:05 - 2023-09-02 14:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-10-08 15:05 - 2023-01-03 13:17 - 000045552 _____ (Topaz OFD) C:\WINDOWS\system32\Drivers\wsddfac.sys
2025-10-08 15:05 - 2020-11-13 07:42 - 000008192 ___SH C:\DumpStack.log.tmp
2025-10-08 15:04 - 2022-03-29 07:56 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2025-10-08 15:04 - 2022-03-28 15:54 - 000001154 ___SH C:\WINDOWS\wisefs.dat
2025-10-08 15:04 - 2019-12-07 06:03 - 000131072 _____ C:\WINDOWS\system32\config\BBI
2025-10-08 13:29 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-10-08 12:36 - 2022-03-28 15:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-10-08 12:36 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Windows Defender
2025-10-08 12:36 - 2019-12-07 06:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2025-10-08 12:34 - 2022-06-11 12:54 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2025-10-08 12:34 - 2019-12-07 06:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-10-08 12:33 - 2022-03-28 16:10 - 000000000 ____D C:\Program Files\Common Files\AV
2025-10-08 10:10 - 2022-09-17 20:42 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\vlc
2025-10-07 21:57 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-10-07 20:40 - 2023-09-02 14:38 - 000000000 ____D C:\Users\Retrogamer87 SSD
2025-10-07 20:28 - 2025-02-01 17:45 - 000001636 _____ C:\ProgramData\pdinst.ini
2025-10-07 18:14 - 2025-02-15 16:31 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Stella
2025-10-07 10:24 - 2021-12-14 13:25 - 000000000 ____D C:\Users\Retrogamer87 SSD\Desktop\Firmwares e OPL
2025-10-07 10:22 - 2022-12-26 09:47 - 000000000 ____D C:\Users\Retrogamer87 SSD\Desktop\drive
2025-10-07 09:28 - 2022-03-28 16:30 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2025-10-07 08:17 - 2022-03-30 07:27 - 000000000 ____D C:\ProgramData\ProductData
2025-10-07 08:17 - 2022-03-30 07:25 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\IObit
2025-10-07 08:17 - 2022-03-30 07:25 - 000000000 ____D C:\ProgramData\IObit
2025-10-07 08:06 - 2022-05-28 16:30 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\MPC-HC
2025-10-07 08:06 - 2022-04-30 13:35 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\CrashDumps
2025-10-07 08:03 - 2022-07-19 06:03 - 000000000 ____D C:\ProgramData\Piriform
2025-10-07 08:03 - 2022-03-28 16:57 - 000000000 ____D C:\Program Files\CCleaner
2025-10-07 08:02 - 2020-09-29 08:38 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-10-07 08:02 - 2020-09-29 08:38 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-10-06 12:45 - 2025-03-03 07:38 - 000003750 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{49527EF5-0EFA-43FF-8BEC-352339B1F95D}
2025-10-06 12:45 - 2025-03-03 07:38 - 000003624 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{10120E63-E937-48DB-8B1A-1B3D19E10AA9}
2025-10-05 23:13 - 2023-10-26 17:26 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2025-10-04 16:47 - 2020-11-11 20:31 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-10-04 16:47 - 2020-11-11 20:31 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-10-04 12:41 - 2025-03-08 17:07 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\balenaEtcher
2025-10-04 12:40 - 2025-03-08 17:07 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balena Ltd
2025-10-04 12:40 - 2025-03-08 17:06 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\SquirrelTemp
2025-10-03 15:59 - 2023-10-16 20:39 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\Malwarebytes
2025-10-03 09:14 - 2022-07-27 17:28 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\qBittorrent
