I found 2 backdoors and 3 remote access trojans on my system - Virus, Trojan, Spyware, and Malware Removal Help (2024)

#1Iwashacked

Iwashacked

Members
118 posts
OFFLINE

Local time:11:14 PM

Posted 14 August 2022 - 10:07 AM

Ok, so a few weeks ago my old email account, PayPal and Steam accounts were hacked into. Over the past few weeks, I have been fixing one problem after another. I deleted all my emails within this hacked email and then deleted the account. I contacted Steam support and requested a new password. I called up PayPal and had my account closed, so the hacker can not keep using it. He attempted to make an expensive purchase of a few hundred dollars but I explained that I was hacked and the PayPal staff closed my account.

I also made much more complicated passwords for all my new accounts. I installed HitmanPro, SuperAntiSpyware, Rkill, Mbar, Hijack This, Autoruns and TCPView, which some helpful folks on here mentioned all this is overkill.

I got rid of all these programs and installed the trial version of Malwarebytes as was recommended by these same folks. I ran a full system scan with Malwarebytes and it found 2 backdoor malware in my registry, which I think it successfully removed because I did two more full system scans and it did not detect anymore attacks or suspicious files.

Also before I removed Hijack This, it did detect 3 RATs in my system as well. It is the same situation with Malwarebytes where I think it might have removed them because I did more scans afterward and nothing else came up.

I know this does not mean my system is completely clean, which is why I decided to post about my situation on here for some experts to check things out. I will post the Farbar scan logs below.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-08-2022
Ran by ki43d (administrator) on DESKTOP-NCNDJGQ (Dell Inc. Inspiron 5570) (14-08-2022 23:39:15)
Running from C:\Users\ki43d\Downloads
Loaded Profiles: ki43d
Platform: Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) Language: Japanese (Japan) -> English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Astrill\ASOvpnSvc.exe ->) (Astrill Systems Corp. -> ) C:\Program Files (x86)\Astrill\aswgvpnc.exe
(C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe ->) (QFX Software Corporation -> QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(C:\Users\ki43d\AppData\Local\LINE\bin\current\LINE.exe ->) (LINE Corporation -> LINE Corporation) C:\Users\ki43d\AppData\Local\LINE\Data\plugin\LineCall\1.0.0.505\LineCall.exe
(C:\Users\ki43d\AppData\Local\LINE\bin\current\LINE.exe ->) (LINE Corporation -> LINE Corporation) C:\Users\ki43d\AppData\Local\LINE\Data\plugin\LineMediaPlayer\1.2.0.428\LineMediaPlayer.exe <2>
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_5dc194ddcb559d66\igfxCUIService.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5dc194ddcb559d66\igfxEM.exe
(explorer.exe ->) (Astrill Systems Corp. -> Astrill) C:\Program Files (x86)\Astrill\astrill.exe
(explorer.exe ->) (QFX Software Corporation -> QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel\DPTF\esif_uf.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(LINE Corporation -> LINE Corporation) C:\Users\ki43d\AppData\Local\LINE\bin\current\LINE.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <15>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Astrill Systems Corp. -> Astrill) C:\Program Files (x86)\Astrill\ASOvpnSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5dc194ddcb559d66\igfxCUIService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5dc194ddcb559d66\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5dc194ddcb559d66\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1852_none_7de3b01c7cacf858\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-01-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-01-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWelcome.exe [345848 2019-02-13] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [318920 2019-05-30] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [82992808 2022-04-06] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [512536 2021-09-28] (QFX Software Corporation -> QFX Software Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\Run: [f.lux] => C:\Users\ki43d\AppData\Local\FluxSoftware\Flux\flux.exe [1515848 2021-06-18] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\Run: [Wechat] => C:\Program Files (x86)\Tencent\WeChat\WeChat.exe [559184 2020-11-20] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\Run: [MicrosoftEdgeAutoLaunch_651BD28083BE5F69B3FA653E81792869] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3827128 2022-08-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\Run: [Microsoft Edge Update] => C:\Users\ki43d\AppData\Local\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateCore.exe [252864 2022-07-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [10994528 2022-04-21] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4230544 2022-07-27] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [37054552 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\MountPoints2: {19967724-c84a-11eb-918f-d8d090307411} - "F:\StartBackup.exe"
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01EBB2DC-7F36-464F-A741-3EF2274F8812} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {0DB1CDE2-4B1C-44B3-836D-91D52F48EFB5} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3065487495-3473570161-1620390084-1001UA => C:\Users\ki43d\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [205744 2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {10E826CF-F6FD-4F1C-8CC6-2B6C085B262E} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel® Corporation)
Task: {1E0DE2B0-B43B-4E58-8EB3-ED8CA070132A} - System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-10] (Microsoft Windows -> Microsoft Corporation)
Task: {36E5CDEA-B727-4473-B878-216F05571543} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [61856 2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {49A532CA-56F4-43FD-A3A9-21A7B0B66C50} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {4CC385F1-2CC5-4517-9618-EA08FD7E3A12} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23713200 2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {5687265F-F9A4-4171-A41F-AC5898F0D4FF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145304 2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {5775E91C-5E6C-4CC9-9FF7-236738FEFC9F} - System32\Tasks\Microsoft\Office\IMESharePointDictionary => c:\Program Files\Common Files\Microsoft Shared\IME16\IMESharePointDictionary.exe [247216 2002-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {61935CBC-428A-475C-8942-6C0087EFA51B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-07-18] (Piriform Software Ltd -> Piriform)
Task: {63A76DD2-12D8-4053-BB1E-B451641457C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7AB75F12-A9C7-4CD0-BB76-217C9BFF9BE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8B122C37-2CAA-4EB0-83B4-F7EEAFBECCF6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {95471034-0615-40C8-83A9-8FDB56157157} - System32\Tasks\CCleanerSkipUAC - ki43d => C:\Program Files\CCleaner\CCleaner.exe [31101528 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A2EE80E7-2271-4AC9-8B5F-C89641C56805} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {A647F387-34F1-42A3-AD26-D7A26DB25A2A} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3065487495-3473570161-1620390084-1001Core => C:\Users\ki43d\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [205744 2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B5E3AC57-FD2C-4CDC-9268-FED2B170A25A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145304 2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3C5CCCF-72B7-4638-A849-55850219453D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F6135963-3CB3-4C74-BA17-B619CDEDC9F1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23713200 2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA5256C8-BBAD-4C32-96BD-23E5133B7B33} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler => C:\Program Files\RUXIM\PLUGscheduler.exe (No File)
Task: {FE76CA49-8A74-4465-889B-4309AEB0E1D4} - System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-10] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\ASProxy.dll [401656 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\ASProxy.dll [401656 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\ASProxy.dll [401656 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\ASProxy.dll [401656 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9 19 C:\WINDOWS\SysWOW64\ASProxy.dll [401656 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9-x64 19 C:\WINDOWS\system32\ASProxy64.dll [565496 2016-06-01] (Astrill Systems Corp. -> Astrill)
Tcpip\..\Interfaces\{67899b71-8e9d-4572-9ae2-ef8968546368}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ba1883c0-3896-4673-ac23-4958ae51b2bf}: [NameServer] 198.18.192.1

Edge:
=======
DownloadDir: C:\Users\ki43d\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ki43d\AppData\Local\Microsoft\Edge\User Data\Default [2022-08-14]
Edge Notifications: Default -> hxxps://kissanime.com.ru; hxxps://thepiratebay.org; hxxps://www.rere.jp
Edge HomePage: Default -> hxxps://www.yahoo.co.jp/
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\ki43d\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2022-08-14]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

