Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: New ErrTraffic service enables ClickFix attacks via fake browser glitches

Featured Deal: This PDF editor alternative is only $40 for a lifetime subscription

Latest Buyer's Guide: Best VPNs in 2025

Question malware found in file

Started by cloudff7 , Oct 08 2025 05:50 PM

This topic is locked

29 replies to this topic

#1 cloudff7

Members
83 posts
OFFLINE

Local time:04:21 AM

Posted 08 October 2025 - 05:50 PM

I ran a full scan with Microsoft Defender on my PC and it found the file AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml).

But before using Defender, I had run a full scan with Malwarebytes Free and Kaspersky Free and found nothing. Why did it detect this now?

Is this type of malware the kind that modifies, deletes, or corrupts files on the PC?

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
61,652 posts
OFFLINE

Gender:Male
Location:California
Local time:11:21 PM

Posted 08 October 2025 - 06:17 PM

Greetings and :welcome:

to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
It is important to not run any tools or take any steps other than those I will provide for you.
Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
Please copy and paste all logs into your post unless otherwise requested.
When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Let's take a look at your system. Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

Download Farbar Recover Scan Tool for 64 bit systems and note where the file is saved (Desktop, Downloads, etc.) <<< Important
If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
Right click on the icon and select Run as administrator
Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
Click Yes to the disclaimer
Click Scan and allow the program to run
Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
2 Notepad documents should now be open on your desktop.
Please copy and paste the contents of each report in separate reply windows

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

FRST.txt
Addition.txt

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#3 cloudff7

Topic Starter

Members
83 posts
OFFLINE

Local time:04:21 AM

Posted 08 October 2025 - 06:26 PM

Farbar Recover Scan Tool is trojan Microsoft Defender detect

my question AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml)

I had run a full scan with Malwarebytes Free and Kaspersky Free and found nothing. Why did it detect this now?

Is this type of malware the kind that modifies, deletes, or corrupts files on the PC?

Edited by cloudff7, 08 October 2025 - 06:27 PM.

#4 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
61,652 posts
OFFLINE

Gender:Male
Location:California
Local time:11:21 PM

Posted 08 October 2025 - 06:48 PM

Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option

#5 cloudff7

Topic Starter

Members
83 posts
OFFLINE

Local time:04:21 AM

Posted 08 October 2025 - 06:50 PM

Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option

Microsoft Defender automatically remove this file no possibly open

#6 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
61,652 posts
OFFLINE

Gender:Male
Location:California
Local time:11:21 PM

Posted 08 October 2025 - 07:06 PM

Please see How to Add Exclusions in Windows Defender.

#7 cloudff7

Topic Starter

Members
83 posts
OFFLINE

Local time:04:21 AM

Posted 08 October 2025 - 07:21 PM

I managed to exclude this file in the defender scan but the defender quarantined QtWebKit4.dll. I tried to repair it but got an error and I couldn't restore the file to scan it.Farbar Recover Scan Tool

before i tested

https://www.virustotal.com/gui/file/935cd9070679168cfcea6aea40d68294ae5f44c551cee971e69dc32f0d7ce14b?nocache=1

https://hybrid-analysis.com/sample/935cd9070679168cfcea6aea40d68294ae5f44c551cee971e69dc32f0d7ce14b

Edited by cloudff7, 08 October 2025 - 07:22 PM.

#8 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
61,652 posts
OFFLINE

Gender:Male
Location:California
Local time:11:21 PM

Posted 08 October 2025 - 07:56 PM

Are you able to run FRST64 as instructed in Post #2?

#9 cloudff7

Topic Starter

Members
83 posts
OFFLINE

Local time:04:21 AM

Posted 09 October 2025 - 05:11 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2025
Ran by Retrogamer87 SSD (administrator) on DESKTOP-3DM2P71 (09-10-2025 07:06:47)
Running from C:\Users\Retrogamer87 SSD\Desktop\FRST64english.exe
Loaded Profiles: Retrogamer87 SSD
Platform: Microsoft Windows 10 Pro Version 22H2 19045.6396 (X64) Language: Português (Brasil)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Windows\runSW.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <106>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Piriform\CCleaner 7\CCleaner_service.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exe
(services.exe ->) (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD) C:\Program Files\Topaz OFD\Warsaw\core.exe <2>
(svchost.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Piriform\CCleaner 7\CCleaner.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Reader_Sl] => C:\Program Files\Foxit Software\Foxit PDF Reader\reader_sl.exe [4312128 2025-06-29] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
HKLM-x32\...\Run: [OnScreen Control] => C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreenStartUpApp.exe [1823560 2022-08-29] (LG Electronics Inc. -> LG Electronics Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\Run: [MicrosoftEdgeAutoLaunch_8EEAEEB46E33F9779E13CFEFDF016B9D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4265000 2025-10-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\MountPoints2: {e26711fa-72e4-11f0-b6f3-bc5ff4cbae09} - "E:\WifiAutoInstallSetup.exe"
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [154112 2024-04-25] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP c111 Status Monitor: C:\WINDOWS\system32\hpinkstsc111LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\141.0.7390.55\Installer\chrmstp.exe [2025-10-07] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~D Realtek.tmp [2020-12-25] () [File not signed] <==== ATTENTION
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {136F3929-5B5F-4953-BF80-20243B9C01F0} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1708512 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {A79F4C40-F697-4DD7-A840-9EE02D8C3A36} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1708512 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {F47A8EF7-B3EF-493A-A5C8-67651BDD27D9} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302960 2025-07-09] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {8FE60A2E-B021-4B3C-8C2F-A7CD3A5AAD46} - System32\Tasks\Driver Booster SkipUAC (Retrogamer87 SSD) => C:\Program Files (x86)\IObit\Driver Booster\12.6.0\DriverBooster.exe [8295632 2025-07-23] (IObit CO., LTD -> IObit)
Task: {0EBC88FC-8ADF-45E0-AFAA-96C2B9772830} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem142.0.7416.0{BAF0BD8A-51DE-4CFF-A2AD-7EE4DFBD7C80} => C:\Program Files (x86)\Google\GoogleUpdater\142.0.7416.0\updater.exe [6863512 2025-09-15] (Google LLC -> Google LLC)
Task: {0A330237-D390-4D7F-9358-C025A2A37F7F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FAD3B4F2-8341-49E9-90D7-BC23102209F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {302F789E-68B3-4327-B9EB-1EDE598E9C47} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {67533EB3-7369-4BEB-934A-A59C867EF559} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpCmdRun.exe [1778248 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8997E7F0-E9DB-4A2B-8337-4A6FB38A3974} - System32\Tasks\Piriform\CCleaner 7 - S-1-5-21-2307758842-2925553095-3651173823-1001 => C:\Program Files\Piriform\CCleaner 7\CCleaner.exe [4717688 2025-10-07] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {0A930782-7150-4E07-A4C3-52BB3AD42625} - System32\Tasks\Piriform\CCleaner 7 BugReport => C:\Program Files\Piriform\CCleaner 7\CCleanerBugReport.exe [6243960 2025-10-07] (Gen Digital Inc. -> Gen Digital Inc.) -> --send "dumps|report" --product 234 --programpath "C:\Program Files\Piriform\CCleaner 7" --configpath "C:\Program Files\Piriform\CCleaner 7\data" --path "C:\Program Files\Piriform\CCleaner 7\log" --path "C:\Program Files\Piriform\CCleaner 7\data\dumps" --logpath "C:\Program Files\Piriform\CCleaner 7 (the data entry has 58 more characters).
Task: {1927BCC8-5180-4FE8-86C7-EF9C3FFECD3D} - System32\Tasks\Piriform\CCleaner 7 Update => C:\Program Files\Common Files\Piriform\Icarus\piriform-ccl\icarus.exe [8971064 2025-10-02] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {B68F0D0B-728B-4995-BD9D-2BA50980E2DA} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3723600 2025-07-15] (IObit CO., LTD -> IObit)
Task: {82813D3B-0725-4145-B5FD-783C414E2BB3} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [57312 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {E3F39B2A-C2EC-43EE-BB06-4DAD95555DD1} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [263136 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 177.37.220.17 177.37.220.18
Tcpip\..\Interfaces\{2bacfdeb-3e05-4224-a52b-164005dad435}: [DhcpNameServer] 177.37.220.17 177.37.220.18
Tcpip\..\Interfaces\{5fde70cd-dbc3-46f8-9da7-9193dc3f0005}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default [2025-10-09]
Edge DownloadDir: Default -> G:\
Edge Notifications: Default -> hxxps://www.facebook.com; hxxps://www.physicsforums.com
Edge Session Restore: Default -> is enabled.
Edge Extension: (Google Tradutor) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2024-09-09]
Edge Extension: (Kaspersky Protection) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2025-10-04]
Edge Extension: (Free Download Manager) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2025-05-27]
Edge Extension: (Disable automatic tab discarding) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dnhngfnfolbmhgealdpolmhimnoliiok [2024-06-25]
Edge Extension: (MetaMask) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2025-05-27]
Edge Extension: (WA Web Plus by Elbruz Technologies) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ekcgkejcjdcmonfpmnljobemcbpnkamh [2025-09-26]
Edge Extension: (Browsec VPN - Free VPN for Edge) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fjnehcbecaggobjholekjijaaekbnlgj [2025-10-08]
Edge Extension: (Segurança do navegador Avira) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2024-08-20]
Edge Extension: (Documentos Google off-line) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-17]
Edge Extension: (Adblock Plus - bloqueador de anúncios grátis) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2025-10-04]
Edge Extension: (Tampermonkey) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iikmkjmpaadaobahmlepeloendndfphd [2025-10-08]
Edge Extension: (Edge relevant text changes) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-25]
Edge Extension: (Video DownloadHelper) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmkaglaafmhbcpleggkmaliipiilhldn [2025-10-09]
Edge Extension: (Auto Replay for YouTube™) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mcdpnidfhfjfbafmpppcplcejgepadbo [2022-07-18]
Edge Profile: C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2025-09-20]
Edge Extension: (Kaspersky Protection) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2024-01-10]
Edge Extension: (Documentos Google off-line) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-10]
Edge Extension: (Edge relevant text changes) - C:\Users\Retrogamer87 SSD\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-10]
Edge HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]