2025-09-27 16:29 - 2022-03-29 14:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\AMD_Common
2025-09-26 21:43 - 2024-06-15 21:37 - 000000000 ____D C:\WINDOWS\system32\compatrel
2025-09-26 21:43 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\Provisioning
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-09-26 21:38 - 2023-09-02 14:41 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-09-19 14:52 - 2025-01-15 13:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\LaunchBox
2025-09-19 14:50 - 2024-05-22 16:31 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2025-09-17 16:51 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2025-09-17 16:20 - 2023-10-18 06:02 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2025-09-16 20:50 - 2024-12-08 15:00 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\JDownloader 2.0
2025-09-16 14:08 - 2023-09-02 14:37 - 000270248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-09-16 07:07 - 2022-03-28 17:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-09-16 07:03 - 2022-03-28 17:18 - 223939376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-09-13 20:31 - 2022-03-28 15:54 - 000050928 _____ C:\WINDOWS\WiseFs64.sys
2025-09-13 20:27 - 2023-12-09 09:39 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Telegram Desktop
2025-09-13 20:27 - 2021-07-26 08:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2025-09-13 20:26 - 2022-03-29 13:58 - 000000000 ____D C:\ProgramData\Package Cache
2025-09-13 20:26 - 2020-09-30 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Folder Hider
2025-09-13 20:25 - 2024-09-22 06:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2025-09-13 20:23 - 2022-03-28 16:02 - 000000000 ____D C:\Users\Public\Foxit Software
2025-09-13 20:23 - 2021-11-04 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Reader
2025-09-13 20:21 - 2025-02-01 17:46 - 000000000 ____D C:\ProgramData\ProductData3
2025-09-13 20:20 - 2023-10-30 20:44 - 000001101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2025-09-13 20:20 - 2023-10-30 20:44 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-09-13 20:20 - 2023-10-30 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-09-13 20:20 - 2022-05-28 16:29 - 000000000 ____D C:\Program Files\MPC-HC
2025-09-13 20:20 - 2021-04-28 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2025-09-13 20:19 - 2023-10-27 09:56 - 000000000 ____D C:\Program Files\GSmartControl
2025-09-13 20:19 - 2023-10-26 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2025-09-13 20:16 - 2022-04-20 10:16 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\BlueStacks
==================== Files in the root of some directories ========
2023-06-07 06:02 - 2023-06-07 06:02 - 000032768 _____ () C:\Program Files\LICENSE.txt
2023-06-07 06:04 - 2023-06-07 06:04 - 001493018 _____ () C:\Program Files\NEWS.txt
2023-06-07 06:01 - 2023-06-07 06:01 - 000103192 _____ (Python Software Foundation) C:\Program Files\python.exe
2023-06-07 06:01 - 2023-06-07 06:01 - 000067352 _____ (Python Software Foundation) C:\Program Files\python3.dll
2023-06-07 06:01 - 2023-06-07 06:01 - 005762840 _____ (Python Software Foundation) C:\Program Files\python311.dll
2023-06-07 06:01 - 2023-06-07 06:01 - 000101656 _____ (Python Software Foundation) C:\Program Files\pythonw.exe
2023-06-07 06:02 - 2023-06-07 06:02 - 000109392 _____ (Microsoft Corporation) C:\Program Files\vcruntime140.dll
2023-06-07 06:02 - 2023-06-07 06:02 - 000049520 _____ (Microsoft Corporation) C:\Program Files\vcruntime140_1.dll
2023-10-30 20:44 - 2025-07-24 07:34 - 000228048 _____ (Igor Pavlov) C:\Program Files (x86)\7zxa.dll