FireFox:
========
FF DefaultProfile: vht1qbyf.default
FF DefaultProfile: 0tfjb211.default
FF ProfilePath: C:\Users\ki43d\AppData\Roaming\Mozilla\Firefox\Profiles\vht1qbyf.default [2022-08-08]
FF ProfilePath: C:\Users\ki43d\AppData\Roaming\Mozilla\Firefox\Profiles\wxrs56na.default-release [2022-08-14]
FF Extension: (HTTPS Everywhere) - C:\Users\ki43d\AppData\Roaming\Mozilla\Firefox\Profiles\wxrs56na.default-release\Extensions\https-everywhere@eff.org.xpi [2022-08-09]
FF Extension: (Privacy Badger) - C:\Users\ki43d\AppData\Roaming\Mozilla\Firefox\Profiles\wxrs56na.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2022-08-14]
FF Extension: (uBlock Origin) - C:\Users\ki43d\AppData\Roaming\Mozilla\Firefox\Profiles\wxrs56na.default-release\Extensions\uBlock0@raymondhill.net.xpi [2022-08-14]
FF Extension: (Privacy Possum) - C:\Users\ki43d\AppData\Roaming\Mozilla\Firefox\Profiles\wxrs56na.default-release\Extensions\woop-NoopscooPsnSXQ@jetpack.xpi [2022-08-14]
FF Extension: (bleepute Downloader) - C:\Users\ki43d\AppData\Roaming\Mozilla\Firefox\Profiles\wxrs56na.default-release\Extensions\{1750307e-9fc3-4225-96e1-328b7e10c7b0}.xpi [2021-04-25]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\ki43d\AppData\Roaming\Mozilla\Firefox\Profiles\wxrs56na.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-08-12]
FF Extension: (Bitwarden - Free Password Manager) - C:\Users\ki43d\AppData\Roaming\Mozilla\Firefox\Profiles\wxrs56na.default-release\Extensions\{446900e4-71c2-419f-a6a7-df9c091e268b}.xpi [2022-08-14]
FF Extension: (Video DownloadHelper) - C:\Users\ki43d\AppData\Roaming\Mozilla\Firefox\Profiles\wxrs56na.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-08-14]
FF ProfilePath: C:\Users\ki43d\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\0tfjb211.default [2022-08-14]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-08-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2021-09-24] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2021-09-24] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2013-08-13] (Tencent Technology(Shenzhen) Company Limited -> )
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QzoneMusic\npQzoneMusic.dll [2016-02-26] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited) [File not signed]
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-19] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [823312 2020-10-11] (Astrill Systems Corp. -> Astrill)
S3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2618104 2016-06-01] (Astrill Systems Corp. -> Astrill)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12102608 2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [313440 2019-01-08] (Dell Inc -> Dell Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [55712 2022-08-01] (Dell Inc -> )
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [301768 2019-08-12] (Dell Inc -> Dell Inc.)
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{208C5BFC-A1B1-4B52-B14B-3B919AE401BC} [21312 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
S2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2019-04-03] (Dell Inc -> )
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [152576 2022-08-07] (SurfRight B.V. -> SurfRight B.V.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8680192 2022-08-14] (Malwarebytes Inc. -> Malwarebytes)
S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [83480 2021-09-28] (QFX Software Corporation -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [243800 2018-09-08] (QFX Software Corporation -> QFX Software Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-08-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-08-14] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKsl02304341; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F34EA50-672D-4718-BE5A-1798B0262898}\MpKslDrv.sys [141576 2022-08-14] (Microsoft Windows -> Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-24] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [38176 2021-09-22] (WireGuard LLC -> WireGuard LLC)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-08-14 23:39 - 2022-08-14 23:42 - 000027925 _____ C:\Users\ki43d\Downloads\FRST.txt
2022-08-14 23:34 - 2022-08-14 23:41 - 000000000 ____D C:\FRST
2022-08-14 23:33 - 2022-08-14 23:33 - 002370048 _____ (Farbar) C:\Users\ki43d\Downloads\FRST64.exe
2022-08-14 20:17 - 2022-08-14 20:17 - 146025742 _____ C:\Users\ki43d\Downloads\SUPPRESSED CANCER CURES.mp4
2022-08-14 18:09 - 2022-08-14 18:09 - 000002174 _____ C:\Users\ki43d\Desktop\MBAMscan1.txt
2022-08-14 17:43 - 2022-08-14 23:32 - 000000000 ____D C:\Users\ki43d\AppData\LocalLow\IGDump
2022-08-14 17:35 - 2022-08-14 17:35 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-08-14 17:34 - 2022-08-14 17:34 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-08-14 17:34 - 2022-08-14 17:34 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-08-14 16:59 - 2022-08-14 16:59 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-08-14 16:59 - 2022-08-14 16:59 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-08-14 16:59 - 2022-08-14 16:59 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-08-14 16:58 - 2022-08-14 16:58 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-08-14 16:58 - 2022-08-14 16:57 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-08-14 16:56 - 2022-08-14 16:56 - 002556344 _____ (Malwarebytes) C:\Users\ki43d\Downloads\MBSetup(1).exe
2022-08-14 13:08 - 2022-08-14 13:08 - 000000000 ____D C:\Users\ki43d\.ms-ad
2022-08-14 03:26 - 2022-08-14 03:27 - 062448468 _____ C:\Users\ki43d\Downloads\fRmaCHcbdT3L.mp4
2022-08-14 02:52 - 2022-08-14 03:20 - 118266680 _____ C:\Users\ki43d\Downloads\f38KFhycJFH2.mp4
2022-08-14 02:51 - 2022-08-14 03:22 - 111935043 _____ C:\Users\ki43d\Downloads\nVqQiX3hhD0Y.mp4
2022-08-14 02:44 - 2022-08-14 03:19 - 079277160 _____ C:\Users\ki43d\Downloads\1xHZ2iv4m2EU.mp4
2022-08-13 20:03 - 2022-08-13 20:03 - 000113964 _____ C:\Users\ki43d\Downloads\Handsome-Truth-EXPOSED-as-Operative_thumb27-1144659071.jfif
2022-08-13 20:02 - 2022-08-13 20:02 - 000010408 _____ C:\Users\ki43d\Downloads\1-1913079617.jfif
2022-08-13 17:37 - 2022-08-13 17:37 - 003186906 _____ C:\Users\ki43d\Downloads\The Judas Goats The Enemy Within - Michael Collins Piper 2006.pdf
2022-08-13 02:17 - 2022-08-13 02:17 - 000012735 _____ C:\ProgramData\goyslgxe.nnn
2022-08-13 01:41 - 2022-08-13 01:42 - 000000000 ____D C:\Users\ki43d\Desktop\docs
2022-08-12 14:27 - 2022-08-12 14:27 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-08-11 15:35 - 2022-08-12 00:41 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-08-11 15:21 - 2022-08-11 15:21 - 000000000 ____D C:\Program Files (x86)\DummyDir
2022-08-10 23:01 - 2022-08-10 23:01 - 000000000 ____D C:\Users\ki43d\Downloads\TCPView
2022-08-10 23:00 - 2022-08-10 23:00 - 002226419 _____ C:\Users\ki43d\Downloads\TCPView.zip
2022-08-10 17:58 - 2022-08-10 17:58 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-10 17:58 - 2022-08-10 17:58 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-10 17:57 - 2022-08-10 17:57 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-10 17:56 - 2022-08-10 17:56 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-10 17:55 - 2022-08-10 17:55 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-10 17:55 - 2022-08-10 17:55 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-10 17:55 - 2022-08-10 17:55 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-10 17:55 - 2022-08-10 17:55 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-10 16:50 - 2022-08-10 16:50 - 000000000 ___HD C:\$WinREAgent
2022-08-09 01:34 - 2022-08-09 01:34 - 000000000 ____D C:\Users\ki43d\Downloads\Autoruns
2022-08-09 01:33 - 2022-08-09 01:33 - 003862520 _____ C:\Users\ki43d\Downloads\Autoruns.zip
2022-08-09 00:10 - 2022-08-09 00:33 - 000000000 ____D C:\Users\ki43d\AppData\Local\Battle.net
2022-08-09 00:10 - 2022-08-09 00:22 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\Battle.net
2022-08-09 00:10 - 2022-08-09 00:10 - 000000940 _____ C:\Users\Public\Desktop\Battle.net.lnk
2022-08-09 00:10 - 2022-08-09 00:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2022-08-09 00:09 - 2022-08-09 00:22 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-08-08 20:39 - 2022-08-08 20:39 - 000000166 _____ C:\WINDOWS\wininit.ini