FireFox:
========
FF DefaultProfile: l66dl1iw.default
FF ProfilePath: C:\Users\Retrogamer87 SSD\AppData\Roaming\Mozilla\Firefox\Profiles\l66dl1iw.default [2025-01-10]
FF ProfilePath: C:\Users\Retrogamer87 SSD\AppData\Roaming\Mozilla\Firefox\Profiles\36sd0zyw.default-release-1733611670702 [2025-10-08]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-08-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2025-01-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2024-12-07] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2024-12-07] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default [2025-10-09]
CHR DownloadDir: G:\
CHR Notifications: Default -> hxxps://antiqueradios.com; hxxps://app.element.io; hxxps://chat.movidesk.com; hxxps://community.academydigitalpreservationforum.org; hxxps://community.element14.com; hxxps://community.sparkfun.com; hxxps://community.spiceworks.com; hxxps://community.synology.com; hxxps://community.wd.com; hxxps://eletronica2002.forumeiros.com; hxxps://eletronicabr.com; hxxps://engineerboards.com; hxxps://forum.adrenaline.com.br; hxxps://forum.arduino.cc; hxxps://forum.contextualelectronics.com; hxxps://forum.core-electronics.com.au; hxxps://forum.digikey.com; hxxps://forum.headphones.com; hxxps://forum.hifiguides.com; hxxps://forum.level1techs.com; hxxps://forum.outerspace.com.br; hxxps://forum.pedalpcb.com; hxxps://forum.zwame.pt; hxxps://forums.anandtech.com; hxxps://forums.libretro.com; hxxps://forums.overclockers.co.uk; hxxps://forums.truenas.com; hxxps://gbatemp.net; hxxps://h5-global.alimebot.aliexpress.com; hxxps://hackaday.io; hxxps://hardlevel.com.br; hxxps://itsfoss.community; hxxps://linustechtips.com; hxxps://mail.google.com; hxxps://malwaretips.com; hxxps://pchelpforum.net; hxxps://physicshelpforum.com; hxxps://pir2.forumeiros.com; hxxps://profes.com.br; hxxps://qltuh.alpenridge.top; hxxps://shopee.com.br; hxxps://smallseotools.com; hxxps://thewindowsforum.com; hxxps://web.telegram.org; hxxps://web.whatsapp.com; hxxps://windows10.help; hxxps://windowsforum.com; hxxps://www.airdroid.com; hxxps://www.avforums.com; hxxps://www.candlepowerforums.com; hxxps://www.clubedohardware.com.br; hxxps://www.edaboard.com; hxxps://www.electronics-talk.com; hxxps://www.elektroda.com; hxxps://www.elektroda.pl; hxxps://www.facebook.com; hxxps://www.hardwareluxx.de; hxxps://www.joom.com; hxxps://www.kwai.com; hxxps://www.metropoles.com; hxxps://www.pcreview.co.uk; hxxps://www.physicsforums.com; hxxps://www.seagate.com; hxxps://www.snbforums.com; hxxps://www.synoforum.com; hxxps://www.technibble.com; hxxps://www.techpowerup.com; hxxps://www.tenforums.com; hxxps://www.tenorshare.net; hxxps://x.com
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Tradutor) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2024-09-05]
CHR Extension: (Kaspersky Protection) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2025-10-02]
CHR Extension: (uBlock Origin Lite) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkjiahejlhfcafbddmgiahcphecmpfh [2025-10-07]
CHR Extension: (Tampermonkey) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2025-10-08]
CHR Extension: (WA Web Plus by Elbruz Technologies) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekcgkejcjdcmonfpmnljobemcbpnkamh [2025-09-22]
CHR Extension: (baixador de vídeo - CocoCut) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhbcipncbkfpkaianbjbcbmfehjflpf [2025-09-16]
CHR Extension: (Documentos Google off-line) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-09-16]
CHR Extension: (ChatGPT para PDF) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiiildgldbpfbegcfgemoliikibfhaeh [2025-09-25]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-28]
CHR Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2025-09-16]
CHR Profile: C:\Users\Retrogamer87 SSD\AppData\Local\Google\Chrome\User Data\System Profile [2024-12-06]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CCleaner7; C:\Program Files\Piriform\CCleaner 7\CCleaner_service.exe [28280440 2025-10-07] (Gen Digital Inc. -> Gen Digital Inc.)
R2 FoxitReaderUpdateService; C:\Program Files\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [3069024 2025-07-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 GameInputRedistService; C:\Program Files\Microsoft GameInput\x64\GameInputRedistService.exe [137616 2025-09-08] (Microsoft Corporation -> Microsoft Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9441760 2024-12-07] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-12-07] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.25080.5-0\MpDefenderCoreService.exe [2009656 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2025-08-06] (Realtek Semiconductor Corp -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [803064 2025-09-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 ucldr_mirm_gl; C:\Program Files\Common Files\Wellbia.com\ucldr_mirm_gl.exe [5551144 2023-01-30] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S4 ucldr_MirTrilogy4_GL; C:\Program Files\Common Files\UNCHEATER\ucldr_MirTrilogy4_GL.exe [6705392 2022-03-30] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R2 Warsaw Technology; C:\Program Files\Topaz OFD\Warsaw\core.exe [999736 2024-05-08] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.25080.5-0\NisSrv.exe [4414464 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WifiAutoInstallSrv; C:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exe [124864 2017-07-31] (Realtek Semiconductor Corp. -> Realtek)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.25080.5-0\MsMpEng.exe [282480 2025-10-08] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [63096 2022-02-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2014-07-30] (ASROCK Incorporation -> ASRock Inc.)
S3 AxtuDrv; C:\WINDOWS\SysWOW64\Drivers\AxtuDrv.sys [21768 2022-04-12] (ASROCK Incorporation -> RW-Everything)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [394272 2025-07-09] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [333216 2025-10-08] (Microsoft Windows -> Microsoft Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [21208 2022-12-26] (北京铠信神州科技有限责任公司 -> )
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2021-03-26] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2021-03-26] (MiniTool Solution Ltd -> )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [12433696 2025-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2025-04-22] (IObit Information Technology -> IObit)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20880 2025-10-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [627104 2025-10-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [102816 2025-10-08] (Microsoft Windows -> Microsoft Corporation)
R2 WiseFs; C:\WINDOWS\WiseFs64.sys [50928 2025-09-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [45552 2025-10-08] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [54776 2025-06-09] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [59904 2025-10-08] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [54272 2025-06-02] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [1432232 2023-03-12] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X] <==== ATTENTION
S3 iobit_monitor_server2021; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-10-09 07:02 - 2025-10-09 07:03 - 000057572 _____ C:\Users\Retrogamer87 SSD\Desktop\Addition.txt