2023-10-30 20:44 - 2025-07-24 17:48 - 000497448 _____ () C:\Program Files (x86)\Default.SFX
2024-10-02 12:23 - 2025-07-24 17:48 - 000402216 _____ () C:\Program Files (x86)\Default32.SFX
2023-10-30 20:44 - 2023-09-18 10:26 - 000399870 _____ () C:\Program Files (x86)\Default64.SFX
2023-10-30 20:44 - 2024-11-10 23:17 - 000001892 _____ () C:\Program Files (x86)\Descript.ion
2023-10-30 20:44 - 2014-06-11 08:45 - 000007435 _____ () C:\Program Files (x86)\License.txt
2023-10-30 20:44 - 2025-03-25 00:30 - 000003927 _____ () C:\Program Files (x86)\Order.htm
2023-10-30 20:44 - 2025-07-28 06:26 - 000835792 _____ (Alexander Roshal) C:\Program Files (x86)\Rar.exe
2025-09-13 20:20 - 2024-11-14 18:51 - 000062864 _____ () C:\Program Files (x86)\rar.lng
2023-10-30 20:44 - 2025-03-25 00:35 - 000125942 _____ () C:\Program Files (x86)\Rar.txt
2025-09-13 20:20 - 2025-07-28 06:26 - 000667856 _____ (Alexander Roshal) C:\Program Files (x86)\RarExt.dll
2025-09-13 20:20 - 2023-01-23 12:13 - 000006370 _____ () C:\Program Files (x86)\rarext.lng
2025-09-13 20:20 - 2025-07-28 06:26 - 000555728 _____ (Alexander Roshal) C:\Program Files (x86)\RarExt32.dll
2023-10-30 20:44 - 2025-07-28 06:26 - 000223952 _____ (Alexander Roshal) C:\Program Files (x86)\RarExtInstaller.exe
2023-10-30 20:44 - 2021-08-17 15:32 - 000001190 _____ () C:\Program Files (x86)\RarExtInstaller.exe.manifest
2023-10-30 20:44 - 2021-10-21 13:36 - 000002183 _____ () C:\Program Files (x86)\RarExtLogo.altform-unplated_targetsize-32.png
2023-10-30 20:44 - 2021-10-21 13:36 - 000004179 _____ () C:\Program Files (x86)\RarExtLogo.altform-unplated_targetsize-48.png
2023-10-30 20:44 - 2021-10-21 14:54 - 000006234 _____ () C:\Program Files (x86)\RarExtLogo.altform-unplated_targetsize-64.png
2023-10-30 20:44 - 2025-07-28 06:25 - 000024444 _____ () C:\Program Files (x86)\RarExtPackage.msix
2023-10-30 20:44 - 2023-11-23 17:30 - 000001430 _____ () C:\Program Files (x86)\RarFiles.lst
2023-10-30 20:44 - 2023-10-30 20:44 - 000000024 _____ () C:\Program Files (x86)\rarnew.dat
2023-10-30 20:44 - 2021-11-16 08:19 - 000001485 _____ () C:\Program Files (x86)\ReadMe.txt
2023-10-30 20:44 - 2025-02-26 05:39 - 000001640 _____ () C:\Program Files (x86)\Resources.pri
2025-09-13 20:20 - 2023-11-23 17:24 - 000015144 _____ () C:\Program Files (x86)\sfx.lng
2023-10-30 20:44 - 2025-07-28 06:26 - 000412368 _____ (Alexander Roshal) C:\Program Files (x86)\Uninstall.exe
2025-09-13 20:20 - 2024-11-11 08:41 - 000016126 _____ () C:\Program Files (x86)\uninstall.lng
2023-10-30 20:44 - 2023-11-23 16:42 - 000000793 _____ () C:\Program Files (x86)\Uninstall.lst
2023-10-30 20:44 - 2025-07-28 06:26 - 000561872 _____ (Alexander Roshal) C:\Program Files (x86)\UnRAR.exe
2022-03-28 15:50 - 2006-04-14 18:54 - 000000157 _____ () C:\Program Files (x86)\UnrarSrc.txt
2023-10-30 20:44 - 2025-07-28 06:22 - 000057844 _____ () C:\Program Files (x86)\WhatsNew.txt
2023-10-30 20:44 - 2025-07-24 17:49 - 000487312 _____ (Alexander Roshal) C:\Program Files (x86)\WinCon.SFX
2024-10-02 12:23 - 2025-07-24 17:49 - 000404880 _____ (Alexander Roshal) C:\Program Files (x86)\WinCon32.SFX
2023-10-30 20:44 - 2023-09-18 10:27 - 000414828 _____ (Alexander Roshal) C:\Program Files (x86)\WinCon64.SFX
2023-10-30 20:44 - 2025-03-25 00:26 - 002520782 _____ () C:\Program Files (x86)\WinRAR.chm
2023-10-30 20:44 - 2025-07-28 06:26 - 003412176 _____ (Alexander Roshal) C:\Program Files (x86)\WinRAR.exe
2025-09-13 20:20 - 2024-11-17 19:08 - 000208504 _____ () C:\Program Files (x86)\winrar.lng
2023-10-30 20:44 - 2025-07-24 17:48 - 000858408 _____ () C:\Program Files (x86)\Zip.SFX