2022-08-08 20:28 - 2022-08-08 20:28 - 000388608 _____ (Trend Micro Inc.) C:\Users\ki43d\Downloads\HijackThis.exe
2022-08-08 19:39 - 2022-08-14 16:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-08-08 19:39 - 2022-08-08 19:39 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\17128457.sys
2022-08-08 19:36 - 2022-08-14 16:59 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-08-08 19:36 - 2022-08-08 20:25 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2022-08-08 19:36 - 2022-08-08 19:36 - 014178840 _____ (Malwarebytes Corp.) C:\Users\ki43d\Downloads\mbar-1.10.3.1001.exe
2022-08-08 19:32 - 2022-08-08 19:32 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\QFX Software
2022-08-08 19:32 - 2022-08-08 19:32 - 000000000 ____D C:\ProgramData\QFX Software
2022-08-08 19:26 - 2022-08-08 19:26 - 001552304 _____ C:\Users\ki43d\Downloads\KeyScrambler_Setup.exe
2022-08-08 19:26 - 2022-08-08 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2022-08-08 19:26 - 2022-08-08 19:26 - 000000000 ____D C:\Program Files (x86)\KeyScrambler
2022-08-08 19:26 - 2018-09-08 15:15 - 000243800 _____ (QFX Software Corporation) C:\WINDOWS\system32\Drivers\keyscrambler.sys
2022-08-07 20:27 - 2022-08-11 15:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\Meta
2022-08-07 20:26 - 2022-08-07 20:26 - 000000000 ____D C:\Users\ki43d\AppData\Local\messenger-updater
2022-08-07 17:30 - 2022-08-07 17:30 - 000001496 _____ C:\WINDOWS\system32\.crusader
2022-08-07 16:50 - 2022-08-11 15:10 - 000001968 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2022-08-07 16:50 - 2022-08-07 23:58 - 000000000 ____D C:\Program Files\HitmanPro
2022-08-07 16:50 - 2022-08-07 17:31 - 000000000 ____D C:\ProgramData\HitmanPro
2022-08-07 16:50 - 2022-08-07 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2022-08-07 16:48 - 2022-08-07 16:58 - 014248944 _____ (SurfRight B.V.) C:\Users\ki43d\Downloads\HitmanPro_x64.exe
2022-08-07 00:10 - 2022-08-07 00:10 - 002817055 _____ C:\Users\ki43d\Downloads\steam-2.3.9.apk
2022-08-07 00:10 - 2022-08-07 00:10 - 000000000 ____D C:\Users\ki43d\Downloads\steam-2.3.9
2022-08-05 19:30 - 2022-08-05 20:29 - 000254598 _____ C:\WINDOWS\ntbtlog.txt
2022-08-04 16:55 - 2022-08-11 15:12 - 000000000 ____D C:\WINDOWS\pss
2022-08-04 03:26 - 2022-08-04 03:27 - 298017269 _____ C:\Users\ki43d\Downloads\17nypWABfsmu.mp4
2022-08-04 03:02 - 2022-08-04 03:05 - 2244173462 _____ C:\Users\ki43d\Downloads\s1nPYDj7KBEQ.mp4
2022-08-03 02:38 - 2022-08-03 02:39 - 155180680 _____ C:\Users\ki43d\Downloads\f1eHbmQ4vkID.mp4
2022-08-03 02:36 - 2022-08-03 02:38 - 131511245 _____ C:\Users\ki43d\Downloads\swIY0kjhC9ME.mp4
2022-08-03 02:34 - 2022-08-03 02:34 - 031909602 _____ C:\Users\ki43d\Downloads\RsqNZO8jWicC.mp4
2022-08-03 02:34 - 2022-08-03 02:34 - 011378264 _____ C:\Users\ki43d\Downloads\voBUdXW8s3iw.mp4
2022-08-03 02:32 - 2022-08-03 02:37 - 320022903 _____ C:\Users\ki43d\Downloads\SodhjLpBcyQx.mp4
2022-08-03 02:31 - 2022-08-03 02:32 - 046994935 _____ C:\Users\ki43d\Downloads\dCtUqW7nt8fm.mp4
2022-08-03 02:24 - 2022-08-03 02:24 - 030775518 _____ C:\Users\ki43d\Downloads\xgfLaeYMaU48.mp4
2022-08-03 02:07 - 2022-08-03 02:07 - 022089429 _____ C:\Users\ki43d\Downloads\HkauPov5Hsik.mp4
2022-08-02 02:47 - 2022-08-12 23:56 - 000000000 ____D C:\Program Files (x86)\Steam
2022-08-02 02:47 - 2022-08-02 02:47 - 000001038 _____ C:\Users\Public\Desktop\Steam.lnk
2022-08-02 02:47 - 2022-08-02 02:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2022-08-02 01:23 - 2022-08-02 01:23 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\ki43d\Downloads\rkill.exe
2022-08-02 01:19 - 2022-08-11 15:10 - 000002036 _____ C:\Users\ki43d\Desktop\SUPERAntiSpyware Free Edition.lnk
2022-08-02 01:19 - 2022-08-02 01:19 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\SUPERAntiSpyware.com
2022-08-02 01:19 - 2022-08-02 01:19 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2022-08-02 01:18 - 2022-08-02 01:19 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2022-08-02 01:18 - 2022-08-02 01:18 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2022-08-02 01:17 - 2022-08-02 01:18 - 219963744 _____ (SUPERAntiSpyware) C:\Users\ki43d\Downloads\SUPERAntiSpyware.exe
2022-07-31 18:49 - 2022-07-31 18:49 - 000000000 ____D C:\Users\ki43d\Downloads\Gradius III (USA)
2022-07-31 18:31 - 2022-07-31 18:31 - 000000000 ____D C:\Users\ki43d\Downloads\Final Fantasy III (USA) (Rev 1)
2022-07-31 18:30 - 2022-07-31 18:31 - 002243313 _____ C:\Users\ki43d\Downloads\Final Fantasy III (USA) (Rev 1).zip
2022-07-31 18:29 - 2022-07-31 18:29 - 003854525 _____ C:\Users\ki43d\Downloads\snes9x-1.60-win32-x64.zip
2022-07-31 18:29 - 2022-07-31 18:29 - 000000000 ____D C:\Users\ki43d\Downloads\snes9x-1.60-win32-x64
2022-07-31 18:11 - 2022-07-31 18:11 - 000433344 _____ C:\Users\ki43d\Downloads\Gradius III (USA).zip
2022-07-31 18:10 - 2022-07-31 18:10 - 000448469 _____ C:\Users\ki43d\Downloads\gryzor.zip
2022-07-31 18:06 - 2022-07-31 18:06 - 002251365 _____ C:\Users\ki43d\Downloads\Final Fantasy VI (Japan).zip
2022-07-30 12:48 - 2022-07-30 17:22 - 000000000 ____D C:\Program Files\Recuva
2022-07-30 12:48 - 2022-07-30 12:48 - 000001701 _____ C:\Users\Public\Desktop\Recuva.lnk
2022-07-30 12:48 - 2022-07-30 12:48 - 000000000 ____D C:\ProgramData\Piriform
2022-07-30 12:48 - 2022-07-30 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2022-07-30 12:47 - 2022-07-30 12:47 - 011897288 _____ (Piriform Software Ltd) C:\Users\ki43d\Downloads\rcsetup153.exe
2022-07-30 12:43 - 2022-07-30 12:43 - 027125741 _____ C:\Users\ki43d\Downloads\testdisk-7.2-WIP.win64.zip
2022-07-30 04:16 - 2022-07-30 04:16 - 000000000 ____D C:\NasCacheDirectory
2022-07-30 03:52 - 2022-07-30 03:52 - 000001076 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard.lnk
2022-07-30 03:52 - 2022-07-30 03:52 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\EaseUS
2022-07-30 03:52 - 2022-07-30 03:52 - 000000000 ____D C:\ProgramData\SystemAcCrux
2022-07-30 03:52 - 2022-07-30 03:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS
2022-07-30 03:51 - 2022-07-30 03:51 - 052092200 _____ (EaseUS ) C:\Users\ki43d\Downloads\drw_affiliate_setup.exe
2022-07-30 03:51 - 2022-07-30 03:51 - 002072392 _____ C:\Users\ki43d\Downloads\DRW_affiliate_Installer_20220729.502145a1443141.exe
2022-07-30 03:51 - 2022-07-30 03:51 - 000000000 ____D C:\Program Files\EaseUS
2022-07-30 03:39 - 2022-07-31 14:36 - 000000000 ____D C:\Program Files (x86)\Wondershare
2022-07-30 03:39 - 2022-07-30 03:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2022-07-30 03:39 - 2022-07-30 03:39 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2022-07-29 23:49 - 2022-07-29 23:49 - 000000000 ____D C:\Users\ki43d\Downloads\20th.Century.Boys.The.Last.Chapter.Our.Flag.2009.JAP.DVDRip.XviD-GiNJi
2022-07-29 20:57 - 2022-07-29 21:02 - 406343227 _____ C:\Users\ki43d\Downloads\icecat-60.7.0-gnu1.tar.bz2
2022-07-29 19:53 - 2022-08-07 16:39 - 000000000 ____D C:\Program Files\Pale Moon
2022-07-29 19:53 - 2022-07-29 19:53 - 000000968 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2022-07-29 19:53 - 2022-07-29 19:53 - 000000956 _____ C:\Users\Public\Desktop\Pale Moon.lnk
2022-07-29 19:53 - 2022-07-29 19:53 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\Moonchild Productions
2022-07-29 19:53 - 2022-07-29 19:53 - 000000000 ____D C:\Users\ki43d\AppData\Local\Moonchild Productions
2022-07-29 19:47 - 2022-07-29 19:49 - 034724864 _____ (Moonchild Productions) C:\Users\ki43d\Downloads\palemoon-31.1.1.win64.installer.exe
2022-07-17 22:28 - 2022-07-17 22:28 - 000260348 _____ C:\Users\ki43d\Downloads\01e0ecafd4776b5a.jpeg