2025-10-09 06:59 - 2025-10-09 07:07 - 000027888 _____ C:\Users\Retrogamer87 SSD\Desktop\FRST.txt
2025-10-09 06:52 - 2025-10-09 06:56 - 000000521 _____ C:\Users\Retrogamer87 SSD\Desktop\Search.txt
2025-10-08 21:10 - 2025-10-08 21:10 - 002442752 _____ (Farbar) C:\Users\Retrogamer87 SSD\Desktop\FRST64english.exe
2025-10-08 12:05 - 2025-10-08 12:06 - 000987293 _____ C:\Users\Retrogamer87 SSD\Downloads\guias aurivania.pdf
2025-10-08 10:05 - 2025-10-08 10:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\RapidCRC
2025-10-07 20:40 - 2025-10-07 20:40 - 000000000 ___RD C:\Users\Retrogamer87 SSD\Proton Drive
2025-10-07 20:37 - 2025-10-07 20:37 - 000487317 _____ C:\Users\Retrogamer87 SSD\Downloads\proton-recovery-kit.pdf
2025-10-07 10:27 - 2025-10-07 10:28 - 495697853 _____ C:\Users\Retrogamer87 SSD\Desktop\Digerati.rar
2025-10-07 10:18 - 2025-10-07 13:40 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\JAM Software
2025-10-07 08:04 - 2025-10-07 08:04 - 000002158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 7.lnk
2025-10-07 08:04 - 2025-10-07 08:04 - 000002146 _____ C:\Users\Public\Desktop\CCleaner 7.lnk
2025-10-07 08:04 - 2025-10-07 08:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Piriform
2025-10-07 08:04 - 2025-10-07 08:04 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\CCleaner
2025-10-07 08:03 - 2025-10-07 08:03 - 000055064 _____ (Gen Digital Inc.) C:\WINDOWS\system32\icarus_rvrt.exe
2025-10-07 08:03 - 2025-10-07 08:03 - 000000000 ____D C:\Program Files\Piriform
2025-10-07 08:03 - 2025-10-07 08:03 - 000000000 ____D C:\Program Files\Common Files\Piriform
2025-10-06 14:25 - 2025-10-06 14:26 - 000069460 _____ C:\Users\Retrogamer87 SSD\Downloads\maria tia.ogg
2025-10-04 12:40 - 2025-10-04 12:40 - 000002516 _____ C:\Users\Retrogamer87 SSD\Desktop\balenaEtcher.lnk
2025-10-04 12:39 - 2025-10-04 12:40 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\balena_etcher
2025-10-04 12:27 - 2025-10-04 12:27 - 000000000 ____D C:\Program Files\TeraCopy
2025-10-03 20:20 - 2025-10-03 20:20 - 000000000 ___HD C:\$Windows.~WS
2025-10-03 19:52 - 2025-10-04 12:27 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\TeraCopy
2025-10-03 19:52 - 2025-10-03 19:52 - 000000000 ___HD C:\Users\Retrogamer87 SSD\AppData\Roaming\Obsidium x64
2025-10-03 19:52 - 2025-10-03 19:52 - 000000000 ___HD C:\Users\Retrogamer87 SSD\.obs64
2025-10-03 19:52 - 2025-10-03 19:52 - 000000000 ____D C:\ProgramData\Code Sector
2025-10-03 19:52 - 2025-10-03 19:52 - 000000000 ____D C:\ProgramData\Caphyon
2025-09-25 19:48 - 2025-09-29 12:26 - 000000000 ____D C:\ESD
2025-09-22 08:58 - 2025-09-22 08:58 - 000000000 ____D C:\ProgramData\CPUID Software
2025-09-19 20:17 - 2025-09-19 20:17 - 000936918 _____ C:\Users\Retrogamer87 SSD\Downloads\EP-AX1672_Instruction Manual _ English.pdf
2025-09-19 20:15 - 2025-09-19 20:15 - 000394470 _____ C:\Users\Retrogamer87 SSD\Downloads\EP-AX1672_Datasheet.pdf
2025-09-16 20:35 - 2025-10-01 12:18 - 000000000 ____D C:\Users\Retrogamer87 SSD\Downloads\HDs Externos 2025
2025-09-16 14:04 - 2025-09-16 14:04 - 009616736 _____ (Malwarebytes) C:\Users\Retrogamer87 SSD\Desktop\adwcleaner(1).exe
2025-09-13 20:27 - 2025-09-13 20:27 - 000001110 _____ C:\Users\Retrogamer87 SSD\Desktop\Telegram.lnk
2025-09-13 20:26 - 2025-09-13 20:26 - 000001287 _____ C:\Users\Public\Desktop\Wise Folder Hider.lnk
2025-09-13 20:26 - 2025-09-13 20:26 - 000000000 ____D C:\Program Files\Windows Kits
2025-09-13 20:26 - 2025-09-13 20:26 - 000000000 ____D C:\Program Files\Microsoft GameInput
2025-09-13 20:25 - 2025-09-16 14:20 - 000002528 _____ C:\WINDOWS\system32\Tasks\SmartDefrag_Update
2025-09-13 20:25 - 2025-09-13 20:25 - 000001235 _____ C:\Users\Public\Desktop\Smart Defrag 11.lnk
2025-09-13 20:25 - 2025-04-22 13:14 - 000178960 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2025-09-13 20:25 - 2025-04-22 13:14 - 000030744 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2025-09-13 20:23 - 2025-09-13 20:23 - 000001147 _____ C:\Users\Public\Desktop\Foxit PDF Reader.lnk
2025-09-13 20:23 - 2025-09-13 20:23 - 000000000 ____D C:\Users\Public\Documents\Foxit Software
2025-09-13 20:23 - 2025-09-13 20:23 - 000000000 ____D C:\Program Files\Foxit Software
2025-09-13 20:23 - 2025-09-13 20:23 - 000000000 ____D C:\Program Files\Common Files\Foxit
2025-09-13 20:21 - 2025-09-16 14:20 - 000002856 _____ C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Retrogamer87 SSD)
2025-09-13 20:21 - 2025-09-13 20:21 - 000002364 _____ C:\Users\Public\Desktop\Driver Booster 12.lnk
2025-09-13 20:21 - 2025-09-13 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 12
2025-09-13 20:20 - 2025-09-13 20:20 - 000001743 _____ C:\Users\Retrogamer87 SSD\Desktop\MPC-HC x64.lnk
2025-09-13 20:20 - 2025-09-13 20:20 - 000001252 _____ C:\Users\Retrogamer87 SSD\Desktop\AIDA64 Extreme.lnk
2025-09-13 20:20 - 2025-07-28 06:26 - 000667856 _____ (Alexander Roshal) C:\Program Files (x86)\RarExt.dll
2025-09-13 20:20 - 2025-07-28 06:26 - 000555728 _____ (Alexander Roshal) C:\Program Files (x86)\RarExt32.dll
2025-09-13 20:20 - 2024-11-17 19:08 - 000208504 _____ C:\Program Files (x86)\winrar.lng
2025-09-13 20:20 - 2024-11-14 18:51 - 000062864 _____ C:\Program Files (x86)\rar.lng
2025-09-13 20:20 - 2024-11-11 08:41 - 000016126 _____ C:\Program Files (x86)\uninstall.lng
2025-09-13 20:20 - 2023-11-23 17:24 - 000015144 _____ C:\Program Files (x86)\sfx.lng
2025-09-13 20:20 - 2023-01-23 12:13 - 000006370 _____ C:\Program Files (x86)\rarext.lng
2025-09-13 20:19 - 2025-09-13 20:19 - 000001851 _____ C:\Users\Retrogamer87 SSD\Desktop\CrystalDiskMark 9.lnk
2025-09-13 20:19 - 2025-09-13 20:19 - 000001830 _____ C:\Users\Retrogamer87 SSD\Desktop\CrystalDiskInfo.lnk
2025-09-13 20:19 - 2025-09-13 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSmartControl
2025-09-13 20:19 - 2025-09-13 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskMark9
2025-09-13 20:19 - 2025-09-13 20:19 - 000000000 ____D C:\Program Files\CrystalDiskMark9
2025-09-13 20:18 - 2025-09-16 14:20 - 000003018 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper_nxt
2025-09-13 20:18 - 2025-09-13 20:18 - 000002111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2025-09-13 20:18 - 2025-09-13 20:18 - 000002099 _____ C:\Users\Public\Desktop\BlueStacks Multi-Instance Manager.lnk
2025-09-13 20:18 - 2025-09-13 20:18 - 000002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk
2025-09-13 20:18 - 2025-09-13 20:18 - 000001979 _____ C:\Users\Public\Desktop\BlueStacks 5.lnk
2025-09-13 20:18 - 2025-09-13 20:18 - 000000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2025-09-13 20:17 - 2025-09-13 20:18 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2025-09-13 20:17 - 2025-09-13 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Store
2025-09-13 20:17 - 2025-09-13 20:17 - 000000000 ____D C:\Program5
2025-09-13 20:16 - 2025-09-13 20:17 - 000000000 ____D C:\Program Files\BlueStacks_nxt
2025-09-13 16:23 - 2025-10-08 15:05 - 000059904 ____N (Topaz OFD) C:\WINDOWS\system32\Drivers\wsddpp.sys
2025-09-13 16:23 - 2025-06-09 17:11 - 000054776 _____ (Topaz OFD) C:\WINDOWS\system32\Drivers\wsddntf.sys
2025-09-13 16:23 - 2025-06-02 11:12 - 000054272 ____N (Topaz OFD) C:\WINDOWS\system32\Drivers\wsddprm.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-10-09 07:07 - 2021-01-04 13:08 - 000000000 ____D C:\FRST
2025-10-09 06:44 - 2025-02-10 09:36 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\ChomikBox