2024-10-02 12:23 - 2025-07-24 15:40 - 000349184 _____ () C:\Program Files (x86)\Zip32.SFX
2023-10-30 20:44 - 2023-09-18 10:26 - 000337406 _____ () C:\Program Files (x86)\Zip64.SFX
2023-10-30 20:44 - 2023-10-30 20:44 - 000000022 _____ () C:\Program Files (x86)\zipnew.dat
2023-11-18 20:35 - 2023-11-18 20:35 - 000000018 _____ () C:\Users\Retrogamer87 SSD\AppData\Roaming\.cache9050425797200915815.dat
2022-04-01 13:59 - 2022-04-01 13:59 - 000000068 _____ () C:\Users\Retrogamer87 SSD\AppData\Roaming\changzhi_leidian.data
2022-04-01 13:59 - 2022-04-01 13:59 - 000000050 _____ () C:\Users\Retrogamer87 SSD\AppData\Roaming\changzhi_leidianmac.data
2022-10-24 10:35 - 2022-10-24 10:35 - 000000064 _____ () C:\Users\Retrogamer87 SSD\AppData\Roaming\changzhi_mplayer.data
2023-11-03 22:48 - 2023-11-03 22:48 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\llftool.4.40.agreement
2025-02-15 13:57 - 2025-02-15 13:57 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\llftool.4.50.agreement
2023-09-21 05:40 - 2023-09-21 05:40 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\RawCopy.1.10.agreement
2023-09-21 05:47 - 2023-09-21 12:25 - 000000003 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\RawCopy.savedialog.dir
2023-09-21 05:47 - 2023-09-21 12:25 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\RawCopy.savedialog.filterindex
2023-09-21 05:40 - 2023-09-21 12:25 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\RawCopy.sourcedisk.index
==================== FCheck ================================
(If an entry is included in the fixlist, the file/folder will be moved.)
FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2022-08-31] <==== ATTENTION (zero byte File/Folder)
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
This log is one of the first scans with FRST. If you perform a new scan now, it will not show records of AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml) detected and removed by Microsoft Defender 1 month ago. I want to find out if it was active on the system maliciously destroying and modify files of PC. more kaspersky free and malwarebytes free not detect
Are you sure about this...Logs don't show this...Please be patient and follow my instructions ..! Please give me some time to examine your logs and I will get back to you as soon as possible.
During this time I will ask for scanning according to the following instruction.The following tool named SecurityCheck is a utility for quickly checking for the presence of possibly vulnerable applications and the status of other security settings..:
Scan with SecurityCheck by glax24
- Temporarily disable Microsoft SmartScreen only if it blocks the download of the software. The program is safe
- Download SecurityCheck by glax24 from here
- If SmartScreen blocks the file from running click on More info and Run anyway
- This tool is safe. Smartscreen is overly sensitive. You can check the VirusTotal scan of the tool from here
- Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow it to run
- Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply.
- You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt
Thank you..!
In your next reply, please post:
- SecurityCheck.txt
The malware dll was removed by Defender before this first Farbar scan log was generated, is it possible to scan to show past events before any malware was removed and show whether or not it was active at the time of Defender detection?
I will try to get more detailed information from the alternate data stream so I can answer your question. By the way, are these open ports familiar to you..?