2022-07-15 14:59 - 2022-07-15 14:59 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-15 14:59 - 2022-07-15 14:59 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-15 14:59 - 2022-07-15 14:59 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-15 14:59 - 2022-07-15 14:59 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-15 14:59 - 2022-07-15 14:59 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-15 14:59 - 2022-07-15 14:59 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-15 14:58 - 2022-07-15 14:58 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-15 14:58 - 2022-07-15 14:58 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-15 14:58 - 2022-07-15 14:58 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-15 14:58 - 2022-07-15 14:58 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-15 14:58 - 2022-07-15 14:58 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-15 14:58 - 2022-07-15 14:58 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-15 14:57 - 2022-07-15 14:57 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-15 14:57 - 2022-07-15 14:57 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-15 14:56 - 2022-07-15 14:56 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-15 14:56 - 2022-07-15 14:56 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-15 14:55 - 2022-07-15 14:55 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-08-14 23:07 - 2019-12-07 18:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-08-14 22:18 - 2021-03-12 02:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-08-14 21:49 - 2021-09-22 16:30 - 000000000 ____D C:\Program Files\CCleaner
2022-08-14 21:04 - 2021-04-25 21:53 - 000000000 ____D C:\Users\ki43d\AppData\LocalLow\Mozilla
2022-08-14 19:10 - 2021-03-12 02:36 - 000004138 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{985564EC-A92A-4C9B-AD61-F04CAC94DC31}
2022-08-14 18:14 - 2021-09-22 21:56 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\vlc
2022-08-14 16:58 - 2019-12-07 18:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-08-14 16:57 - 2020-05-30 21:52 - 000000000 ____D C:\Program Files\Malwarebytes
2022-08-14 15:37 - 2019-06-08 14:58 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2022-08-14 13:08 - 2021-03-12 02:13 - 000000000 ____D C:\Users\ki43d
2022-08-14 13:00 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-08-14 12:56 - 2019-09-26 19:31 - 000000000 __SHD C:\Users\ki43d\IntelGraphicsProfiles
2022-08-14 04:04 - 2019-12-07 18:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-08-14 03:04 - 2020-09-20 18:31 - 000002432 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-08-14 03:04 - 2020-09-20 18:31 - 000002270 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-08-14 00:05 - 2021-09-04 19:15 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\obs-studio
2022-08-14 00:04 - 2021-03-12 02:36 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-08-14 00:03 - 2022-06-07 20:16 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-08-14 00:03 - 2022-06-07 20:16 - 000002063 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-08-13 20:50 - 2021-10-08 00:32 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\HandBrake
2022-08-13 16:29 - 2021-09-22 16:31 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-08-13 15:31 - 2020-02-26 17:38 - 000000000 ____D C:\Users\ki43d\AppData\Local\D3DSCache
2022-08-13 02:17 - 2021-09-21 01:48 - 000000000 ____D C:\Users\ki43d\AppData\Local\Movavi
2022-08-13 01:39 - 2019-09-27 16:25 - 000000000 ____D C:\Program Files\Microsoft Office
2022-08-12 14:27 - 2022-04-19 21:00 - 000001933 _____ C:\Users\ki43d\Desktop\Zoom.lnk
2022-08-12 14:27 - 2020-04-25 23:15 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\Zoom
2022-08-12 00:47 - 2019-10-02 21:34 - 000001213 _____ C:\Users\ki43d\Desktop\LINE.lnk
2022-08-12 00:41 - 2021-10-15 01:52 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-08-12 00:41 - 2021-04-25 21:53 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-08-12 00:41 - 2021-04-25 21:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-08-11 15:13 - 2021-03-12 02:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-08-11 15:13 - 2021-03-12 02:00 - 000008192 ___SH C:\DumpStack.log.tmp
2022-08-11 15:13 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-08-11 15:13 - 2019-06-08 14:56 - 000000000 ____D C:\Intel
2022-08-11 15:12 - 2019-12-07 18:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-08-11 15:10 - 2021-09-24 12:15 - 000000000 ____D C:\Users\ki43d\AppData\Local\CrashDumps
2022-08-11 14:35 - 2020-04-17 01:16 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-08-11 00:13 - 2019-12-07 18:13 - 000000000 ____D C:\WINDOWS\INF
2022-08-10 22:29 - 2019-12-07 18:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-08-10 22:27 - 2019-09-26 21:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-08-10 22:24 - 2019-09-26 21:29 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-08-10 21:54 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-08-10 20:27 - 2021-03-12 02:24 - 001453122 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-08-10 20:27 - 2019-12-08 00:10 - 000484292 _____ C:\WINDOWS\system32\perfh011.dat
2022-08-10 20:27 - 2019-12-08 00:10 - 000133474 _____ C:\WINDOWS\system32\perfc011.dat
2022-08-10 20:19 - 2021-03-12 02:01 - 000419608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-08-10 20:15 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-08-10 20:15 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-08-10 20:15 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-08-10 20:15 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-08-10 20:15 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-08-10 20:15 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-08-10 20:15 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-08-10 20:14 - 2019-12-08 00:13 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-10 20:14 - 2019-12-07 18:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-08-10 20:14 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-08-10 20:14 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-08-10 17:55 - 2021-03-12 02:07 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-08-07 17:30 - 2022-05-27 15:07 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\uTorrent
2022-08-05 00:44 - 2022-01-29 01:45 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\FileZilla
2022-08-05 00:44 - 2021-03-08 19:55 - 000000000 ___DC C:\WINDOWS\Panther
2022-08-04 22:45 - 2021-09-22 16:31 - 000001050 _____ C:\Users\Public\Desktop\CCleaner.lnk
2022-08-04 17:01 - 2021-04-25 21:53 - 000001180 _____ C:\Users\Public\Desktop\Firefox.lnk
2022-08-04 16:48 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\Registration
2022-08-02 02:47 - 2021-12-31 00:31 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-07-31 16:22 - 2022-02-09 21:22 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-31 14:36 - 2021-07-29 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2022-07-31 14:36 - 2021-07-29 22:26 - 000000000 ____D C:\ProgramData\Wondershare
2022-07-30 03:40 - 2021-09-20 02:10 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2022-07-30 03:40 - 2021-07-29 22:29 - 000000000 ____D C:\Users\ki43d\AppData\Roaming\Wondershare
2022-07-30 01:40 - 2019-09-28 11:15 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-30 01:33 - 2021-09-22 16:31 - 000000000 ____D C:\Users\ki43d\AppData\Local\BitTorrentHelper
2022-07-29 02:32 - 2021-12-13 22:57 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3065487495-3473570161-1620390084-1001
2022-07-29 02:32 - 2021-03-12 02:36 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3065487495-3473570161-1620390084-1001
2022-07-29 02:32 - 2021-03-12 02:13 - 000002385 _____ C:\Users\ki43d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-27 20:40 - 2022-07-10 18:30 - 000003800 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3065487495-3473570161-1620390084-1001UA
2022-07-27 20:40 - 2022-07-10 18:30 - 000003736 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3065487495-3473570161-1620390084-1001Core
2022-07-21 18:57 - 2021-03-12 02:36 - 000003372 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-20 02:00 - 2021-01-31 15:13 - 000000000 ____D C:\Users\ki43d\Documents\WeChat Files
2022-07-20 02:00 - 2021-01-31 15:13 - 000000000 ____D C:\Users\ki43d\AppData\Local\xwalk
2022-07-17 22:32 - 2019-12-07 18:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-17 22:32 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-17 22:32 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-17 22:32 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-17 22:32 - 2019-12-07 18:14 - 000000000 ____D C:\WINDOWS\ShellComponents