2025-10-09 06:37 - 2023-09-02 14:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-10-09 04:10 - 2023-05-05 09:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-10-08 22:34 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-10-08 22:34 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-10-08 21:17 - 2024-12-08 15:22 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\secure
2025-10-08 15:48 - 2022-03-28 15:35 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\D3DSCache
2025-10-08 15:34 - 2025-02-12 16:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\Downloads\HDD 2.5
2025-10-08 15:11 - 2025-02-10 09:36 - 000000000 ____D C:\Users\Retrogamer87 SSD\.gstreamer-0.10
2025-10-08 15:10 - 2023-09-02 14:45 - 001741824 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-10-08 15:10 - 2019-12-07 11:53 - 000752436 _____ C:\WINDOWS\system32\prfh0416.dat
2025-10-08 15:10 - 2019-12-07 11:53 - 000148550 _____ C:\WINDOWS\system32\prfc0416.dat
2025-10-08 15:10 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF
2025-10-08 15:05 - 2023-09-02 14:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-10-08 15:05 - 2023-01-03 13:17 - 000045552 _____ (Topaz OFD) C:\WINDOWS\system32\Drivers\wsddfac.sys
2025-10-08 15:05 - 2020-11-13 07:42 - 000008192 ___SH C:\DumpStack.log.tmp
2025-10-08 15:04 - 2022-03-29 07:56 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2025-10-08 15:04 - 2022-03-28 15:54 - 000001154 ___SH C:\WINDOWS\wisefs.dat
2025-10-08 15:04 - 2019-12-07 06:03 - 000131072 _____ C:\WINDOWS\system32\config\BBI
2025-10-08 13:29 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-10-08 12:36 - 2022-03-28 15:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-10-08 12:36 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Windows Defender
2025-10-08 12:36 - 2019-12-07 06:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2025-10-08 12:34 - 2022-06-11 12:54 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2025-10-08 12:34 - 2019-12-07 06:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-10-08 12:33 - 2022-03-28 16:10 - 000000000 ____D C:\Program Files\Common Files\AV
2025-10-08 10:10 - 2022-09-17 20:42 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\vlc
2025-10-07 21:57 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-10-07 20:40 - 2023-09-02 14:38 - 000000000 ____D C:\Users\Retrogamer87 SSD
2025-10-07 20:28 - 2025-02-01 17:45 - 000001636 _____ C:\ProgramData\pdinst.ini
2025-10-07 18:14 - 2025-02-15 16:31 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Stella
2025-10-07 10:24 - 2021-12-14 13:25 - 000000000 ____D C:\Users\Retrogamer87 SSD\Desktop\Firmwares e OPL
2025-10-07 10:22 - 2022-12-26 09:47 - 000000000 ____D C:\Users\Retrogamer87 SSD\Desktop\drive
2025-10-07 09:28 - 2022-03-28 16:30 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2025-10-07 08:17 - 2022-03-30 07:27 - 000000000 ____D C:\ProgramData\ProductData
2025-10-07 08:17 - 2022-03-30 07:25 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\IObit
2025-10-07 08:17 - 2022-03-30 07:25 - 000000000 ____D C:\ProgramData\IObit
2025-10-07 08:06 - 2022-05-28 16:30 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\MPC-HC
2025-10-07 08:06 - 2022-04-30 13:35 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\CrashDumps
2025-10-07 08:03 - 2022-07-19 06:03 - 000000000 ____D C:\ProgramData\Piriform
2025-10-07 08:03 - 2022-03-28 16:57 - 000000000 ____D C:\Program Files\CCleaner
2025-10-07 08:02 - 2020-09-29 08:38 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-10-07 08:02 - 2020-09-29 08:38 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-10-06 12:45 - 2025-03-03 07:38 - 000003750 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{49527EF5-0EFA-43FF-8BEC-352339B1F95D}
2025-10-06 12:45 - 2025-03-03 07:38 - 000003624 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{10120E63-E937-48DB-8B1A-1B3D19E10AA9}
2025-10-05 23:13 - 2023-10-26 17:26 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2025-10-04 16:47 - 2020-11-11 20:31 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-10-04 16:47 - 2020-11-11 20:31 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-10-04 12:41 - 2025-03-08 17:07 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\balenaEtcher
2025-10-04 12:40 - 2025-03-08 17:07 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balena Ltd
2025-10-04 12:40 - 2025-03-08 17:06 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\SquirrelTemp
2025-10-03 15:59 - 2023-10-16 20:39 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\Malwarebytes
2025-10-03 09:14 - 2022-07-27 17:28 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\qBittorrent
2025-09-27 16:29 - 2022-03-29 14:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\AMD_Common
2025-09-26 21:43 - 2024-06-15 21:37 - 000000000 ____D C:\WINDOWS\system32\compatrel
2025-09-26 21:43 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\Provisioning
2025-09-26 21:43 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-09-26 21:38 - 2023-09-02 14:41 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-09-19 14:52 - 2025-01-15 13:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\LaunchBox
2025-09-19 14:50 - 2024-05-22 16:31 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2025-09-17 16:51 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2025-09-17 16:20 - 2023-10-18 06:02 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2025-09-16 20:50 - 2024-12-08 15:00 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\JDownloader 2.0
2025-09-16 14:08 - 2023-09-02 14:37 - 000270248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-09-16 14:07 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-09-16 07:07 - 2022-03-28 17:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-09-16 07:03 - 2022-03-28 17:18 - 223939376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-09-13 20:31 - 2022-03-28 15:54 - 000050928 _____ C:\WINDOWS\WiseFs64.sys
2025-09-13 20:27 - 2023-12-09 09:39 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Telegram Desktop
2025-09-13 20:27 - 2021-07-26 08:05 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2025-09-13 20:26 - 2022-03-29 13:58 - 000000000 ____D C:\ProgramData\Package Cache
2025-09-13 20:26 - 2020-09-30 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Folder Hider
2025-09-13 20:25 - 2024-09-22 06:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2025-09-13 20:23 - 2022-03-28 16:02 - 000000000 ____D C:\Users\Public\Foxit Software
2025-09-13 20:23 - 2021-11-04 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Reader
2025-09-13 20:21 - 2025-02-01 17:46 - 000000000 ____D C:\ProgramData\ProductData3
2025-09-13 20:20 - 2023-10-30 20:44 - 000001101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2025-09-13 20:20 - 2023-10-30 20:44 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-09-13 20:20 - 2023-10-30 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-09-13 20:20 - 2022-05-28 16:29 - 000000000 ____D C:\Program Files\MPC-HC
2025-09-13 20:20 - 2021-04-28 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2025-09-13 20:19 - 2023-10-27 09:56 - 000000000 ____D C:\Program Files\GSmartControl
2025-09-13 20:19 - 2023-10-26 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2025-09-13 20:16 - 2022-04-20 10:16 - 000000000 ____D C:\Users\Retrogamer87 SSD\AppData\Local\BlueStacks