AlternateStreamView by Nirsoft
In your next reply, please include:
Code:
FirewallRules: [{BD6BF039-82F4-499D-8542-EB24C7AF4C1D}] => (Allow) LPort=42305
FirewallRules: [{E5C66399-F9CC-4BF7-B27E-D396C41F6BF5}] => (Allow) LPort=20902
FirewallRules: [{C9E0EEF5-DB55-4797-A5CF-F1E2D9905E60}] => (Allow) LPort=57209
FirewallRules: [{B3ADE6DD-5094-4D97-90CC-ED8A0CB9DB04}] => (Allow) LPort=57210
FirewallRules: [{C99A2F14-DCB6-45D0-ACFC-7E4D49B4B5BB}] => (Allow) LPort=57211
FirewallRules: [{1E46FD90-E282-4D54-AE4E-FA35E776E507}] => (Allow) LPort=57212
FirewallRules: [{9B18E5E9-8016-4BCA-95A0-DE33A71C980B}] => (Allow) LPort=57213
FirewallRules: [{5059AE68-6CD8-482F-9947-DCDF78E80450}] => (Allow) LPort=57214
FirewallRules: [{F10C107E-2FC3-460C-9B72-24ADBE61B5C1}] => (Allow) LPort=57215
FirewallRules: [{B560F0EC-0EC7-419B-81ED-FF6A9B73BE48}] => (Allow) LPort=57216
FirewallRules: [{D7B4AFC3-250C-4753-BDA4-704CE9FA393E}] => (Allow) LPort=57217
FirewallRules: [{D769806C-AAF9-4EA5-8EA9-FE1A4174A759}] => (Allow) LPort=57218
FirewallRules: [{7FB7F3F5-39EF-45D8-92B9-D13D1A1D9C6D}] => (Allow) LPort=57209
FirewallRules: [{AA5FEC70-5E20-40A1-9142-F30ADA239DDD}] => (Allow) LPort=57210
FirewallRules: [{9318F053-71FF-4D71-81A3-0E1AA3EE8E97}] => (Allow) LPort=57211
FirewallRules: [{4BAF74C4-AAD9-4E61-BFCB-174755911ECA}] => (Allow) LPort=57212
FirewallRules: [{D9475071-4577-417E-9077-116182A978AC}] => (Allow) LPort=57213
FirewallRules: [{ADD4DB77-B8DE-4C71-978E-DB395323390C}] => (Allow) LPort=57214
FirewallRules: [{290893F2-6E34-402E-960A-C4F91CAFF9D0}] => (Allow) LPort=57215
FirewallRules: [{8A141AD4-F1B6-4AA6-A133-2A95F3BE1ED9}] => (Allow) LPort=57216
FirewallRules: [{8420F260-B6E9-4FC2-B9B1-E12CB2941B5B}] => (Allow) LPort=57217
FirewallRules: [{63D8635D-5B63-4AB9-9AB7-8E8CE75E83B0}] => (Allow) LPort=57218
FirewallRules: [{AE9DAE80-A1D4-4FA5-8D13-7E7C2D22CA3B}] => (Allow) LPort=23007
FirewallRules: [{0FC5F4B4-40EA-4E4F-9622-46AC24AE030A}] => (Allow) LPort=23008
FirewallRules: [{BA9CA895-3A3F-4A81-A63B-7A026A10540D}] => (Allow) LPort=33009
FirewallRules: [{78527F6F-DBFE-4557-BEF9-4CF7073DB422}] => (Allow) LPort=33010
FirewallRules: [{0ECA6733-D950-4513-9666-C16A18379EE0}] => (Allow) LPort=33011
FirewallRules: [{D514889F-7CBA-4B42-8504-EC2515EFCCE7}] => (Allow) LPort=43012
FirewallRules: [{6B610729-5A59-4D2D-A186-458C65ABDC92}] => (Allow) LPort=43013
FirewallRules: [{5178EC68-E51C-4E10-A5FA-BED072AD437C}] => (Allow) LPort=53014
FirewallRules: [{2411528E-C292-4A27-B557-57C277EA9788}] => (Allow) LPort=53015
FirewallRules: [{DD975457-949F-400A-8D0C-63E79543D8CA}] => (Allow) LPort=53016
FirewallRules: [{8A97C1E7-4B11-47D3-BBC7-8E822533A567}] => (Allow) LPort=23007
FirewallRules: [{85C5D65C-5D6B-4DAF-801C-DA284C785873}] => (Allow) LPort=23008
FirewallRules: [{C9D1A772-F964-422F-B332-98432AB0E25D}] => (Allow) LPort=33009
FirewallRules: [{C84AABC6-42CD-44A0-838F-CAA4DACCEFC1}] => (Allow) LPort=33010
FirewallRules: [{AF9D6D83-AD5D-49FD-A866-64149CD31020}] => (Allow) LPort=33011
FirewallRules: [{C5CE2CE1-74C7-4B49-BD17-4330C7A8A27E}] => (Allow) LPort=43012
FirewallRules: [{FD1C1264-278D-4887-BC14-D30D8A8AA5E2}] => (Allow) LPort=43013
FirewallRules: [{B751B608-A00A-4824-8E87-9C2AA0CD6029}] => (Allow) LPort=53014
FirewallRules: [{B6067CEB-168F-4855-A563-FCEA1DC5280D}] => (Allow) LPort=53015
FirewallRules: [{937A9C2D-C492-43DC-AD73-34EB87112342}] => (Allow) LPort=53016
FirewallRules: [{042D6D10-9718-4552-88F4-59E6CD8C9082}] => (Allow) LPort=50053
FirewallRules: [{ED9287C7-B13A-4137-BB40-393B1572BBBB}] => (Allow) LPort=50053AlternateStreamView by Nirsoft
- Download AlternateStreamView for 64-bit systems and save it to your Desktop
- Right click on the folder and select Extract All...