==================== Files in the root of some directories ========

2021-01-31 15:13 - 2021-01-31 15:13 - 000045056 _____ () C:\Users\ki43d\AppData\Roaming\Web Data
2021-01-31 15:13 - 2021-01-31 15:13 - 000000000 _____ () C:\Users\ki43d\AppData\Roaming\Web Data-journal
2019-09-27 16:53 - 2019-09-27 16:53 - 000000036 _____ () C:\Users\ki43d\AppData\Local\housecall.guid.cache
2021-09-21 01:33 - 2021-09-21 01:33 - 000002550 _____ () C:\Users\ki43d\AppData\Local\krita-sysinfo.log
2021-09-21 01:33 - 2021-09-21 01:46 - 000000425 _____ () C:\Users\ki43d\AppData\Local\krita.log
2021-09-21 01:46 - 2021-09-21 01:46 - 000000039 _____ () C:\Users\ki43d\AppData\Local\kritadisplayrc
2021-09-21 01:33 - 2021-09-21 01:46 - 000014710 _____ () C:\Users\ki43d\AppData\Local\kritarc
2022-05-02 19:28 - 2022-05-02 19:28 - 000000855 _____ () C:\Users\ki43d\AppData\Local\recently-used.xbel
2019-09-27 19:12 - 2019-11-06 19:33 - 000000010 _____ () C:\Users\ki43d\AppData\Local\sponge.last.runtime.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-08-2022
Ran by ki43d (14-08-2022 23:46:11)
Running from C:\Users\ki43d\Downloads
Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) (2021-03-11 17:40:27)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3065487495-3473570161-1620390084-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3065487495-3473570161-1620390084-503 - Limited - Disabled)
Guest (S-1-5-21-3065487495-3473570161-1620390084-501 - Limited - Disabled)
ki43d (S-1-5-21-3065487495-3473570161-1620390084-1001 - Administrator - Enabled) => C:\Users\ki43d
WDAGUtilityAccount (S-1-5-21-3065487495-3473570161-1620390084-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1041-1033-7760-BC15014EA700}) (Version: 22.002.20191 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version: - Astrill)
AstrillTun (HKLM\...\{0DED3A08-4EF4-47E3-8610-11BE75619038}) (Version: 1.0 - Astrill) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 6.02 - Piriform)
Dell Digital Delivery Services (HKLM-x32\...\{E530ABB7-9DCC-421B-B751-484375E8374A}) (Version: 5.0.49.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{1E754E2C-CF3B-42CB-B36D-D560CEA96149}) (Version: 2.0.7811 - Screenovate Technologies Ltd.)
Dell Power Manager Service (HKLM\...\{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}) (Version: 3.2.0 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{388A412B-5C0C-4C1E-8BF7-B6E9E117F367}) (Version: 4.4.2.9869 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{4990dc23-fdee-4fec-8bde-9f5d4745f88b}) (Version: 4.4.2.9869 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{77C86F54-9452-4EB6-B4C3-8A57FBF72D2B}) (Version: 4.4.0.9836 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{d2a00335-3e50-405c-8c5d-32e2a636bbe1}) (Version: 4.4.0.9836 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{70E9F8CC-A23E-4C25-B292-C86C1821587C}) (Version: 3.0.1 - Dell, Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
f.lux (HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\Flux) (Version: - f.lux Software LLC)
GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HandBrake 1.4.2 (HKLM-x32\...\HandBrake) (Version: 1.4.2 - )
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.30.326 - SurfRight B.V.)
Intel® Chipset Device Software (HKLM\...\{C844CC39-BC28-46CA-8239-3F37D8FE2A59}) (Version: 10.1.17541.8066 - Intel Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10208.5644 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{0854C811-6DAD-441D-AB36-2F73631A04A1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1914.12.0.1255 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{20B3E53F-28F1-48CC-AA69-35EF7A935162}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{DBF0C0C0-C8CF-4F01-8B04-F80FC3B88EF6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.0.1017 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{F1612379-83A3-4F18-8B9B-7AA4A393E106}) (Version: 17.5.0.1017 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{c6de84fd-ece7-4c2a-9f06-8cabe7ab79a0}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{ACA5CFAC-9E99-4764-A7AD-AF5CF3FA15BF}) (Version: 17.0.2.1076 - Intel Corporation)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.16.0.1 - QFX Software Corporation)
K-Lite Codec Pack 16.0.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.0.5 - KLCP)
LINE (HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\LINE) (Version: 7.10.2.2807 - LINE Corporation)
Malwarebytes version 4.5.12.204 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.12.204 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 104.0.1293.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 104.0.1293.54 - Microsoft Corporation)
Microsoft Office Home and Business 2016 - ja-jp (HKLM\...\HomeBusinessRetail - ja-jp) (Version: 16.0.15427.20210 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\OneDriveSetup.exe) (Version: 22.141.0703.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{2FAF2A80-5906-467E-8AD2-B83C94383600}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{F85F7FF0-5DFF-4BC0-9045-C9573D1BC11F}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 103.0.2 (x64 en-US)) (Version: 103.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20148 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0411-1000-0000000FF1CE}) (Version: 16.0.15427.20178 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Pale Moon 31.2.0.1 (x64 en-US) (HKLM\...\Pale Moon 31.2.0.1 (x64 en-US)) (Version: 31.2.0.1 - Moonchild Productions)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10480 - Qualcomm)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subtitle Edit 3.6.2 (HKLM\...\SubtitleEdit_is1) (Version: 3.6.2.0 - Nikse)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1246 - SUPERAntiSpyware.com)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WeChat (HKLM-x32\...\WeChat) (Version: 3.1.0.72 - 腾讯科技(深圳)有限公司)
WhatsApp (HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\WhatsApp) (Version: 2.2214.12 - WhatsApp)
Windows PC 正常性チェック (HKLM\...\{91AD482B-BEB3-4DC7-8FC4-01AD0335489B}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\ZoomUMX) (Version: 5.11.4 (7185) - Zoom Video Communications, Inc.)
インテル® チップセットデバイスソフトウェア (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden

Packages:
=========
Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor_2.4.78.0_x64__2dgmkzkw4h30c [2022-08-12] (Portrait Displays)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.3.5.0_x64__htrsf667h5kn2 [2022-05-22] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.49.0_x64__htrsf667h5kn2 [2022-08-11] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2022-05-22] (Screenovate Technologies) [Startup Task]
Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.10.10.0_x64__htrsf667h5kn2 [2021-11-07] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_3.0.160.0_x64__htrsf667h5kn2 [2019-06-08] (Dell Inc)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-09-26] (LinkedIn)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-04-17] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-31] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-04-28] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_2.0.30.0_x64__htrsf667h5kn2 [2022-05-22] (Dell Inc)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-03] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.4925.0_x86__mcezb6ze687jp [2022-08-12] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-28] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2019-09-26] (CYBERLINK CORPORATION.)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2022-05-22] (Microsoft Corporation)
楽しもう Office -> C:\Program Files\WindowsApps\Microsoft.EnjoyOffice_1.0.60.0_x64__8wekyb3d8bbwe [2022-05-22] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3065487495-3473570161-1620390084-1001_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\ki43d\AppData\Local\Microsoft\EdgeUpdate\1.3.165.21\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3065487495-3473570161-1620390084-1001_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\ki43d\AppData\Local\Microsoft\EdgeUpdate\1.3.165.21\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3065487495-3473570161-1620390084-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
CustomCLSID: HKU\S-1-5-21-3065487495-3473570161-1620390084-1001_Classes\CLSID\{BFBE0943-74C5-40E0-9E80-0B808109E95D}\InprocServer32 -> C:\Users\ki43d\AppData\Local\Microsoft\EdgeUpdate\1.3.163.19\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3065487495-3473570161-1620390084-1001_Classes\CLSID\{D1CE12B0-2529-4B24-BE8E-189735EA0DC1}\InprocServer32 -> C:\Users\ki43d\AppData\Local\Microsoft\EdgeUpdate\1.3.165.21\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => -> No File
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-01-03] () [File not signed] [File is in use]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:\Program Files\HitmanPro\hmpshext.dll [2022-08-07] (SurfRight B.V. -> SurfRight B.V.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-08-14] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-01-03] () [File not signed] [File is in use]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:\Program Files\HitmanPro\hmpshext.dll [2022-08-07] (SurfRight B.V. -> SurfRight B.V.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-06-15] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5dc194ddcb559d66\igfxDTCM.dll [2020-12-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-08-14] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-06-15] (Piriform Software Ltd -> Piriform Software Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-07-19 23:25 - 2019-02-22 01:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-01-03 18:16 - 2019-01-03 18:16 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2022-08-13 03:13 - 2022-08-13 03:13 - 001030144 _____ (Microsoft Corporation) [File not signed] C:\Users\ki43d\AppData\Local\LINE\bin\current\dbghelp.dll
2022-08-01 12:19 - 2022-08-01 12:19 - 001548800 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\SQLite.Interop.dll
2022-07-30 03:39 - 2021-02-14 19:16 - 000759296 _____ (Tabibito Technology) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Icaros\64-bit\IcarosPropertyHandler.dll
2022-08-13 03:13 - 2022-08-13 03:13 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Users\ki43d\AppData\Local\LINE\bin\current\Qt5TextToSpeech.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ASProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.co.jp/
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-3065487495-3473570161-1620390084-1001 -> DefaultScope {66A78F4D-E724-4FF2-83D8-6C453CF6C93E} URL =
SearchScopes: HKU\S-1-5-21-3065487495-3473570161-1620390084-1001 -> {66A78F4D-E724-4FF2-83D8-6C453CF6C93E} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 16:31 - 2018-09-15 16:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\dotnet\
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 198.18.192.1 - 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "WSVCUUpdateHelper.exe"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\StartupApproved\Run: => "Wechat"
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_651BD28083BE5F69B3FA653E81792869"
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\StartupApproved\Run: => "movavi_suite_agent"
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\StartupApproved\Run: => "Microsoft Edge Update"
HKU\S-1-5-21-3065487495-3473570161-1620390084-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5C2A04C7-D7EC-48E1-BC43-74DF45FC1847}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{4D2A5391-508D-4855-857D-486EC1390267}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{D1EA828C-1C0B-4A11-9987-0E4B5B13DE0C}] => (Allow) C:\Program Files (x86)\Tencent\WeChat\WeChat.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{204651DC-61D1-41B9-87FF-CE81263CCB2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe => No File
FirewallRules: [{9F95EAD3-343E-42B6-ADE3-7851E9A0969A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe => No File
FirewallRules: [{86BA064D-BBC7-441A-8B7A-8CED0F4EE6FA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{74870B0F-20B7-476A-AB9B-FF2E58DB563B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{07C9DDE2-EF2B-4FBA-80D6-9BF5FEE5A656}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC48576C-A8F6-4858-BBD2-2D39C61D49D8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B2B7C576-A1C7-4EE7-8CD6-F7A6D4E3B692}] => (Allow) C:\Users\ki43d\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A56923BB-12FC-424D-82A5-CEF9BD0BF94C}] => (Allow) C:\Users\ki43d\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8EFBBD1E-F4A5-4D9E-B1D2-B514FBC1AC7E}] => (Allow) C:\Users\ki43d\AppData\Local\LINE\bin\5.19.0.2020\LineUpdater.exe => No File
FirewallRules: [{3A0AC51E-061B-4D00-AD34-887D14545D8F}] => (Allow) C:\Users\ki43d\AppData\Local\LINE\bin\5.19.0.2020\LineUpdater.exe => No File
FirewallRules: [{180383F2-4B99-4035-891B-9B73344F0C95}] => (Allow) C:\Users\ki43d\AppData\Local\LINE\bin\5.19.0.2020\LINE.exe => No File
FirewallRules: [{B31732A2-1D83-4577-9F7B-1BFA8341E397}] => (Allow) C:\Users\ki43d\AppData\Local\LINE\bin\5.19.0.2020\LINE.exe => No File
FirewallRules: [{11D27DE4-85CA-4A9B-ADB8-8385E29F0A38}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{FAF65571-0F75-44BA-A001-E0E43D29C8CA}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{4A6836F5-0943-4CA7-B3CA-0BCA51958ABB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9F4D34F0-4C2F-45C3-B1C9-2E72EA4F2251}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DAE502A0-87E2-49DA-B17F-BE158CA203C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blaster Master Zero\exe\bsm.exe => No File
FirewallRules: [{C2974B4E-9085-491A-8E1C-CA66379153AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blaster Master Zero\exe\bsm.exe => No File
FirewallRules: [{82560D4A-0C7E-4566-8FBB-8E0DAFB5425F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe => No File
FirewallRules: [{1D1290FB-DF41-4F0C-859A-16E41A8929EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe => No File
FirewallRules: [{2EC52B68-D25F-43A7-A216-59D9C0895A8A}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{AD739769-8ED6-4E4A-809E-C9ADDBABB169}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{D7DDD836-B2A1-4200-8890-3EB08B8BF07E}] => (Allow) C:\Program Files (x86)\Astrill\astrill.exe (Astrill Systems Corp. -> Astrill)
FirewallRules: [{241C82EE-CC5C-44DD-8B57-CD0C274E7E31}] => (Allow) C:\Users\ki43d\AppData\Roaming\Tencent\QQ\STemp\SetupEx0\QQSetupEx.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{BAD81A43-5877-4D7A-B78C-FDD13384E158}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe => No File
FirewallRules: [{9688DD4A-9D20-4029-972D-A5B7949E78F7}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\auclt.exe => No File
FirewallRules: [{ACCD5E5A-19C3-4F31-9723-B74F0E8C3927}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\txupd.exe => No File
FirewallRules: [{9ABB117D-B9F3-4BCA-86D4-E94DBCA2BCE3}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\SetupEx\SetupEx.exe => No File
FirewallRules: [{11F1B5E9-0DBB-4C46-A332-C9768E6DC613}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maLauncher.exe => No File
FirewallRules: [{8E17079A-8ACD-4E17-B98F-6F0BE6309A55}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maUpdat.exe => No File
FirewallRules: [{E16160AC-09EB-4F2A-9D46-09DA841697BA}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\135\tencentdl.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{92AB7D92-2F55-409A-A2F7-4A32E0D770C4}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\135\bugreport_xf.exe => No File
FirewallRules: [{69F988C4-996E-42E4-B41B-DC33CC4DB126}] => (Allow) C:\Program Files (x86)\Tencent\QzoneMusic\QzoneMusic.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{507FF90B-8C9C-4824-BD7C-DFC015AD413E}] => (Allow) C:\Program Files (x86)\Tencent\QzoneMusic\QzoneMusic.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{56E9E8C5-22F7-4E6F-BA7D-95C478EBA319}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe => No File
FirewallRules: [{2A4E99B6-8D6C-4AB0-BC9B-A5A0DF4AB1CC}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe => No File
FirewallRules: [TCP Query User{29825AD4-1F69-4FF0-92A0-013589DDD079}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{5F5CB4A6-2C8D-4892-90D0-C8DC013FFDCD}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{F59F55E7-48B5-4A9D-A1D1-D3E08E9ED11F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\TQ.exe => No File
FirewallRules: [{C67EA084-E611-4B37-B8F4-E364FA6ED165}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\TQ.exe => No File
FirewallRules: [{872DD46B-BE86-48DE-8811-4308DCFC8337}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe => No File
FirewallRules: [{29344385-14B4-41D4-8A38-CA642D8A5D12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe => No File
FirewallRules: [{DC8AE1E5-439C-4765-9680-3E4CA35FF14D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9820E54E-E735-47F4-84BB-EA3B2CCE312B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loop Hero\Loop Hero.exe => No File
FirewallRules: [{0C0F5D43-E290-4421-9C5B-AC32D328B792}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loop Hero\Loop Hero.exe => No File
FirewallRules: [{23FB71D7-5A2D-48E9-AAED-2C63C0A57F30}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{07DA94FD-336E-458A-AD60-BB8682DCA5BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe => No File
FirewallRules: [{3F3AF15F-7A52-458B-B292-CCC994AADA3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe => No File
FirewallRules: [TCP Query User{20BA3A06-2C5D-4513-8209-94C69B70FFFC}C:\users\ki43d\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\ki43d\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [UDP Query User{98B151F9-C861-45EC-AA9C-8D5911C5D021}C:\users\ki43d\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\ki43d\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [{4F0B8E75-3955-464A-B5BB-031C8578C216}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{F658D120-1955-425E-B903-F6C12ACDECC8}] => (Allow) C:\Users\ki43d\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{683E4BD0-016F-4DAA-AB59-ED4D04EAC3BA}] => (Allow) C:\Users\ki43d\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{9A79B12F-DB70-4BC1-B412-0BD7DE2CA572}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E21A2146-337E-46C8-8D06-04B5BE662C5B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1F970ECF-A4D7-4D19-B87B-9945527E7748}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B8DCBDA9-DBD1-4648-9F41-995C9A89E5CB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A275CEFE-DDB0-40E1-9FB7-BBD1D01E3570}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{9F169FB0-9ECA-424F-B466-F05003E56526}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [TCP Query User{75BF5937-0D67-45B8-9345-16F85DDC501E}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe => No File
FirewallRules: [UDP Query User{5E8A9508-5A84-427F-92A1-CFFC7B22E949}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe => No File
FirewallRules: [{416D6936-B57B-4AE1-952B-63F5C85CC5F4}] => (Allow) LPort=57209
FirewallRules: [{A3E6687F-AC76-4314-A6D8-3496C19931DE}] => (Allow) LPort=57210
FirewallRules: [{675D7A20-3292-4792-95A8-61C06F77906E}] => (Allow) LPort=57211
FirewallRules: [{7065558F-F7F0-473C-8D92-072D6611724D}] => (Allow) LPort=57212
FirewallRules: [{FCF6D421-5011-4BBB-B769-C8432B2D87E0}] => (Allow) LPort=57213
FirewallRules: [{5DD4C55B-BCFF-4AA0-9C9B-24ED0ECB9830}] => (Allow) LPort=57214
FirewallRules: [{383287AB-6395-4938-956C-264C28F54FF6}] => (Allow) LPort=57215
FirewallRules: [{167FA084-5B24-429F-9D8D-5BA5E962FCA7}] => (Allow) LPort=57216
FirewallRules: [{CD587533-E6C9-4B0E-ACA0-62DFBBDCAB9C}] => (Allow) LPort=57217
FirewallRules: [{0DE78486-9D2E-47B6-8B49-1C57A6BE85E0}] => (Allow) LPort=57218
FirewallRules: [{5C6037B9-6C12-4478-B0BF-78C204489E16}] => (Allow) LPort=57209
FirewallRules: [{8B8785BF-E2BF-49DB-93F2-CA53590E1871}] => (Allow) LPort=57210
FirewallRules: [{3E2A19FE-6C8F-4D42-9175-0B32D16CDE2F}] => (Allow) LPort=57211
FirewallRules: [{491BA7E5-7903-4F43-B8DF-9F808FE0A45D}] => (Allow) LPort=57212
FirewallRules: [{C2AA6BA5-28D4-477C-926A-E39BE646EE6B}] => (Allow) LPort=57213
FirewallRules: [{FEA4ECEB-334E-46C3-A8DD-CD289FB70C38}] => (Allow) LPort=57214
FirewallRules: [{74C00C25-582E-42FD-9525-06C78DD7CB7B}] => (Allow) LPort=57215
FirewallRules: [{6BF2C668-C302-451D-B96E-0AE504EAAF47}] => (Allow) LPort=57216
FirewallRules: [{CEEDC783-EF1B-441E-8D65-93452D65C455}] => (Allow) LPort=57217
FirewallRules: [{4688C5A6-3432-476D-849A-A91A52D632B1}] => (Allow) LPort=57218
FirewallRules: [{E84FDECF-666E-43AB-A383-EFE1BF63D310}] => (Allow) LPort=23007
FirewallRules: [{51DBC59C-B97A-4F4D-A197-854C1625DAE1}] => (Allow) LPort=23008
FirewallRules: [{7096E10E-CCAB-4A26-A263-803C54A1191C}] => (Allow) LPort=33009
FirewallRules: [{25F4185A-955C-4F02-B2C3-C3B228EA46B6}] => (Allow) LPort=33010
FirewallRules: [{2A021943-CB73-496C-91A9-559560632136}] => (Allow) LPort=33011
FirewallRules: [{2BE04735-E2F5-4EF8-AFC9-9F8DEB99FF86}] => (Allow) LPort=43012
FirewallRules: [{65D6019D-EE21-40B7-96F7-AFC8BA6A9733}] => (Allow) LPort=43013
FirewallRules: [{2100C081-9476-4EB3-ADBC-AEA0E5DB3DAB}] => (Allow) LPort=53014
FirewallRules: [{3B66C576-F473-4A41-86D9-F344FED533A2}] => (Allow) LPort=53015
FirewallRules: [{490E8E9E-13F2-4A35-A139-53989CFA801A}] => (Allow) LPort=53016
FirewallRules: [{F7A701A5-0EAE-4977-B672-10CC74CBE65A}] => (Allow) LPort=23007
FirewallRules: [{888410EB-8317-4826-B7E0-3BDC92C44956}] => (Allow) LPort=23008
FirewallRules: [{8AD27D3D-995C-4E77-92A9-300D63CA738F}] => (Allow) LPort=33009
FirewallRules: [{D45ADE5E-E3F2-4F62-9A8F-FFD8F2B2F1A6}] => (Allow) LPort=33010
FirewallRules: [{5967EAAD-5BBC-4EE6-A743-A2F7DC618566}] => (Allow) LPort=33011
FirewallRules: [{324A40D6-19B4-4F0C-9E8D-04BD6137BCE6}] => (Allow) LPort=43012
FirewallRules: [{DB685073-9AFA-48C6-A470-1482A064904A}] => (Allow) LPort=43013
FirewallRules: [{49138850-C133-4206-BE1E-8CACA5B9CDBA}] => (Allow) LPort=53014
FirewallRules: [{0E1936F7-852F-4290-8E65-E959B27DAE4F}] => (Allow) LPort=53015
FirewallRules: [{D1ED447C-499A-45D0-A82C-70C9B6410CEE}] => (Allow) LPort=53016
FirewallRules: [{EACF8780-049C-4C84-B95B-BFEF0670CDD5}] => (Allow) LPort=50053
FirewallRules: [{B04F3F35-DC63-4BEB-93E6-BB0E95097D9D}] => (Allow) LPort=50053
FirewallRules: [{DDDD0A54-F946-4512-B1C6-BAF762AE778B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