==================== Files in the root of some directories ========

2023-06-07 06:02 - 2023-06-07 06:02 - 000032768 _____ () C:\Program Files\LICENSE.txt
2023-06-07 06:04 - 2023-06-07 06:04 - 001493018 _____ () C:\Program Files\NEWS.txt
2023-06-07 06:01 - 2023-06-07 06:01 - 000103192 _____ (Python Software Foundation) C:\Program Files\python.exe
2023-06-07 06:01 - 2023-06-07 06:01 - 000067352 _____ (Python Software Foundation) C:\Program Files\python3.dll
2023-06-07 06:01 - 2023-06-07 06:01 - 005762840 _____ (Python Software Foundation) C:\Program Files\python311.dll
2023-06-07 06:01 - 2023-06-07 06:01 - 000101656 _____ (Python Software Foundation) C:\Program Files\pythonw.exe
2023-06-07 06:02 - 2023-06-07 06:02 - 000109392 _____ (Microsoft Corporation) C:\Program Files\vcruntime140.dll
2023-06-07 06:02 - 2023-06-07 06:02 - 000049520 _____ (Microsoft Corporation) C:\Program Files\vcruntime140_1.dll
2023-10-30 20:44 - 2025-07-24 07:34 - 000228048 _____ (Igor Pavlov) C:\Program Files (x86)\7zxa.dll
2023-10-30 20:44 - 2025-07-24 17:48 - 000497448 _____ () C:\Program Files (x86)\Default.SFX
2024-10-02 12:23 - 2025-07-24 17:48 - 000402216 _____ () C:\Program Files (x86)\Default32.SFX
2023-10-30 20:44 - 2023-09-18 10:26 - 000399870 _____ () C:\Program Files (x86)\Default64.SFX
2023-10-30 20:44 - 2024-11-10 23:17 - 000001892 _____ () C:\Program Files (x86)\Descript.ion
2023-10-30 20:44 - 2014-06-11 08:45 - 000007435 _____ () C:\Program Files (x86)\License.txt
2023-10-30 20:44 - 2025-03-25 00:30 - 000003927 _____ () C:\Program Files (x86)\Order.htm
2023-10-30 20:44 - 2025-07-28 06:26 - 000835792 _____ (Alexander Roshal) C:\Program Files (x86)\Rar.exe
2025-09-13 20:20 - 2024-11-14 18:51 - 000062864 _____ () C:\Program Files (x86)\rar.lng
2023-10-30 20:44 - 2025-03-25 00:35 - 000125942 _____ () C:\Program Files (x86)\Rar.txt
2025-09-13 20:20 - 2025-07-28 06:26 - 000667856 _____ (Alexander Roshal) C:\Program Files (x86)\RarExt.dll
2025-09-13 20:20 - 2023-01-23 12:13 - 000006370 _____ () C:\Program Files (x86)\rarext.lng
2025-09-13 20:20 - 2025-07-28 06:26 - 000555728 _____ (Alexander Roshal) C:\Program Files (x86)\RarExt32.dll
2023-10-30 20:44 - 2025-07-28 06:26 - 000223952 _____ (Alexander Roshal) C:\Program Files (x86)\RarExtInstaller.exe
2023-10-30 20:44 - 2021-08-17 15:32 - 000001190 _____ () C:\Program Files (x86)\RarExtInstaller.exe.manifest
2023-10-30 20:44 - 2021-10-21 13:36 - 000002183 _____ () C:\Program Files (x86)\RarExtLogo.altform-unplated_targetsize-32.png
2023-10-30 20:44 - 2021-10-21 13:36 - 000004179 _____ () C:\Program Files (x86)\RarExtLogo.altform-unplated_targetsize-48.png
2023-10-30 20:44 - 2021-10-21 14:54 - 000006234 _____ () C:\Program Files (x86)\RarExtLogo.altform-unplated_targetsize-64.png
2023-10-30 20:44 - 2025-07-28 06:25 - 000024444 _____ () C:\Program Files (x86)\RarExtPackage.msix
2023-10-30 20:44 - 2023-11-23 17:30 - 000001430 _____ () C:\Program Files (x86)\RarFiles.lst
2023-10-30 20:44 - 2023-10-30 20:44 - 000000024 _____ () C:\Program Files (x86)\rarnew.dat
2023-10-30 20:44 - 2021-11-16 08:19 - 000001485 _____ () C:\Program Files (x86)\ReadMe.txt
2023-10-30 20:44 - 2025-02-26 05:39 - 000001640 _____ () C:\Program Files (x86)\Resources.pri
2025-09-13 20:20 - 2023-11-23 17:24 - 000015144 _____ () C:\Program Files (x86)\sfx.lng
2023-10-30 20:44 - 2025-07-28 06:26 - 000412368 _____ (Alexander Roshal) C:\Program Files (x86)\Uninstall.exe
2025-09-13 20:20 - 2024-11-11 08:41 - 000016126 _____ () C:\Program Files (x86)\uninstall.lng
2023-10-30 20:44 - 2023-11-23 16:42 - 000000793 _____ () C:\Program Files (x86)\Uninstall.lst
2023-10-30 20:44 - 2025-07-28 06:26 - 000561872 _____ (Alexander Roshal) C:\Program Files (x86)\UnRAR.exe
2022-03-28 15:50 - 2006-04-14 18:54 - 000000157 _____ () C:\Program Files (x86)\UnrarSrc.txt
2023-10-30 20:44 - 2025-07-28 06:22 - 000057844 _____ () C:\Program Files (x86)\WhatsNew.txt
2023-10-30 20:44 - 2025-07-24 17:49 - 000487312 _____ (Alexander Roshal) C:\Program Files (x86)\WinCon.SFX
2024-10-02 12:23 - 2025-07-24 17:49 - 000404880 _____ (Alexander Roshal) C:\Program Files (x86)\WinCon32.SFX
2023-10-30 20:44 - 2023-09-18 10:27 - 000414828 _____ (Alexander Roshal) C:\Program Files (x86)\WinCon64.SFX
2023-10-30 20:44 - 2025-03-25 00:26 - 002520782 _____ () C:\Program Files (x86)\WinRAR.chm
2023-10-30 20:44 - 2025-07-28 06:26 - 003412176 _____ (Alexander Roshal) C:\Program Files (x86)\WinRAR.exe
2025-09-13 20:20 - 2024-11-17 19:08 - 000208504 _____ () C:\Program Files (x86)\winrar.lng
2023-10-30 20:44 - 2025-07-24 17:48 - 000858408 _____ () C:\Program Files (x86)\Zip.SFX
2024-10-02 12:23 - 2025-07-24 15:40 - 000349184 _____ () C:\Program Files (x86)\Zip32.SFX
2023-10-30 20:44 - 2023-09-18 10:26 - 000337406 _____ () C:\Program Files (x86)\Zip64.SFX
2023-10-30 20:44 - 2023-10-30 20:44 - 000000022 _____ () C:\Program Files (x86)\zipnew.dat
2023-11-18 20:35 - 2023-11-18 20:35 - 000000018 _____ () C:\Users\Retrogamer87 SSD\AppData\Roaming\.cache9050425797200915815.dat
2022-04-01 13:59 - 2022-04-01 13:59 - 000000068 _____ () C:\Users\Retrogamer87 SSD\AppData\Roaming\changzhi_leidian.data
2022-04-01 13:59 - 2022-04-01 13:59 - 000000050 _____ () C:\Users\Retrogamer87 SSD\AppData\Roaming\changzhi_leidianmac.data
2022-10-24 10:35 - 2022-10-24 10:35 - 000000064 _____ () C:\Users\Retrogamer87 SSD\AppData\Roaming\changzhi_mplayer.data
2023-11-03 22:48 - 2023-11-03 22:48 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\llftool.4.40.agreement
2025-02-15 13:57 - 2025-02-15 13:57 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\llftool.4.50.agreement
2023-09-21 05:40 - 2023-09-21 05:40 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\RawCopy.1.10.agreement
2023-09-21 05:47 - 2023-09-21 12:25 - 000000003 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\RawCopy.savedialog.dir
2023-09-21 05:47 - 2023-09-21 12:25 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\RawCopy.savedialog.filterindex
2023-09-21 05:40 - 2023-09-21 12:25 - 000000001 _____ () C:\Users\Retrogamer87 SSD\AppData\Local\RawCopy.sourcedisk.index