- Right click on AlternateStreamView (Application) and select Run as administrator
- In the Scan Options box copy and paste the following:
Code:
C:\Users\Retrogamer87 SSD\AppData\- Check Scan Subfolders
- Click Scan
- Click Edit, then Select All
- Click File, then Save Selected Items
- Save the file on your Desktop at ADS
- Copy and paste the contents of the report in your reply
In your next reply, please include:
- ADS report
I don't know about these FirewallRules keys, the name of the software that belongs to them is not described.
AlternateStreamView Scan C:\Users\Retrogamer87 SSD\AppData\
0 results
AlternateStreamView Scan C:\Users\Retrogamer87 SSD\AppData\
0 results
And here I am waiting for the result:
Scan with SecurityCheck by glax24
Scan with SecurityCheck by glax24
- Temporarily disable Microsoft SmartScreen only if it blocks the download of the software. The program is safe
- Download SecurityCheck by glax24 from here
- If SmartScreen blocks the file from running click on More info and Run anyway
- This tool is safe. Smartscreen is overly sensitive. You can check the VirusTotal scan of the tool from here
- Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow it to run
- Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply.
- You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt
- SecurityCheck.txt
SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
WebSite: www.safezone.cc
DateLog: 19.10.2025 09:41:10
Path starting: C:\Users\Retrogamer87 SSD\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Retrogamer87 SSD
VersionXML: 4.73s-27.10.2017
___________________________________________________________________________
Windows 10(6.3.19045) (x64) Professional Release: 2009 Lang: Portuguese(0416)
Installation date OS: 02.09.2023 17:44:54
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [475.9 Gb] Used: [426.8 Gb] Free: [49.1 Gb]
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 5.2.3.156 v.5.2.3.156
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 25.01 (x64) v.25.01 [+]
VLC media player v.3.0.21 [+]
WinRAR 7.13 (64-bit) v.7.13.0 [+]
--------------------------------- [ IM ] ----------------------------------
Telegram Desktop v.6.1.3 [+]
--------------------------------- [ P2P ] ---------------------------------
qBittorrent v.5.0.2 Warning! P2P-client.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.141.0.7390.108 [+]
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\Google\Chrome\Application\chrome.exe v.141.0.7390.108
------------------ [ AntivirusFirewallProcessServices ] -------------------
Malwarebytes Service (MBAMService) - The service has stopped
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25090.3009-0\MsMpEng.exe v.4.18.25090.3009
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25090.3009-0\NisSrv.exe v.4.18.25090.3009
Serviço Microsoft Defender Antivírus (WinDefend) - The service is running
Serviço de Inspeção de Rede do Microsoft Defender Antivírus (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
BlueStacks v.5.22.91.1029 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
Driver Booster 12 v.12.6.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
JDownloader 2 v.2.0.1 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------
WebSite: www.safezone.cc
DateLog: 19.10.2025 09:41:10
Path starting: C:\Users\Retrogamer87 SSD\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Retrogamer87 SSD
VersionXML: 4.73s-27.10.2017
___________________________________________________________________________
Windows 10(6.3.19045) (x64) Professional Release: 2009 Lang: Portuguese(0416)
Installation date OS: 02.09.2023 17:44:54
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [475.9 Gb] Used: [426.8 Gb] Free: [49.1 Gb]
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 5.2.3.156 v.5.2.3.156
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 25.01 (x64) v.25.01 [+]
VLC media player v.3.0.21 [+]
WinRAR 7.13 (64-bit) v.7.13.0 [+]
--------------------------------- [ IM ] ----------------------------------
Telegram Desktop v.6.1.3 [+]
--------------------------------- [ P2P ] ---------------------------------
qBittorrent v.5.0.2 Warning! P2P-client.
------------------------------- [ Browser ] -------------------------------
Google Chrome v.141.0.7390.108 [+]
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\Google\Chrome\Application\chrome.exe v.141.0.7390.108
------------------ [ AntivirusFirewallProcessServices ] -------------------
Malwarebytes Service (MBAMService) - The service has stopped
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25090.3009-0\MsMpEng.exe v.4.18.25090.3009
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25090.3009-0\NisSrv.exe v.4.18.25090.3009
Serviço Microsoft Defender Antivírus (WinDefend) - The service is running
Serviço de Inspeção de Rede do Microsoft Defender Antivírus (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
BlueStacks v.5.22.91.1029 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
Driver Booster 12 v.12.6.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
JDownloader 2 v.2.0.1 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------
I've been using Bluestacks, Qbitorrent, and JDownloader for a long time. I've run scans with Malwarebytes Free and AdwCleaner, but I've never found any malware related to them.
I wanted to find out if my PC had active malware between late 2024 and September 2025. In September, Microsoft Defender detected AppData\Roaming\Secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml). It removed the threat. After that, I used Farbar, SecurityCheck, and AlternateStreamView by Nirsoft.
Before Defender detected it, I used Kaspersky Free, Malwarebytes Free, and AdwCleaner, but they didn't detect this DLL.
There's another file, Caller.exe, that Defender says isn't malicious, but VirusTotal shows two detections. exe pratically same folder AppData\Roaming\Secure\QtWebKit4.dll
I wanted to find out if my PC had active malware between late 2024 and September 2025. In September, Microsoft Defender detected AppData\Roaming\Secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml). It removed the threat. After that, I used Farbar, SecurityCheck, and AlternateStreamView by Nirsoft.
Before Defender detected it, I used Kaspersky Free, Malwarebytes Free, and AdwCleaner, but they didn't detect this DLL.
There's another file, Caller.exe, that Defender says isn't malicious, but VirusTotal shows two detections. exe pratically same folder AppData\Roaming\Secure\QtWebKit4.dll
Attachments
Sorry, you are looking for help in other forums..! This is extremely disrespectful..! This topic closes..!
www.bleepingcomputer.com
forum.eset.com
community.spiceworks.com
Question malware found in file - Page 2 - Virus, Trojan, Spyware, and Malware Removal Help
Page 2 of 2 - Question malware found in file - posted in Virus, Trojan, Spyware, and Malware Removal Help: Please read and reply to what I posted in Post #13.
Question files malware detected by defender - Microsoft Q&A
I used to use Kaspersky Free and Malwarebytes Free, but they never detected these files as malicious in their scans. Now I use Microsoft Defender. In the first full scan, it detected this file: AppData\Roaming\Secure\QtWebKit4.dll…
learn.microsoft.com
Question malware found
I ran a full scan with Microsoft Defender on my PC and it found the unique file AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml). But before using Defender, I had run a full scan with Malwarebytes Free and Kaspersky Free and found nothing. Why did it detect this now? Is this type ...
forum.eset.com
Detection malware question
I ran a full scan with Microsoft Defender on my PC and it found the unique file AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml). But before using Defender, I had run a full scan with Malwarebytes Free and Kaspersky Free and found nothing. Why did it detect this now? Is this...
community.spiceworks.com
Last edited:
- Status
You may also like...
-
Help Needed: Suspicious Activity & Possible Malware on Windows 10 PC- Started by Thomas Ellias
- Replies: 4
-
-
-
Microsoft Defender Antivirus feat AI Defender- Started by Shadowra
- Replies: 13
-