10-08-2022 16:47:28 Windows モジュールインストーラー
10-08-2022 17:06:24 Windows モジュールインストーラー
10-08-2022 22:27:09 Windows モジュールインストーラー

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (08/11/2022 03:16:46 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe".Error in manifest or policy file "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe.Config" on line 12.
Invalid Xml syntax.

Error: (08/11/2022 03:10:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Autoruns64.exe, version: 14.0.9.0, time stamp: 0x620ab70c
Faulting module name: Autoruns64.exe, version: 14.0.9.0, time stamp: 0x620ab70c
Exception code: 0xc0000005
Fault offset: 0x00000000000cd315
Faulting process id: 0xce8
Faulting application start time: 0x01d8ad44771d5150
Faulting application path: C:\Users\ki43d\Downloads\Autoruns\Autoruns64.exe
Faulting module path: C:\Users\ki43d\Downloads\Autoruns\Autoruns64.exe
Report Id: 41f93f37-4c26-4f3c-b33e-32fb53097144
Faulting package full name:
Faulting package-relative application ID:

Error: (08/11/2022 02:33:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, システムシャットダウンが実行中です。
.

Error: (08/11/2022 02:33:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, システムシャットダウンが実行中です。
]

Error: (08/11/2022 01:40:35 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (08/11/2022 01:40:35 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

System errors:
=============
Error: (08/13/2022 02:11:36 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NCNDJGQ)
Description: The server {ED1D0FDF-4414-470A-A56D-CFB68623FC58} did not register with DCOM within the required timeout.

Error: (08/13/2022 02:09:33 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NCNDJGQ)
Description: The server {ED1D0FDF-4414-470A-A56D-CFB68623FC58} did not register with DCOM within the required timeout.

Error: (08/13/2022 02:08:11 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NCNDJGQ)
Description: The server {ED1D0FDF-4414-470A-A56D-CFB68623FC58} did not register with DCOM within the required timeout.

Error: (08/13/2022 02:04:18 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NCNDJGQ)
Description: The server {ED1D0FDF-4414-470A-A56D-CFB68623FC58} did not register with DCOM within the required timeout.

Error: (08/13/2022 01:20:42 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (08/11/2022 03:16:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Client Management Service service failed to start due to the following error:
The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

Error: (08/11/2022 03:13:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/11/2022 03:12:06 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NCNDJGQ)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "利用不可" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Windows Defender:
================
Date: 2022-08-14 19:03:44
Description:
Microsoft Defender ウイルス対策スキャンは完了する前に停止しました。
スキャン ID: {D1ABFB4A-0625-4189-A4FC-BA02E70A9A98}
スキャンの種類: マルウェア対策
スキャンパラメーター: クイックスキャン
ユーザー: NT AUTHORITY\SYSTEM

Date: 2022-08-13 20:18:38
Description:
Microsoft Defender ウイルス対策スキャンは完了する前に停止しました。
スキャン ID: {98803926-E8CE-4C8E-9D9B-9DEEB39D2787}
スキャンの種類: マルウェア対策
スキャンパラメーター: クイックスキャン
ユーザー: NT AUTHORITY\SYSTEM

Date: 2022-08-12 19:31:52
Description:
Microsoft Defender ウイルス対策スキャンは完了する前に停止しました。
スキャン ID: {E67C6899-6378-4449-B7BA-2200398385A6}
スキャンの種類: マルウェア対策
スキャンパラメーター: クイックスキャン
ユーザー: NT AUTHORITY\SYSTEM

Date: 2022-08-10 22:02:04
Description:
Microsoft Defender ウイルス対策スキャンは完了する前に停止しました。
スキャン ID: {E18C4CDF-1C40-4D06-9707-FFD9B4969502}
スキャンの種類: マルウェア対策
スキャンパラメーター: クイックスキャン
ユーザー: NT AUTHORITY\SYSTEM

Date: 2022-08-05 19:23:23
Description:
Microsoft Defender ウイルス対策スキャンは完了する前に停止しました。
スキャン ID: {2CCEAFD8-6BC0-449A-9EC8-1B1D0157E431}
スキャンの種類: マルウェア対策
スキャンパラメーター: クイックスキャン
ユーザー: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2022-08-11 14:35:34
Description:
Microsoft Defender ウイルス対策リアルタイム保護機能でエラーが発生して失敗しました。
機能: アクセス時
エラーコード: 0x8007043c
エラーの説明: このサービスはセーフモードで開始できません
理由: 不明な理由でマルウェア対策セキュリティインテリジェンスが機能を停止しました。サービスを再起動することで問題が解決する場合があります。

Date: 2022-08-08 19:13:26
Description:
Microsoft Defender ウイルス対策リアルタイム保護機能でエラーが発生して失敗しました。
機能: アクセス時
エラーコード: 0x8007043c
エラーの説明: このサービスはセーフモードで開始できません
理由: 不明な理由でマルウェア対策セキュリティインテリジェンスが機能を停止しました。サービスを再起動することで問題が解決する場合があります。

Date: 2022-08-05 19:31:20
Description:
Microsoft Defender ウイルス対策リアルタイム保護機能でエラーが発生して失敗しました。
機能: アクセス時
エラーコード: 0x8007043c
エラーの説明: このサービスはセーフモードで開始できません
理由: 不明な理由でマルウェア対策セキュリティインテリジェンスが機能を停止しました。サービスを再起動することで問題が解決する場合があります。

Date: 2022-08-05 09:21:11
Description:
Microsoft Defender ウイルス対策リアルタイム保護機能でエラーが発生して失敗しました。
機能: アクセス時
エラーコード: 0x8007043c
エラーの説明: このサービスはセーフモードで開始できません
理由: 不明な理由でマルウェア対策セキュリティインテリジェンスが機能を停止しました。サービスを再起動することで問題が解決する場合があります。

Date: 2022-08-04 17:05:01
Description:
Microsoft Defender ウイルス対策リアルタイム保護機能でエラーが発生して失敗しました。
機能: アクセス時
エラーコード: 0x8007043c
エラーの説明: このサービスはセーフモードで開始できません
理由: 不明な理由でマルウェア対策セキュリティインテリジェンスが機能を停止しました。サービスを再起動することで問題が解決する場合があります。

CodeIntegrity:
===============
Date: 2022-08-14 23:46:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5dc194ddcb559d66\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2Oh My!

Oh My!

Adware and Spyware and Malware

Malware Response Instructor
58,534 posts
OFFLINE

Gender:Male
Location:California
Local time:07:14 AM

Posted 14 August 2022 - 11:05 AM

Greetings Iwashacked and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
It is important to not run any tools or take any steps other than those I will provide for you.
Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
Please copy and paste all logs into your post unless otherwise requested.
When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able,

I would request you check this thread at least once per day

so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#3Oh My!

Oh My!

Adware and Spyware and Malware

Malware Response Instructor
58,534 posts
OFFLINE

Gender:Male
Location:California
Local time:07:14 AM

Posted 14 August 2022 - 01:45 PM

Greetings.

Although I can't say I am finding any confirmed instances of malicious software on the system, there are some things I see that are questionable. It may be that they make sense to you but they are random entries from my perspective and this, along with evidence of Peer 2 Peer software on the system raise some concern.

Do you recognize these?