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2022-08-31] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2025
Ran by Retrogamer87 SSD (09-10-2025 07:09:02)
Running from C:\Users\Retrogamer87 SSD\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.6396 (X64) (2023-09-02 17:44:54)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrador (S-1-5-21-2307758842-2925553095-3651173823-500 - Administrator - Disabled)
Convidado (S-1-5-21-2307758842-2925553095-3651173823-501 - Limited - Enabled)
DefaultAccount (S-1-5-21-2307758842-2925553095-3651173823-503 - Limited - Disabled)
Retrogamer87 SSD (S-1-5-21-2307758842-2925553095-3651173823-1001 - Administrator - Enabled) => C:\Users\Retrogamer87 SSD
WDAGUtilityAccount (S-1-5-21-2307758842-2925553095-3651173823-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky (Disabled - Up to date) {70E35457-C7D9-669C-FEA5-55382EABDC78}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 25.01 (x64) (HKLM\...\7-Zip) (Version: 25.01 - Igor Pavlov)
AIDA64 Extreme v7.70 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 7.70 - FinalWire Ltd.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.6.1 - Advanced Micro Devices, Inc.)
ASRock eXtreme Tuner v0.1.434 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: 0.1.434 - ASRock Inc.)
ASRock XFast RAM v2.0.29 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)
aTube Catcher versão 10.10.0 (HKLM\...\{363C8C67-92B1-4FC9-BEC0-F5F197EFA07E}_is1) (Version: 10.10.0 - DsNET Corp. - Diego Uscanga)
balenaEtcher (HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\balena_etcher) (Version: 2.1.4 - Balena Ltd. <hello@balena.io>)
BlueStacks (HKLM\...\BlueStacks_nxt) (Version: 5.22.91.1029 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\BlueStacksServices) (Version: 3.0.9 - now.gg, Inc.)
Branding64 (HKLM\...\{0DB6E0DC-607A-42C1-A3CE-7567A9F85AF4}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
By Click Downloader (HKLM-x32\...\{8BB08C18-6BB5-4CF0-88AB-EA64B9F8992E}) (Version: 2.4.6 - ByClick) Hidden
CCleaner 7 (HKLM\...\CCleaner 7) (Version: 7.0.984.1153 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
ChomikBox (HKLM-x32\...\{8E4185CC-4FF3-46B9-A4DB-5B850B71ABC4}) (Version: 2.0.8.2 - Chomikuj.pl)
CPUID HWMonitor 1.59 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.59 - CPUID, Inc.)
CrystalDiskInfo 9.7.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.7.2 - Crystal Dew World)
CrystalDiskMark 8.0.4c (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.4c - Crystal Dew World)
CrystalDiskMark 9.0.1 (HKLM\...\CrystalDiskMark9_is1) (Version: 9.0.1 - Crystal Dew World)
DiskFresh 1.1 (HKLM\...\DiskFresh_is1) (Version: - Puran Software)
DownloadHelper CoApp (HKLM-x32\...\DownloadHelper CoApp) (Version: 2.0.19.0 - ACLAP)
Driver Booster 12 (HKLM-x32\...\Driver Booster_is1) (Version: 12.6.0 - IObit)
ENE_QSI_Loki_HAL (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
ENE_QSI_Loki_HAL (HKLM-x32\...\{205ef3a8-937b-43cb-90fc-2f58f71408d8}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
Foxit PDF Reader (HKLM\...\{01a75e1e-7567-11f0-b81f-54bf64a63c26}) (Version: 2025.2.0.33046 - Foxit Software Inc.) Hidden
Foxit PDF Reader (HKLM-x32\...\{07076c18-fbda-44e6-81c4-4bf87112af2a}) (Version: 2025.2.0.33046 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 141.0.7390.55 - Google LLC)
GSmartControl (HKLM\...\GSmartControl) (Version: 1.1.4 - Alexander Shaduri)
GSmartControl (HKLM-x32\...\gsmartcontrol) (Version: 2.0.2 - Alexander Shaduri)
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HP Deskjet 1510 series Software básico do dispositivo (HKLM\...\{4F67DA9C-821A-42EA-A23A-AF980EA17E7F}) (Version: 32.4.118.94128 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0.1 - AppWork GmbH)
Malwarebytes version 5.2.3.156 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.3.156 - Malwarebytes)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.17 (x86) (HKLM-x32\...\{54DE7EA9-E391-4BD2-A373-3A72A18EBDB5}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.36 (x86) (HKLM-x32\...\{FBC9D6AE-6396-4FC7-BC18-00852836F16D}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.20 (x64) (HKLM\...\{EE5EB03B-D65C-4991-848E-2C6E024326DB}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x86) (HKLM-x32\...\{AF01038B-6523-4EA7-9D9E-4F1E2927D88B}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.36 (x86) (HKLM-x32\...\{6F73FE7B-B9C3-4A05-8138-0E44543D755F}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.20 (x64) (HKLM\...\{B0FC828F-678C-4868-9B5B-99639758E6F3}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{59650A2A-3839-46EC-9D9C-6B3B1C743C55}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.36 (x86) (HKLM-x32\...\{89C09E22-01D0-41F6-BAD3-CA0A8B74AD22}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.20 (x64) (HKLM\...\{221BB52A-B763-4C9D-AA62-4B0B6C9AAD62}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 141.0.3537.57 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 141.0.3537.57 - Microsoft Corporation) Hidden
Microsoft GameInput (HKLM\...\{64D0CCB1-329E-D507-0886-47E53D59AE21}) (Version: 10.1.26100.6106 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35211 (HKLM-x32\...\{d8bbe9f9-7c5b-42c6-b715-9ee898a2e515}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.44.35211 (HKLM-x32\...\{0b5169e3-39da-4313-808e-1f9c0407f3bf}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.44.35211 (HKLM\...\{86AB2CC9-08BD-4643-B0F9-F82D006D72FF}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.44.35211 (HKLM\...\{43B0D101-A022-48F4-9D04-BA404CEB1D53}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.44.35211 (HKLM-x32\...\{C18FB403-1E88-43C8-AD8A-CED50F23DE8B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.44.35211 (HKLM-x32\...\{922480B5-CAEB-4B1B-AAA4-9716EFDCE26B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM\...\{5BEE5F3E-4D78-4DE8-A8F3-36D3E9D8868C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM-x32\...\{0eddeab6-01c1-4cf7-83ba-164ea8974c90}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{098c6ff7-1af1-4c4a-b86f-c60608c98e31}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{0D02D706-44F2-4957-A448-E7259A0B56B9}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x86) (HKLM-x32\...\{9A00C541-6944-4969-9DFE-A7289215800D}) (Version: 48.144.23186 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x86) (HKLM-x32\...\{c37854d7-1852-4785-82ff-86ff988e4caf}) (Version: 6.0.36.34217 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.20 (x64) (HKLM\...\{72C29BED-666F-4E5E-BC49-DF44C890742E}) (Version: 56.80.15245 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.20 (x64) (HKLM-x32\...\{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}) (Version: 7.0.20.33720 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 12.9 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.9 - MiniTool Software Limited)
MPC-HC 2.5.2 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 2.5.2 - MPC-HC Team)
OnScreen Control (HKLM-x32\...\{E5C1B339-0E4E-49A5-859E-5E1DE1938706}) (Version: 8.26.0 - LG Electronics Inc)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 5.0.2 - The qBittorrent project)
QuickMemoryTestOK (HKLM\...\QuickMemoryTestOK) (Version: - com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7560 - Realtek Semiconductor Corp.)
RetroArch (HKLM-x32\...\RetroArch) (Version: 1.21.0.0 - Libretro)
SD Card Formatter (HKLM-x32\...\{D02212EA-E02A-4521-9036-5367734FC66E}) (Version: 5.0.2 - SD Association)
SeaTools (HKLM-x32\...\SeaTools 5.1.182) (Version: 5.1.182 - Seagate)
Smart Defrag 11 (HKLM-x32\...\Smart Defrag_is1) (Version: 11.0.0.454 - IObit)
Speccy (HKLM\...\Speccy) (Version: 1.33 - Piriform)
Telegram Desktop (HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 6.1.3 - Telegram FZ-LLC)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation)
Verificação de integridade do PC Windows (HKLM\...\{2403B2D2-1FDC-497D-B181-F53D079FEAAA}) (Version: 3.6.2204.08001 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
Warsaw 2.50.0.13 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.50.0.13 - Topaz)
WifiAutoInstall version 2.0.0.8 (HKLM\...\{BBADB2D6-0408-42D0-AAF8-B79D3E8B994C}_is1) (Version: 2.0.0.8 - Realtek, Inc.)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
WinRAR 7.13 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.13.0 - win.rar GmbH)
Wise Folder Hider (HKLM-x32\...\Wise Folder Hider_is1) (Version: 5.0.9 - Lespeed Technology Co., Ltd.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => -> No File
ContextMenuHandlers1: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => -> No File
ContextMenuHandlers1: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => -> No File
ContextMenuHandlers1: [Kaspersky Standard 21.18] -> {2962565E-CA75-4BF1-B282-AE912144D3DA} => -> No File
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2025-04-22] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\rarext.dll [2025-07-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\rarext32.dll [2025-07-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => -> No File
ContextMenuHandlers2: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => -> No File
ContextMenuHandlers2: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => -> No File
ContextMenuHandlers2: [Kaspersky Standard 21.18] -> {2962565E-CA75-4BF1-B282-AE912144D3DA} => -> No File
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-12-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => -> No File
ContextMenuHandlers4: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => -> No File
ContextMenuHandlers4: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => -> No File
ContextMenuHandlers4: [Kaspersky Standard 21.18] -> {2962565E-CA75-4BF1-B282-AE912144D3DA} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-08-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Kaspersky Free 21.15] -> {AE81D5A2-A34B-4D93-8DF8-540DBCE48043} => -> No File
ContextMenuHandlers6: [Kaspersky Free 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => -> No File
ContextMenuHandlers6: [Kaspersky Free 21.17] -> {0F574355-9FBE-40DB-ACB8-81F6612BB909} => -> No File
ContextMenuHandlers6: [Kaspersky Standard 21.18] -> {2962565E-CA75-4BF1-B282-AE912144D3DA} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-12-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2025-04-22] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\rarext.dll [2025-07-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\rarext32.dll [2025-07-28] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000057856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\audio\qtaudio_windows.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000735232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000120832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000480256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5RemoteObjects.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000262144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [6962]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aDXs4 [3506]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddpp.sys:TWluaml1 [4310]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [6962]
AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [6962]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [6962]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 06:14 - 2024-09-29 19:55 - 000001342 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 easeus.com
127.0.0.1 www.easeus.com
127.0.0.1 activation.easeus.com
127.0.0.1 easeus.com.cn
127.0.0.1 www.easeus.com.cn
127.0.0.1 track.easeus.com
127.0.0.1 track.easeus.com.cn
127.0.0.1 api.easeus.com
127.0.0.1 update.easeus.com
127.0.0.1 map2.hwcdn.net
127.0.0.1 easeusinfo.us-east-1.log.aliyuncs.com
127.0.0.1 aaa100cd68bbe03f3.awsglobalaccelerator.com
127.0.0.1 uompro.easeus.com
127.0.0.1 order.easeus.com
127.0.0.1 curl.haxx.se
127.0.0.1 buy.easeus.com
127.0.0.1 v2api-uoss.easeus.com

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 177.37.220.17 - 177.37.220.18
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Wi-Fi: Realtek 8811CU Wireless LAN 802.11ac USB NIC -> rtwlanu.sys

nt_wsddntf: Topaz OFD Network Monitor

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Smart Projects\IsoBuster;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\;C:\Program Files\dotnet\
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\DesktopSpotlight\Assets\Images\image_1.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\Retrogamer87 SSD\Desktop\FRST64.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\Retrogamer87 SSD\Desktop\FRST64english.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\C:\Users\Retrogamer87 SSD\AppData\Roaming\secure\QtWebKit4.dll
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\C:\Users\Retrogamer87 SSD\Desktop\FRST64.exe

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AMD Crash Defender Service => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: CCleanerPerformanceOptimizerService => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: GameInput Service => 2
MSCONFIG\Services: GameInputSvc => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: GoogleUpdaterInternalService140.0.7273.0 => 2
MSCONFIG\Services: GoogleUpdaterService140.0.7273.0 => 2
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ucldr_mirm_gl => 3
MSCONFIG\Services: ucldr_MirTrilogy4_GL => 3
HKLM\...\StartupApproved\StartupFolder: => "~D Realtek.tmp"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Opera Browser Assistant"
HKLM\...\StartupApproved\Run: => "Reader_Sl"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "OnScreen Control"
HKLM\...\StartupApproved\Run32: => "Reader_Sl"
HKU\S-1-5-21-2307758842-2925553095-3651173823-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_8EEAEEB46E33F9779E13CFEFDF016B9D"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{6A1A66FE-412F-4DE3-9801-FCE1E3250654}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{067B001C-5CE5-4C43-B391-C900B4A0B458}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{A36AC2FC-FF2E-4599-BDCC-BF81F8AC25CA}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{15B2B610-297A-46B3-970A-4BC5C9772622}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{BD6BF039-82F4-499D-8542-EB24C7AF4C1D}] => (Allow) LPort=42305
FirewallRules: [{E5C66399-F9CC-4BF7-B27E-D396C41F6BF5}] => (Allow) LPort=20902
FirewallRules: [{F7FB7F27-44E4-4ECA-81A9-C56908A9637C}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{8E1B8727-9805-4076-941B-98AAF3B2EB53}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{6BE1F60C-E081-477E-87A0-835E425FFFD5}] => (Allow) C:\Program Files\Topaz OFD\Warsaw\core.exe (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
FirewallRules: [{C9E0EEF5-DB55-4797-A5CF-F1E2D9905E60}] => (Allow) LPort=57209
FirewallRules: [{B3ADE6DD-5094-4D97-90CC-ED8A0CB9DB04}] => (Allow) LPort=57210
FirewallRules: [{C99A2F14-DCB6-45D0-ACFC-7E4D49B4B5BB}] => (Allow) LPort=57211
FirewallRules: [{1E46FD90-E282-4D54-AE4E-FA35E776E507}] => (Allow) LPort=57212
FirewallRules: [{9B18E5E9-8016-4BCA-95A0-DE33A71C980B}] => (Allow) LPort=57213
FirewallRules: [{5059AE68-6CD8-482F-9947-DCDF78E80450}] => (Allow) LPort=57214
FirewallRules: [{F10C107E-2FC3-460C-9B72-24ADBE61B5C1}] => (Allow) LPort=57215
FirewallRules: [{B560F0EC-0EC7-419B-81ED-FF6A9B73BE48}] => (Allow) LPort=57216
FirewallRules: [{D7B4AFC3-250C-4753-BDA4-704CE9FA393E}] => (Allow) LPort=57217
FirewallRules: [{D769806C-AAF9-4EA5-8EA9-FE1A4174A759}] => (Allow) LPort=57218
FirewallRules: [{7FB7F3F5-39EF-45D8-92B9-D13D1A1D9C6D}] => (Allow) LPort=57209
FirewallRules: [{AA5FEC70-5E20-40A1-9142-F30ADA239DDD}] => (Allow) LPort=57210
FirewallRules: [{9318F053-71FF-4D71-81A3-0E1AA3EE8E97}] => (Allow) LPort=57211
FirewallRules: [{4BAF74C4-AAD9-4E61-BFCB-174755911ECA}] => (Allow) LPort=57212
FirewallRules: [{D9475071-4577-417E-9077-116182A978AC}] => (Allow) LPort=57213
FirewallRules: [{ADD4DB77-B8DE-4C71-978E-DB395323390C}] => (Allow) LPort=57214
FirewallRules: [{290893F2-6E34-402E-960A-C4F91CAFF9D0}] => (Allow) LPort=57215
FirewallRules: [{8A141AD4-F1B6-4AA6-A133-2A95F3BE1ED9}] => (Allow) LPort=57216
FirewallRules: [{8420F260-B6E9-4FC2-B9B1-E12CB2941B5B}] => (Allow) LPort=57217
FirewallRules: [{63D8635D-5B63-4AB9-9AB7-8E8CE75E83B0}] => (Allow) LPort=57218
FirewallRules: [{AE9DAE80-A1D4-4FA5-8D13-7E7C2D22CA3B}] => (Allow) LPort=23007
FirewallRules: [{0FC5F4B4-40EA-4E4F-9622-46AC24AE030A}] => (Allow) LPort=23008
FirewallRules: [{BA9CA895-3A3F-4A81-A63B-7A026A10540D}] => (Allow) LPort=33009
FirewallRules: [{78527F6F-DBFE-4557-BEF9-4CF7073DB422}] => (Allow) LPort=33010
FirewallRules: [{0ECA6733-D950-4513-9666-C16A18379EE0}] => (Allow) LPort=33011
FirewallRules: [{D514889F-7CBA-4B42-8504-EC2515EFCCE7}] => (Allow) LPort=43012
FirewallRules: [{6B610729-5A59-4D2D-A186-458C65ABDC92}] => (Allow) LPort=43013
FirewallRules: [{5178EC68-E51C-4E10-A5FA-BED072AD437C}] => (Allow) LPort=53014
FirewallRules: [{2411528E-C292-4A27-B557-57C277EA9788}] => (Allow) LPort=53015
FirewallRules: [{DD975457-949F-400A-8D0C-63E79543D8CA}] => (Allow) LPort=53016
FirewallRules: [{8A97C1E7-4B11-47D3-BBC7-8E822533A567}] => (Allow) LPort=23007
FirewallRules: [{85C5D65C-5D6B-4DAF-801C-DA284C785873}] => (Allow) LPort=23008
FirewallRules: [{C9D1A772-F964-422F-B332-98432AB0E25D}] => (Allow) LPort=33009
FirewallRules: [{C84AABC6-42CD-44A0-838F-CAA4DACCEFC1}] => (Allow) LPort=33010
FirewallRules: [{AF9D6D83-AD5D-49FD-A866-64149CD31020}] => (Allow) LPort=33011
FirewallRules: [{C5CE2CE1-74C7-4B49-BD17-4330C7A8A27E}] => (Allow) LPort=43012
FirewallRules: [{FD1C1264-278D-4887-BC14-D30D8A8AA5E2}] => (Allow) LPort=43013
FirewallRules: [{B751B608-A00A-4824-8E87-9C2AA0CD6029}] => (Allow) LPort=53014
FirewallRules: [{B6067CEB-168F-4855-A563-FCEA1DC5280D}] => (Allow) LPort=53015
FirewallRules: [{937A9C2D-C492-43DC-AD73-34EB87112342}] => (Allow) LPort=53016
FirewallRules: [{042D6D10-9718-4552-88F4-59E6CD8C9082}] => (Allow) LPort=50053
FirewallRules: [{ED9287C7-B13A-4137-BB40-393B1572BBBB}] => (Allow) LPort=50053
FirewallRules: [{EC2232BF-F603-4E4C-BB74-A28F1C5153EE}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{FF0A555D-0273-4A91-A23B-136F3FB11E2A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{E855747A-D193-4DCF-9188-2A88FDEF5114}C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{782E90EC-CA3A-4585-81CF-8E59770EC791}C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{DDDE2468-9C79-47AD-95B3-F8E923CA4B42}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{6328117D-6D83-4319-AC38-B115161D8344}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)
FirewallRules: [TCP Query User{A61B4F83-EF94-4245-90D7-FCB65147837D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{5D08058E-DB99-4F90-BB25-1F805F9A6E96}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{1C3373A2-8EEC-4310-A34E-B700237758A1}C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{7AE6C5E7-4279-46E9-B2D1-40405CDDD435}C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\retrogamer87 ssd\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{4AC4C7E6-D89F-4129-8F8C-04AD71FD1914}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [UDP Query User{440DBEAB-4C5E-4DB5-91DB-F4E7E8907819}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{3FFB5E28-A0FB-4137-9EAB-330B8FEC1695}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:475.88 GB) (Free:50.64 GB) (11%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ======================

Application errors:
==================
Error: (10/08/2025 03:04:40 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling CoCreateInstance routine. hr = 0x8007045b, The system is shutting down.

Error: (10/08/2025 03:04:40 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service Information: Unable to start COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem. [0x8007045b, The system is shutting down.]

Error: (10/08/2025 12:33:52 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error updating status for SECURITY_PRODUCT_STATE_SNOOZED.

Error: (10/08/2025 12:33:43 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate the caller with error %1.

Error: (10/07/2025 10:23:06 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Storage Optimizer could not complete reoptimization on (G:) due to: The requested operation is not supported by the hardware containing the volume. (0x8900002A)

Error: (10/06/2025 04:13:27 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of these reasons:

There is a problem with the network connection, the disk where the file is stored, or the storage drivers
installed on this computer, or the disk is missing.

Windows closed the gopher64 program because of this error.

Program: gopher64
File:
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation may be a temporary problem that can be corrected when the program is run again.
2.
If the file still cannot be accessed and
- is not on the network,
- the network administrator should verify that there is no network problem and that the server can be contacted.
- If it is on a removable disk, such as a floppy disk or CD-ROM, ensure that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and click OK. At the command prompt, type CHKDSK /F and press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine if other files on the same disk can be opened. If not, the disk may be damaged. If it's a hard drive, contact your computer's administrator or hardware vendor for
further assistance.

Additional Data
Error Value: 00000000
Disk Type: 0

Error: (10/06/2025 04:13:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gopher64-windows-x86_64.exe, version: 1.1.6.0, timestamp: 0x68cd38d9
Faulting module name: gopher64-windows-x86_64.exe, version: 1.1.6.0, timestamp: 0x68cd38d9
Exception Code: 0xc000001d
Fault Offset: 0x0000000000cdfb93
Faulting process ID: 0xf5c
Faulting application start time: 0x01dc36f54b3217a3
Faulting application path: C:\Users\Retrogamer87 SSD\Downloads\External Hard Drives 2025\Emulators\gopher64-windows-x86_64.exe
Faulting module path: C:\Users\Retrogamer87 SSD\Downloads\External Hard Drives 2025\Emulators\gopher64-windows-x86_64.exe
Report ID: 7aa5de95-1969-42bb-aba0-a16a80e298ea
Faulting package full name:

Faulting package related application ID:

Error: (10/06/2025 04:12:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:

There is a problem with the network connection, the disk on which the file is stored, or the storage drivers
installed on this computer, or the disk is missing.
Windows closed the gopher64 program because of this error.

Program: gopher64
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation may be a temporary problem that can be corrected when the program is run again.
2.
If the file still cannot be accessed and
- is not on the network,
the network administrator should verify that there is no network problem and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM; make sure the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and click OK. At the command prompt, type CHKDSK /F and press ENTER.
4. If the problem persists, restore the file from a backup.
5. Determine if other files on the same disk can be opened. If not, the disk may be damaged. If it is a hard disk, contact your computer administrator or hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

System errors:
============
Error: (10/09/2025 03:10:10 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Secure Boot is not enabled on this computer.). For more information, see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (10/09/2025 03:10:10 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: Secure Boot update failed to update a Secure Boot variable with the error (-2147020471 = Secure Boot is not enabled on this computer.). For more information, see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (10/08/2025 03:10:10 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: Secure Boot update failed to update a Secure Boot variable with the error (-2147020471 = Secure Boot is not enabled on this computer.). For more information, see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (10/08/2025 03:10:10 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: Secure Boot update failed to update a Secure Boot variable with the error (-2147020471 = Secure Boot is not enabled on this computer.). For more information, see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (10/08/2025 08:06:24 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: Secure Boot update failed to update a Secure Boot variable with the error (-2147020471 = Secure Boot is not enabled on this computer.). For more information, see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (10/08/2025 08:06:24 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: Secure Boot update failed to update a Secure Boot variable with the error (-2147020471 = Secure Boot is not enabled on this computer.). For more information, see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (10/07/2025 08:06:24 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: Secure Boot update failed to update a Secure Boot variable with the error (-2147020471 = Secure Boot is not enabled on this computer.). For more information, see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (10/07/2025 08:06:24 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: Secure Boot update failed to update a Secure Boot variable with the error (-2147020471 = Secure Boot is not enabled on this computer.). For more information, see https://go.microsoft.com/fwlink/?linkid=2169931

Windows Defender:
================
Date: 2025-10-09 07:05:10
Description:
Microsoft Defender Antivirus detected malware or other potentially unwanted software.
For more information, see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Malgent!MSR&threatid=2147782947&enterprise=0
Name: Trojan:Win64/Malgent!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Retrogamer87 SSD\Desktop\FRST64english.exe
Detection Source: Local Computer
Detection Type: Concrete
Detection Source: Real-Time Protection
User: DESKTOP-3DM2P71\Retrogamer87 SSD
Process Name: C:\Windows\explorer.exe
Security Intelligence Version: AV: 1.439.24.0, AS: 1.439.24.0, NIS: 1.439.24.0
Engine Version: AM: 1.1.25090.3001, NIS: 1.1.25090.3001

Date: 2025-10-08 21:17:31
Description:
Microsoft Defender Antivirus detected malware or other potentially unwanted software. For more information, see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.C!ml&threatid=2147749372&enterprise=0
Name: Trojan:Win32/Wacatac.C!ml
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Retrogamer87 SSD\AppData\Roaming\secure\QtWebKit4.dll
Detection Source: Local Computer
Detection Type: Concrete
Detection Source: Real-Time Protection
User: NT Authority\System
Process Name: System
Security Intelligence Version: AV: 1.439.24.0, AS: 1.439.24.0, NIS: 1.439.24.0
Engine Version: AM: 1.1.25090.3001, NIS: 1.1.25090.3001

Date: 2025-10-08 21:10:14
Description:
Microsoft Defender Antivirus detected malware or other potentially unwanted software.
For more information, see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Malgent!MSR&threatid=2147782947&enterprise=0
Name: Trojan:Win64/Malgent!MSR
Severity: Severe
Category:

Trojan Horse
Path: file:_C:\Users\Retrogamer87 SSD\Desktop\FRST64.exe
Detection Source: Local Computer
Detection Type: Specific
Detection Source: Real-Time Protection
User: DESKTOP-3DM2P71\Retrogamer87 SSD
Process Name: C:\Windows\explorer.exe
Security Intelligence Version: AV: 1.439.24.0, AS: 1.439.24.0, NIS: 1.439.24.0
Engine Version: AM: 1.1.25090.3001, NIS: 1.1.25090.3001

Date: 2025-10-08 21:08:51
Description:
Microsoft Defender Antivirus detected malware or other potentially unwanted software. For more information, see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Malgent!MSR&threatid=2147782947&enterprise=0
Name: Trojan:Win64/Malgent!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Retrogamer87 SSD\Downloads\FRST64.exe
Detection Source: Local Computer
Detection Type: Concrete
Detection Source: Real-Time Protection
User: DESKTOP-3DM2P71\Retrogamer87 SSD
Process Name: C:\Program Files\Topaz OFD\Warsaw\core.exe
Security Intelligence Version: AV: 1.439.24.0 AS: 1.439.24.0, NIS: 1.439.24.0
Engine Version: AM: 1.1.25090.3001, NIS: 1.1.25090.3001

Date: 2025-10-08 21:08:27
Description:
Microsoft Defender Antivirus detected malware or other potentially unwanted software. For more information, see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Malgent!MSR&threatid=2147782947&enterprise=0
Name: Trojan:Win64/Malgent!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Retrogamer87 SSD\Downloads\FRST64.exe
Detection Source: Local Computer
Detection Type: Concrete
Detection Source: Real-Time Protection
User: DESKTOP-3DM2P71\Retrogamer87 SSD
Process Name: C:\Program Files\Topaz OFD\Warsaw\core.exe
Security Intelligence Version: AV: 1.439.24.0 AS: 1.439.24.0, NIS: 1.439.24.0
Engine Version: AM: 1.1.25090.3001, NIS: 1.1.25090.3001
CodeIntegrity:
===============
Date: 2025-10-09 04:46:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Topaz OFD\Warsaw\wslbdhm64.dll that did not meet the Microsoft signing level requirements.

Date: 2025-10-08 15:05:35
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Topaz OFD\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2025-10-08 15:05:35
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Topaz OFD\Warsaw\wslbscr64.dll that did not meet the Microsoft signing level requirements.

Date: 2025-10-08 12:33:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22\x64\com_antivirus.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.40 10/01/2013
Motherboard: ASRock B75M-DGS R2.0
Processor: Intel® Core™ i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 89%
Total physical RAM: 16329.95 MB
Available physical RAM: 1750.48 MB
Total Virtual: 29129.95 MB
Available Virtual: 5273.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.88 GB) (Free:50.63 GB) (Model: SATA3 512GB SSD) NTFS
Drive g: () (Fixed) (Total:464.7 GB) (Free:186.33 GB) (Model: WDC WD5000BEVT-00ZAT0) NTFS

\\?\Volume{ec57e732-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{ec57e732-0000-0000-0000-001b77000000}\ () (Fixed) (Total:0.52 GB) (Free:0.06 GB) NTFS
\\?\Volume{000777b1-0000-0000-0000-404f74000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: EC57E732)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=475.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=528 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 000777B1)
Partition 1: (Not Active) - (Size=464.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=534 MB) - (Type=27)

==================== End of Addition.txt =======================

Edited by Oh My!, 09 October 2025 - 08:05 PM.

#10 cloudff7

Topic Starter

Members
83 posts
OFFLINE

Local time:04:21 AM

Posted 09 October 2025 - 05:22 AM

I ran a full scan with Microsoft Defender on my PC and it found the file AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml).

But before using Defender, I had run a full scan with Malwarebytes Free and Kaspersky Free and found nothing. Why did it detect this now?

Is this type of malware the kind that modifies, deletes, or corrupts files on the PC?

#11 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
61,652 posts
OFFLINE

Gender:Male
Location:California
Local time:11:21 PM

Posted 09 October 2025 - 08:14 PM

Since you have posted on several malware forums and you have received replies at both Spiceworks and ESET Malware Forum I am closing this topic.

#12 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
61,652 posts
OFFLINE

Gender:Male
Location:California
Local time:11:21 PM

Posted 09 October 2025 - 08:14 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#13 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
61,652 posts
OFFLINE

Gender:Male
Location:California
Local time:11:21 PM

Posted 10 October 2025 - 12:06 PM

This topic has been re-opened at the request of the person who originally posted.

In order to continue you must agree to not reply to any other forums and not take any steps unless I instruct you to do so.

Edited by Oh My!, 10 October 2025 - 12:08 PM.

#14 cloudff7

Topic Starter

Members
83 posts
OFFLINE

Local time:04:21 AM

Posted 10 October 2025 - 12:08 PM

my log posted above

#15 cloudff7

Topic Starter

Members
83 posts
OFFLINE

Local time:04:21 AM

Posted 11 October 2025 - 06:31 AM

It’s already been removed. My concern is whether this malware AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml) detected by Microsoft Defender corrupted, deleted, or modified my personal files, especially the compressed ones. Before testing with Defender, I used Kaspersky Free as my main antivirus, but I also scanned with Malwarebytes Free and Adwcleaner, and according to all of them, the system was clean and without anything. I downloaded a lot of games, ISOs, emulators, and programs, totaling 250GB, and copied them to an external hard drive. Only after that did I switch from Kaspersky Free to Defender because Kaspersky Free was no longer free. In the first full scan of Microsoft Defender, this malware was found. So, after cleaning, will I have to download everything again to ensure they are intact and copy everything again to the four external hard drives? On VirusTotal, this same malware found by Defender has several different names for different antiviruses. It’s hard to tell what it actually is, but I posted the test results at the beginning of the thread, along with a screenshot of the folder where it’s located.

Because they said Kaspersky was one of the best antiviruses, I thought this also applied to the free version, but I think it’s only the paid version. I used the free version for years, and from what I see in the file folder, it’s been on my PC since 2024.