C:\ProgramData\goyslgxe.nnn
C:\Users\ki43d\Downloads\fRmaCHcbdT3L.mp4
C:\Users\ki43d\Downloads\f38KFhycJFH2.mp4
C:\Users\ki43d\Downloads\nVqQiX3hhD0Y.mp4
C:\Users\ki43d\Downloads\1xHZ2iv4m2EU.mp4
C:\Users\ki43d\Downloads\17nypWABfsmu.mp4
C:\Users\ki43d\Downloads\s1nPYDj7KBEQ.mp4
C:\Users\ki43d\Downloads\f1eHbmQ4vkID.mp4
C:\Users\ki43d\Downloads\swIY0kjhC9ME.mp4
C:\Users\ki43d\Downloads\RsqNZO8jWicC.mp4
C:\Users\ki43d\Downloads\voBUdXW8s3iw.mp4
C:\Users\ki43d\Downloads\SodhjLpBcyQx.mp4
C:\Users\ki43d\Downloads\dCtUqW7nt8fm.mp4
C:\Users\ki43d\Downloads\xgfLaeYMaU48.mp4
C:\Users\ki43d\Downloads\HkauPov5Hsik.mp4
FirewallRules: [{416D6936-B57B-4AE1-952B-63F5C85CC5F4}] => (Allow) LPort=57209
FirewallRules: [{A3E6687F-AC76-4314-A6D8-3496C19931DE}] => (Allow) LPort=57210
FirewallRules: [{675D7A20-3292-4792-95A8-61C06F77906E}] => (Allow) LPort=57211
FirewallRules: [{7065558F-F7F0-473C-8D92-072D6611724D}] => (Allow) LPort=57212
FirewallRules: [{FCF6D421-5011-4BBB-B769-C8432B2D87E0}] => (Allow) LPort=57213
FirewallRules: [{5DD4C55B-BCFF-4AA0-9C9B-24ED0ECB9830}] => (Allow) LPort=57214
FirewallRules: [{383287AB-6395-4938-956C-264C28F54FF6}] => (Allow) LPort=57215
FirewallRules: [{167FA084-5B24-429F-9D8D-5BA5E962FCA7}] => (Allow) LPort=57216
FirewallRules: [{CD587533-E6C9-4B0E-ACA0-62DFBBDCAB9C}] => (Allow) LPort=57217
FirewallRules: [{0DE78486-9D2E-47B6-8B49-1C57A6BE85E0}] => (Allow) LPort=57218
FirewallRules: [{5C6037B9-6C12-4478-B0BF-78C204489E16}] => (Allow) LPort=57209
FirewallRules: [{8B8785BF-E2BF-49DB-93F2-CA53590E1871}] => (Allow) LPort=57210
FirewallRules: [{3E2A19FE-6C8F-4D42-9175-0B32D16CDE2F}] => (Allow) LPort=57211
FirewallRules: [{491BA7E5-7903-4F43-B8DF-9F808FE0A45D}] => (Allow) LPort=57212
FirewallRules: [{C2AA6BA5-28D4-477C-926A-E39BE646EE6B}] => (Allow) LPort=57213
FirewallRules: [{FEA4ECEB-334E-46C3-A8DD-CD289FB70C38}] => (Allow) LPort=57214
FirewallRules: [{74C00C25-582E-42FD-9525-06C78DD7CB7B}] => (Allow) LPort=57215
FirewallRules: [{6BF2C668-C302-451D-B96E-0AE504EAAF47}] => (Allow) LPort=57216
FirewallRules: [{CEEDC783-EF1B-441E-8D65-93452D65C455}] => (Allow) LPort=57217
FirewallRules: [{4688C5A6-3432-476D-849A-A91A52D632B1}] => (Allow) LPort=57218
FirewallRules: [{E84FDECF-666E-43AB-A383-EFE1BF63D310}] => (Allow) LPort=23007
FirewallRules: [{51DBC59C-B97A-4F4D-A197-854C1625DAE1}] => (Allow) LPort=23008
FirewallRules: [{7096E10E-CCAB-4A26-A263-803C54A1191C}] => (Allow) LPort=33009
FirewallRules: [{25F4185A-955C-4F02-B2C3-C3B228EA46B6}] => (Allow) LPort=33010
FirewallRules: [{2A021943-CB73-496C-91A9-559560632136}] => (Allow) LPort=33011
FirewallRules: [{2BE04735-E2F5-4EF8-AFC9-9F8DEB99FF86}] => (Allow) LPort=43012
FirewallRules: [{65D6019D-EE21-40B7-96F7-AFC8BA6A9733}] => (Allow) LPort=43013
FirewallRules: [{2100C081-9476-4EB3-ADBC-AEA0E5DB3DAB}] => (Allow) LPort=53014
FirewallRules: [{3B66C576-F473-4A41-86D9-F344FED533A2}] => (Allow) LPort=53015
FirewallRules: [{490E8E9E-13F2-4A35-A139-53989CFA801A}] => (Allow) LPort=53016
FirewallRules: [{F7A701A5-0EAE-4977-B672-10CC74CBE65A}] => (Allow) LPort=23007
FirewallRules: [{888410EB-8317-4826-B7E0-3BDC92C44956}] => (Allow) LPort=23008
FirewallRules: [{8AD27D3D-995C-4E77-92A9-300D63CA738F}] => (Allow) LPort=33009
FirewallRules: [{D45ADE5E-E3F2-4F62-9A8F-FFD8F2B2F1A6}] => (Allow) LPort=33010
FirewallRules: [{5967EAAD-5BBC-4EE6-A743-A2F7DC618566}] => (Allow) LPort=33011
FirewallRules: [{324A40D6-19B4-4F0C-9E8D-04BD6137BCE6}] => (Allow) LPort=43012
FirewallRules: [{DB685073-9AFA-48C6-A470-1482A064904A}] => (Allow) LPort=43013
FirewallRules: [{49138850-C133-4206-BE1E-8CACA5B9CDBA}] => (Allow) LPort=53014
FirewallRules: [{0E1936F7-852F-4290-8E65-E959B27DAE4F}] => (Allow) LPort=53015
FirewallRules: [{D1ED447C-499A-45D0-A82C-70C9B6410CEE}] => (Allow) LPort=53016
FirewallRules: [{EACF8780-049C-4C84-B95B-BFEF0670CDD5}] => (Allow) LPort=50053
FirewallRules: [{B04F3F35-DC63-4BEB-93E6-BB0E95097D9D}] => (Allow) LPort=50053

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#4Iwashacked

Iwashacked

Topic Starter

Members
118 posts
OFFLINE

Local time:11:14 PM

Posted 15 August 2022 - 02:07 AM

Hello again, I actually have a lot of podcasts/movies that I downloaded from various video sharing platforms and torrents as well.

I checked the names of all the downoaded files but they are different for some reason. What I will do is just delete all of them because I have seen them all and do not need them anymore.

I could run another scan after I removed them all and see if it clears up.

Also, I can not even get to this filepath: C:\ProgramData\goyslgxe.nnn

When I type in This PC and enter into my C drive folder, Program Data is not in even listed?

I never manually made the folder hidden or anything, so I do not understand what is going on with that.

What worries me even more are all the open ports on my firewall...because I did not set those up to be open manually...

I guess I need to start closing all these open ports.

Edited by Iwashacked, 15 August 2022 - 02:45 AM.

#5Iwashacked

Iwashacked

Topic Starter

Members
118 posts
OFFLINE

Local time:11:14 PM

Posted 15 August 2022 - 04:25 AM

So, I made an Inbound Rule on my Firewall for all the TCP connections to all of the ports you mentioned were open. Then I also deleted pretty much all of the media files I downloaded since I no longer need them.

The really strange thing is that even though I made sure I blocked off all these open ports with my firewall...the scan results of Farbar shows that they are all still open? How is this possible? Am I supposed to block UDP as well?

I ran another scan of Farbar. I hope hoping when you have time, you can let me know if you still notice anything suspicous going on with my system.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-08-2022
Ran by ki43d (administrator) on DESKTOP-NCNDJGQ (Dell Inc. Inspiron 5570) (15-08-2022 17:24:10)
Running from C:\Users\ki43d\Downloads
Loaded Profiles: ki43d
Platform: Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) Language: Japanese (Japan) -> English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Astrill Systems Corp. -> Astrill) C:\Program Files (x86)\Astrill\astrill.exe
(C:\Program Files (x86)\Astrill\ASOvpnSvc.exe ->) (Astrill Systems Corp. -> ) C:\Program Files (x86)\Astrill\aswgvpnc.exe
(C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe ->) (QFX Software Corporation -> QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Users\ki43d\AppData\Local\LINE\bin\current\LINE.exe ->) (LINE Corporation -> LINE Corporation) C:\Users\ki43d\AppData\Local\LINE\Data\plugin\LineCall\1.0.0.505\LineCall.exe
(C:\Users\ki43d\AppData\Local\LINE\bin\current\LINE.exe ->) (LINE Corporation -> LINE Corporation) C:\Users\ki43d\AppData\Local\LINE\Data\plugin\LineMediaPlayer\1.2.0.428\LineMediaPlayer.exe <2>
(DriverStore\FileRepository\igdlh64.inf_amd64_5dc194ddcb559d66\igfxCUIService.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5dc194ddcb559d66\igfxEM.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel\DPTF\esif_uf.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(LINE Corporation -> LINE Corporation) C:\Users\ki43d\AppData\Local\LINE\bin\current\LINE.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(QFX Software Corporation -> QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Astrill Systems Corp. -> Astrill) C:\Program Files (x86)\Astrill\ASOvpnSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5dc194ddcb559d66\igfxCUIService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5dc194ddcb559d66\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5dc194ddcb559d66\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.554.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe