Ok, so a few weeks ago my old email account, PayPal and Steam accounts were hacked into. Over the past few weeks, I have been fixing one problem after another. I deleted all my emails within this hacked email and then deleted the account. I contacted Steam support and requested a new password. I called up PayPal and had my account closed, so the hacker can not keep using it. He attempted to make an expensive purchase of a few hundred dollars but I explained that I was hacked and the PayPal staff closed my account.
I also made much more complicated passwords for all my new accounts. I installed HitmanPro, SuperAntiSpyware, Rkill, Mbar, Hijack This, Autoruns and TCPView, which some helpful folks on here mentioned all this is overkill.
I got rid of all these programs and installed the trial version of Malwarebytes as was recommended by these same folks. I ran a full system scan with Malwarebytes and it found 2 backdoor malware in my registry, which I think it successfully removed because I did two more full system scans and it did not detect anymore attacks or suspicious files.
Also before I removed Hijack This, it did detect 3 RATs in my system as well. It is the same situation with Malwarebytes where I think it might have removed them because I did more scans afterward and nothing else came up.
I know this does not mean my system is completely clean, which is why I decided to post about my situation on here for some experts to check things out. I will post the Farbar scan logs below.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-08-2022
Ran by ki43d (administrator) on DESKTOP-NCNDJGQ (Dell Inc. Inspiron 5570) (14-08-2022 23:39:15)
Running from C:Userski43dDownloads
Loaded Profiles: ki43d
Platform: Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) Language: Japanese (Japan) -> English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:Program Files (x86)AstrillASOvpnSvc.exe ->) (Astrill Systems Corp. -> ) C:Program Files (x86)Astrillaswgvpnc.exe
(C:Program Files (x86)KeyScramblerKeyScrambler.exe ->) (QFX Software Corporation -> QFX Software Corporation) C:Program Files (x86)KeyScramblerx64KeyScrambler.exe
(C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32cmd.exe
(C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
(C:Program FilesRealtekAudioHDARtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVBg64.exe <2>
(C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2205.7-0MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2205.7-0MpCopyAccelerator.exe
(C:Userski43dAppDataLocalLINEbincurrentLINE.exe ->) (LINE Corporation -> LINE Corporation) C:Userski43dAppDataLocalLINEDatapluginLineCall1.0.0.505LineCall.exe
(C:Userski43dAppDataLocalLINEbincurrentLINE.exe ->) (LINE Corporation -> LINE Corporation) C:Userski43dAppDataLocalLINEDatapluginLineMediaPlayer1.2.0.428LineMediaPlayer.exe <2>
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMbamBgNativeMsg.exe
(DriverStoreFileRepositoryigdlh64.inf_amd64_5dc194ddcb559d66igfxCUIService.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryigdlh64.inf_amd64_5dc194ddcb559d66igfxEM.exe
(explorer.exe ->) (Astrill Systems Corp. -> Astrill) C:Program Files (x86)Astrillastrill.exe
(explorer.exe ->) (QFX Software Corporation -> QFX Software Corporation) C:Program Files (x86)KeyScramblerKeyScrambler.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARtkNGUI64.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe
(IntelDPTFesif_uf.exe ->) (Intel® pGFX -> Intel Corporation) C:WindowsSystem32IntelDPTFdptf_helper.exe
(LINE Corporation -> LINE Corporation) C:Userski43dAppDataLocalLINEbincurrentLINE.exe
(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe <10>
(Mozilla Corporation -> Mozilla Corporation) C:Program FilesMozilla Firefoxfirefox.exe <15>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
(services.exe ->) (Astrill Systems Corp. -> Astrill) C:Program Files (x86)AstrillASOvpnSvc.exe
(services.exe ->) (Dell Inc -> ) C:Program Files (x86)Dell Digital Delivery ServicesDell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:Program FilesDellSARemediationagentDellSupportAssistRemedationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorymewmiprov.inf_amd64_cad1db73e8c782a6WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_b5484efd38adbe8djhi_service.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:WindowsSystem32IntelDPTFesif_uf.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryigdlh64.inf_amd64_5dc194ddcb559d66igfxCUIService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryigdlh64.inf_amd64_5dc194ddcb559d66IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryigdlh64.inf_amd64_5dc194ddcb559d66IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiastorac.inf_amd64_9c788f1d162b1224RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v3.0WPFPresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:WindowsSystem32driversAdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2205.7-0MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2205.7-0NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARtkAudioService64.exe
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:Program FilesSUPERAntiSpywareSASCore64.exe
(services.exe ->) (SurfRight B.V. -> SurfRight B.V.) C:Program FilesHitmanProhmpsched.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:Program FilesWavesMaxxAudioWavesSysSvc64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsWinSxSamd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1852_none_7de3b01c7cacf858TiWorker.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM…Run: [RTHDVCPL] => C:Program FilesRealtekAudioHDARtkNGUI64.exe [11102816 2021-01-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM…Run: [RtHDVBg_PushButton] => C:Program FilesRealtekAudioHDARAVBg64.exe [3618096 2021-01-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM…Run: [DellMobileConnectWelcome] => C:Program FilesDellDellMobileConnectDriversDellMobileConnectWelcome.exe [345848 2019-02-13] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM…Run: [IAStorIcon] => C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe [318920 2019-05-30] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32…Run: [APSDaemon] => C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32…Run: [Discord] => C:ProgramDataSquirrelMachineInstallsDiscord.exe [82992808 2022-04-06] (Discord Inc. -> Discord Inc.)
HKLM-x32…Run: [KeyScrambler] => C:Program Files (x86)KeyScramblerkeyscrambler.exe [512536 2021-09-28] (QFX Software Corporation -> QFX Software Corporation)
HKLMSOFTWAREPoliciesMicrosoftWindows Defender: Restriction <==== ATTENTION
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…Run: [f.lux] => C:Userski43dAppDataLocalFluxSoftwareFluxflux.exe [1515848 2021-06-18] (F.lux Software LLC -> f.lux Software LLC)
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…Run: [Wechat] => C:Program Files (x86)TencentWeChatWeChat.exe [559184 2020-11-20] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…Run: [MicrosoftEdgeAutoLaunch_651BD28083BE5F69B3FA653E81792869] => “C:Program Files (x86)MicrosoftEdgeApplicationmsedge.exe” –no-startup-window –win-session-start /prefetch:5 [3827128 2022-08-11] (Microsoft Corporation -> Microsoft Corporation)
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…Run: [Microsoft Edge Update] => C:Userski43dAppDataLocalMicrosoftEdgeUpdate1.3.165.21MicrosoftEdgeUpdateCore.exe [252864 2022-07-27] (Microsoft Corporation -> Microsoft Corporation)
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…Run: [SUPERAntiSpyware] => C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe [10994528 2022-04-21] (Support.com, Inc. -> SUPERAntiSpyware)
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…Run: [Steam] => C:Program Files (x86)Steamsteam.exe [4230544 2022-07-27] (Valve Corp. -> Valve Corporation)
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…Run: [CCleaner Smart Cleaning] => C:Program FilesCCleanerCCleaner64.exe [37054552 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…MountPoints2: {19967724-c84a-11eb-918f-d8d090307411} – “F:StartBackup.exe”
HKLMSoftwareWow6432NodeMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> “C:Program Files (x86)GoogleChromeApplication64.0.3282.119Installerchrmstp.exe” –configure-user-settings –verbose-logging –system-level
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01EBB2DC-7F36-464F-A741-3EF2274F8812} – System32TasksAdobe Acrobat Update Task => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {0DB1CDE2-4B1C-44B3-836D-91D52F48EFB5} – System32TasksMicrosoftEdgeUpdateTaskUserS-1-5-21-3065487495-3473570161-1620390084-1001UA => C:Userski43dAppDataLocalMicrosoftEdgeUpdateMicrosoftEdgeUpdate.exe [205744 2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {10E826CF-F6FD-4F1C-8CC6-2B6C085B262E} – System32TasksIntel PTT EK Recertification => C:WINDOWSSystem32DriverStoreFileRepositoryiclsclient.inf_amd64_76523213b78d9046libIntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel® Corporation)
Task: {1E0DE2B0-B43B-4E58-8EB3-ED8CA070132A} – System32TasksMicrosoftWindowsManagementAutopilotRemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:WINDOWSSystem32Autopilot.dll [192000 2022-08-10] (Microsoft Windows -> Microsoft Corporation)
Task: {36E5CDEA-B727-4473-B878-216F05571543} – System32TasksMicrosoftOfficeOffice Performance Monitor => C:Program FilesMicrosoft OfficerootVFSProgramFilesCommonX64Microsoft SharedOffice16operfmon.exe [61856 2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {49A532CA-56F4-43FD-A3A9-21A7B0B66C50} – System32TasksMozillaFirefox Default Browser Agent 308046B0AF4A39CB => C:Program FilesMozilla Firefoxdefault-browser-agent.exe do-task “308046B0AF4A39CB”
Task: {4CC385F1-2CC5-4517-9618-EA08FD7E3A12} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23713200 2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {5687265F-F9A4-4171-A41F-AC5898F0D4FF} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [145304 2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {5775E91C-5E6C-4CC9-9FF7-236738FEFC9F} – System32TasksMicrosoftOfficeIMESharePointDictionary => c:Program FilesCommon FilesMicrosoft SharedIME16IMESharePointDictionary.exe [247216 2002-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {61935CBC-428A-475C-8942-6C0087EFA51B} – System32TasksCCleaner Update => C:Program FilesCCleanerCCUpdate.exe [684976 2022-07-18] (Piriform Software Ltd -> Piriform)
Task: {63A76DD2-12D8-4053-BB1E-B451641457C3} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2205.7-0MpCmdRun.exe [993008 2022-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7AB75F12-A9C7-4CD0-BB76-217C9BFF9BE7} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2205.7-0MpCmdRun.exe [993008 2022-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8B122C37-2CAA-4EB0-83B4-F7EEAFBECCF6} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2205.7-0MpCmdRun.exe [993008 2022-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {95471034-0615-40C8-83A9-8FDB56157157} – System32TasksCCleanerSkipUAC – ki43d => C:Program FilesCCleanerCCleaner.exe [31101528 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A2EE80E7-2271-4AC9-8B5F-C89641C56805} – System32TasksMozillaFirefox Background Update 308046B0AF4A39CB => C:Program FilesMozilla Firefoxfirefox.exe –MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 –MOZ_LOG_FILE C:ProgramDataMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38updates308046B0AF4A39CBbackgroundupdate.moz_log –backgroundtask backgroundupdate
Task: {A647F387-34F1-42A3-AD26-D7A26DB25A2A} – System32TasksMicrosoftEdgeUpdateTaskUserS-1-5-21-3065487495-3473570161-1620390084-1001Core => C:Userski43dAppDataLocalMicrosoftEdgeUpdateMicrosoftEdgeUpdate.exe [205744 2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B5E3AC57-FD2C-4CDC-9268-FED2B170A25A} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [145304 2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3C5CCCF-72B7-4638-A849-55850219453D} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2205.7-0MpCmdRun.exe [993008 2022-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F6135963-3CB3-4C74-BA17-B619CDEDC9F1} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23713200 2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA5256C8-BBAD-4C32-96BD-23E5133B7B33} – System32TasksMicrosoftWindowsWindowsUpdateRUXIMPLUGScheduler => C:Program FilesRUXIMPLUGscheduler.exe (No File)
Task: {FE76CA49-8A74-4465-889B-4309AEB0E1D4} – System32TasksMicrosoftWindowsManagementAutopilotDetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:WINDOWSSystem32Autopilot.dll [192000 2022-08-10] (Microsoft Windows -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job => C:WINDOWSexplorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:WINDOWSSysWOW64ASProxy.dll [401656 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9 02 C:WINDOWSSysWOW64ASProxy.dll [401656 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9 03 C:WINDOWSSysWOW64ASProxy.dll [401656 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9 04 C:WINDOWSSysWOW64ASProxy.dll [401656 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9 19 C:WINDOWSSysWOW64ASProxy.dll [401656 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9-x64 01 C:WINDOWSsystem32ASProxy64.dll [565496 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9-x64 02 C:WINDOWSsystem32ASProxy64.dll [565496 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9-x64 03 C:WINDOWSsystem32ASProxy64.dll [565496 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9-x64 04 C:WINDOWSsystem32ASProxy64.dll [565496 2016-06-01] (Astrill Systems Corp. -> Astrill)
Winsock: Catalog9-x64 19 C:WINDOWSsystem32ASProxy64.dll [565496 2016-06-01] (Astrill Systems Corp. -> Astrill)
Tcpip..Interfaces{67899b71-8e9d-4572-9ae2-ef8968546368}: [DhcpNameServer] 192.168.0.1
Tcpip..Interfaces{ba1883c0-3896-4673-ac23-4958ae51b2bf}: [NameServer] 198.18.192.1
Edge:
=======
DownloadDir: C:Userski43dDownloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:Userski43dAppDataLocalMicrosoftEdgeUser DataDefault [2022-08-14]
Edge Notifications: Default -> hxxps://kissanime.com.ru; hxxps://thepiratebay.org; hxxps://www.rere.jp
Edge HomePage: Default -> hxxps://www.yahoo.co.jp/
Edge Extension: (Malwarebytes Browser Guard) – C:Userski43dAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsbojobppfploabceghnmlahpoonbcbacn [2022-08-14]
Edge HKLM…EdgeExtension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32…EdgeExtension: [bojobppfploabceghnmlahpoonbcbacn]
FireFox:
========
FF DefaultProfile: vht1qbyf.default
FF DefaultProfile: 0tfjb211.default
FF ProfilePath: C:Userski43dAppDataRoamingMozillaFirefoxProfilesvht1qbyf.default [2022-08-08]
FF ProfilePath: C:Userski43dAppDataRoamingMozillaFirefoxProfileswxrs56na.default-release [2022-08-14]
FF Extension: (HTTPS Everywhere) – C:Userski43dAppDataRoamingMozillaFirefoxProfileswxrs56na.default-releaseExtensionshttps-everywhere@eff.org.xpi [2022-08-09]
FF Extension: (Privacy Badger) – C:Userski43dAppDataRoamingMozillaFirefoxProfileswxrs56na.default-releaseExtensionsjid1-MnnxcxisBPnSXQ@jetpack.xpi [2022-08-14]
FF Extension: (uBlock Origin) – C:Userski43dAppDataRoamingMozillaFirefoxProfileswxrs56na.default-releaseExtensionsuBlock0@raymondhill.net.xpi [2022-08-14]
FF Extension: (Privacy Possum) – C:Userski43dAppDataRoamingMozillaFirefoxProfileswxrs56na.default-releaseExtensionswoop-NoopscooPsnSXQ@jetpack.xpi [2022-08-14]
FF Extension: (bleepute Downloader) – C:Userski43dAppDataRoamingMozillaFirefoxProfileswxrs56na.default-releaseExtensions{1750307e-9fc3-4225-96e1-328b7e10c7b0}.xpi [2021-04-25]
FF Extension: (Malwarebytes Browser Guard) – C:Userski43dAppDataRoamingMozillaFirefoxProfileswxrs56na.default-releaseExtensions{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-08-12]
FF Extension: (Bitwarden – Free Password Manager) – C:Userski43dAppDataRoamingMozillaFirefoxProfileswxrs56na.default-releaseExtensions{446900e4-71c2-419f-a6a7-df9c091e268b}.xpi [2022-08-14]
FF Extension: (Video DownloadHelper) – C:Userski43dAppDataRoamingMozillaFirefoxProfileswxrs56na.default-releaseExtensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-08-14]
FF ProfilePath: C:Userski43dAppDataRoamingMoonchild ProductionsPale MoonProfilestfjb211.default [2022-08-14]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:Program FilesAdobeAcrobat DCAcrobatAirnppdf32.dll [2022-08-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:Program Files (x86)Common FilesTencentNpchromenpchrome.dll [2021-09-24] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:Program Files (x86)Common FilesTencentNPQSCALLnpqscall.dll [2021-09-24] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:Program Files (x86)TencentQzonenpQQPhotoDrawEx.dll [2013-08-13] (Tencent Technology(Shenzhen) Company Limited -> )
FF Plugin-x32: @qq.com/QzoneMusic -> C:Program Files (x86)TencentQzoneMusicnpQzoneMusic.dll [2016-02-26] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:Program Files (x86)Common FilesTencentTXSSO1.2.2.1BinnpSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:Program Files (x86)QQMailPluginnpQQMailWebKit.dll [2013-04-25] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:Program Files (x86)QQMailPluginnptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited) [File not signed]
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:Program Files (x86)VideoLANVLCnpvlc.dll [2021-06-19] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR HKLM…ChromeExtension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32…ChromeExtension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32…ChromeExtension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:Program FilesSUPERAntiSpywareSASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 ASOVPNHelper; C:Program Files (x86)AstrillASOvpnSvc.exe [823312 2020-10-11] (Astrill Systems Corp. -> Astrill)
S3 ASProxy; C:Program Files (x86)AstrillASProxy.exe [2618104 2016-06-01] (Astrill Systems Corp. -> Astrill)
R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [12102608 2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
S3 dcpm-notify; C:Program FilesDellCommandPowerManagerNotifyService.exe [313440 2019-01-08] (Dell Inc -> Dell Inc.)
R2 Dell Digital Delivery Services; C:Program Files (x86)Dell Digital Delivery ServicesDell.D3.WinSvc.exe [55712 2022-08-01] (Dell Inc -> )
R2 Dell SupportAssist Remediation; C:Program FilesDellSARemediationagentDellSupportAssistRemedationService.exe [301768 2019-08-12] (Dell Inc -> Dell Inc.)
S3 Dell.CommandPowerManager.Service; C:Windowssystem32dllhost.exe /Processid:{208C5BFC-A1B1-4B52-B14B-3B919AE401BC} [21312 2021-03-12] (Microsoft Windows -> Microsoft Corporation)
S2 DellClientManagementService; C:Program Files (x86)DellUpdateServiceServiceShell.exe [35976 2019-04-03] (Dell Inc -> )
R2 HitmanProScheduler; C:Program FilesHitmanProhmpsched.exe [152576 2022-08-07] (SurfRight B.V. -> SurfRight B.V.)
R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [8680192 2022-08-14] (Malwarebytes Inc. -> Malwarebytes)
S3 QFXUpdateService; C:Program Files (x86)KeyScramblerx64QFXUpdateService.exe [83480 2021-09-28] (QFX Software Corporation -> )
R3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2205.7-0NisSrv.exe [3120992 2022-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2205.7-0MsMpEng.exe [133544 2022-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:WINDOWSSystem32driversbthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [158640 2022-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 KeyScrambler; C:WINDOWSSystem32driverskeyscrambler.sys [243800 2018-09-08] (QFX Software Corporation -> QFX Software Corporation)
R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [223176 2022-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [21480 2022-08-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [192960 2022-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [74704 2022-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [239544 2022-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [181992 2022-08-14] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKsl02304341; C:ProgramDataMicrosoftWindows DefenderDefinition Updates{8F34EA50-672D-4718-BE5A-1798B0262898}MpKslDrv.sys [141576 2022-08-14] (Microsoft Windows -> Microsoft Corporation)
R1 SASDIFSV; C:Program FilesSUPERAntiSpywareSASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:Program FilesSUPERAntiSpywareSASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [49576 2022-06-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [452856 2022-06-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [91384 2022-06-24] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:WINDOWSsystem32DRIVERSwintun.sys [38176 2021-09-22] (WireGuard LLC -> WireGuard LLC)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-08-14 23:39 – 2022-08-14 23:42 – 000027925 _____ C:Userski43dDownloadsFRST.txt
2022-08-14 23:34 – 2022-08-14 23:41 – 000000000 ____D C:FRST
2022-08-14 23:33 – 2022-08-14 23:33 – 002370048 _____ (Farbar) C:Userski43dDownloadsFRST64.exe
2022-08-14 20:17 – 2022-08-14 20:17 – 146025742 _____ C:Userski43dDownloadsSUPPRESSED CANCER CURES.mp4
2022-08-14 18:09 – 2022-08-14 18:09 – 000002174 _____ C:Userski43dDesktopMBAMscan1.txt
2022-08-14 17:43 – 2022-08-14 23:32 – 000000000 ____D C:Userski43dAppDataLocalLowIGDump
2022-08-14 17:35 – 2022-08-14 17:35 – 000074704 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys
2022-08-14 17:34 – 2022-08-14 17:34 – 000192960 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys
2022-08-14 17:34 – 2022-08-14 17:34 – 000181992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys
2022-08-14 16:59 – 2022-08-14 16:59 – 000239544 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys
2022-08-14 16:59 – 2022-08-14 16:59 – 000002035 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk
2022-08-14 16:59 – 2022-08-14 16:59 – 000002023 _____ C:UsersPublicDesktopMalwarebytes.lnk
2022-08-14 16:58 – 2022-08-14 16:58 – 000158640 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys
2022-08-14 16:58 – 2022-08-14 16:57 – 000021480 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys
2022-08-14 16:56 – 2022-08-14 16:56 – 002556344 _____ (Malwarebytes) C:Userski43dDownloadsMBSetup(1).exe
2022-08-14 13:08 – 2022-08-14 13:08 – 000000000 ____D C:Userski43d.ms-ad
2022-08-14 03:26 – 2022-08-14 03:27 – 062448468 _____ C:Userski43dDownloadsfRmaCHcbdT3L.mp4
2022-08-14 02:52 – 2022-08-14 03:20 – 118266680 _____ C:Userski43dDownloadsf38KFhycJFH2.mp4
2022-08-14 02:51 – 2022-08-14 03:22 – 111935043 _____ C:Userski43dDownloadsnVqQiX3hhD0Y.mp4
2022-08-14 02:44 – 2022-08-14 03:19 – 079277160 _____ C:Userski43dDownloads1xHZ2iv4m2EU.mp4
2022-08-13 20:03 – 2022-08-13 20:03 – 000113964 _____ C:Userski43dDownloadsHandsome-Truth-EXPOSED-as-Operative_thumb27-1144659071.jfif
2022-08-13 20:02 – 2022-08-13 20:02 – 000010408 _____ C:Userski43dDownloads1-1913079617.jfif
2022-08-13 17:37 – 2022-08-13 17:37 – 003186906 _____ C:Userski43dDownloadsThe Judas Goats The Enemy Within – Michael Collins Piper 2006.pdf
2022-08-13 02:17 – 2022-08-13 02:17 – 000012735 _____ C:ProgramDatagoyslgxe.nnn
2022-08-13 01:41 – 2022-08-13 01:42 – 000000000 ____D C:Userski43dDesktopdocs
2022-08-12 14:27 – 2022-08-12 14:27 – 000000000 ____D C:Userski43dAppDataRoamingMicrosoftWindowsStart MenuProgramsZoom
2022-08-11 15:35 – 2022-08-12 00:41 – 000000000 ____D C:Program FilesMozilla Firefox
2022-08-11 15:21 – 2022-08-11 15:21 – 000000000 ____D C:Program Files (x86)DummyDir
2022-08-10 23:01 – 2022-08-10 23:01 – 000000000 ____D C:Userski43dDownloadsTCPView
2022-08-10 23:00 – 2022-08-10 23:00 – 002226419 _____ C:Userski43dDownloadsTCPView.zip
2022-08-10 17:58 – 2022-08-10 17:58 – 000581120 _____ (Microsoft Corporation) C:WINDOWSsystem32PhotoScreensaver.scr
2022-08-10 17:58 – 2022-08-10 17:58 – 000499200 _____ (Microsoft Corporation) C:WINDOWSSysWOW64PhotoScreensaver.scr
2022-08-10 17:57 – 2022-08-10 17:57 – 000011803 _____ C:WINDOWSsystem32DrtmAuthTxt.wim
2022-08-10 17:56 – 2022-08-10 17:56 – 000060928 _____ C:WINDOWSsystem32runexehelper.exe
2022-08-10 17:55 – 2022-08-10 17:55 – 000288768 _____ C:WINDOWSsystem32Windows.Management.InprocObjects.dll
2022-08-10 17:55 – 2022-08-10 17:55 – 000162304 _____ C:WINDOWSsystem32DataStoreCacheDumpTool.exe
2022-08-10 17:55 – 2022-08-10 17:55 – 000089088 _____ C:WINDOWSsystem32windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-10 17:55 – 2022-08-10 17:55 – 000073216 _____ C:WINDOWSsystem32windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-10 16:50 – 2022-08-10 16:50 – 000000000 ___HD C:$WinREAgent
2022-08-09 01:34 – 2022-08-09 01:34 – 000000000 ____D C:Userski43dDownloadsAutoruns
2022-08-09 01:33 – 2022-08-09 01:33 – 003862520 _____ C:Userski43dDownloadsAutoruns.zip
2022-08-09 00:10 – 2022-08-09 00:33 – 000000000 ____D C:Userski43dAppDataLocalBattle.net
2022-08-09 00:10 – 2022-08-09 00:22 – 000000000 ____D C:Userski43dAppDataRoamingBattle.net
2022-08-09 00:10 – 2022-08-09 00:10 – 000000940 _____ C:UsersPublicDesktopBattle.net.lnk
2022-08-09 00:10 – 2022-08-09 00:10 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBattle.net
2022-08-09 00:09 – 2022-08-09 00:22 – 000000000 ____D C:Program Files (x86)Battle.net
2022-08-08 20:39 – 2022-08-08 20:39 – 000000166 _____ C:WINDOWSwininit.ini
2022-08-08 20:28 – 2022-08-08 20:28 – 000388608 _____ (Trend Micro Inc.) C:Userski43dDownloadsHijackThis.exe
2022-08-08 19:39 – 2022-08-14 16:57 – 000000000 ____D C:ProgramDataMalwarebytes
2022-08-08 19:39 – 2022-08-08 19:39 – 000255928 _____ (Malwarebytes) C:WINDOWSsystem32Drivers17128457.sys
2022-08-08 19:36 – 2022-08-14 16:59 – 000223176 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys
2022-08-08 19:36 – 2022-08-08 20:25 – 000000000 ____D C:ProgramDataMalwarebytes’ Anti-Malware (portable)
2022-08-08 19:36 – 2022-08-08 19:36 – 014178840 _____ (Malwarebytes Corp.) C:Userski43dDownloadsmbar-1.10.3.1001.exe
2022-08-08 19:32 – 2022-08-08 19:32 – 000000000 ____D C:Userski43dAppDataRoamingQFX Software
2022-08-08 19:32 – 2022-08-08 19:32 – 000000000 ____D C:ProgramDataQFX Software
2022-08-08 19:26 – 2022-08-08 19:26 – 001552304 _____ C:Userski43dDownloadsKeyScrambler_Setup.exe
2022-08-08 19:26 – 2022-08-08 19:26 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsKeyScrambler
2022-08-08 19:26 – 2022-08-08 19:26 – 000000000 ____D C:Program Files (x86)KeyScrambler
2022-08-08 19:26 – 2018-09-08 15:15 – 000243800 _____ (QFX Software Corporation) C:WINDOWSsystem32Driverskeyscrambler.sys
2022-08-07 20:27 – 2022-08-11 15:23 – 000000000 ____D C:WINDOWSsystem32TasksMeta
2022-08-07 20:26 – 2022-08-07 20:26 – 000000000 ____D C:Userski43dAppDataLocalmessenger-updater
2022-08-07 17:30 – 2022-08-07 17:30 – 000001496 _____ C:WINDOWSsystem32.crusader
2022-08-07 16:50 – 2022-08-11 15:10 – 000001968 _____ C:UsersPublicDesktopHitmanPro.lnk
2022-08-07 16:50 – 2022-08-07 23:58 – 000000000 ____D C:Program FilesHitmanPro
2022-08-07 16:50 – 2022-08-07 17:31 – 000000000 ____D C:ProgramDataHitmanPro
2022-08-07 16:50 – 2022-08-07 16:50 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsHitmanPro
2022-08-07 16:48 – 2022-08-07 16:58 – 014248944 _____ (SurfRight B.V.) C:Userski43dDownloadsHitmanPro_x64.exe
2022-08-07 00:10 – 2022-08-07 00:10 – 002817055 _____ C:Userski43dDownloadssteam-2.3.9.apk
2022-08-07 00:10 – 2022-08-07 00:10 – 000000000 ____D C:Userski43dDownloadssteam-2.3.9
2022-08-05 19:30 – 2022-08-05 20:29 – 000254598 _____ C:WINDOWSntbtlog.txt
2022-08-04 16:55 – 2022-08-11 15:12 – 000000000 ____D C:WINDOWSpss
2022-08-04 03:26 – 2022-08-04 03:27 – 298017269 _____ C:Userski43dDownloads17nypWABfsmu.mp4
2022-08-04 03:02 – 2022-08-04 03:05 – 2244173462 _____ C:Userski43dDownloadss1nPYDj7KBEQ.mp4
2022-08-03 02:38 – 2022-08-03 02:39 – 155180680 _____ C:Userski43dDownloadsf1eHbmQ4vkID.mp4
2022-08-03 02:36 – 2022-08-03 02:38 – 131511245 _____ C:Userski43dDownloadsswIY0kjhC9ME.mp4
2022-08-03 02:34 – 2022-08-03 02:34 – 031909602 _____ C:Userski43dDownloadsRsqNZO8jWicC.mp4
2022-08-03 02:34 – 2022-08-03 02:34 – 011378264 _____ C:Userski43dDownloadsvoBUdXW8s3iw.mp4
2022-08-03 02:32 – 2022-08-03 02:37 – 320022903 _____ C:Userski43dDownloadsSodhjLpBcyQx.mp4
2022-08-03 02:31 – 2022-08-03 02:32 – 046994935 _____ C:Userski43dDownloadsdCtUqW7nt8fm.mp4
2022-08-03 02:24 – 2022-08-03 02:24 – 030775518 _____ C:Userski43dDownloadsxgfLaeYMaU48.mp4
2022-08-03 02:07 – 2022-08-03 02:07 – 022089429 _____ C:Userski43dDownloadsHkauPov5Hsik.mp4
2022-08-02 02:47 – 2022-08-12 23:56 – 000000000 ____D C:Program Files (x86)Steam
2022-08-02 02:47 – 2022-08-02 02:47 – 000001038 _____ C:UsersPublicDesktopSteam.lnk
2022-08-02 02:47 – 2022-08-02 02:47 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsSteam
2022-08-02 01:23 – 2022-08-02 01:23 – 001802704 _____ (Bleeping Computer, LLC) C:Userski43dDownloadsrkill.exe
2022-08-02 01:19 – 2022-08-11 15:10 – 000002036 _____ C:Userski43dDesktopSUPERAntiSpyware Free Edition.lnk
2022-08-02 01:19 – 2022-08-02 01:19 – 000000000 ____D C:Userski43dAppDataRoamingSUPERAntiSpyware.com
2022-08-02 01:19 – 2022-08-02 01:19 – 000000000 ____D C:Userski43dAppDataRoamingMicrosoftWindowsStart MenuProgramsSUPERAntiSpyware
2022-08-02 01:18 – 2022-08-02 01:19 – 000000000 ____D C:Program FilesSUPERAntiSpyware
2022-08-02 01:18 – 2022-08-02 01:18 – 000000000 ____D C:ProgramDataSUPERAntiSpyware.com
2022-08-02 01:17 – 2022-08-02 01:18 – 219963744 _____ (SUPERAntiSpyware) C:Userski43dDownloadsSUPERAntiSpyware.exe
2022-07-31 18:49 – 2022-07-31 18:49 – 000000000 ____D C:Userski43dDownloadsGradius III (USA)
2022-07-31 18:31 – 2022-07-31 18:31 – 000000000 ____D C:Userski43dDownloadsFinal Fantasy III (USA) (Rev 1)
2022-07-31 18:30 – 2022-07-31 18:31 – 002243313 _____ C:Userski43dDownloadsFinal Fantasy III (USA) (Rev 1).zip
2022-07-31 18:29 – 2022-07-31 18:29 – 003854525 _____ C:Userski43dDownloadssnes9x-1.60-win32-x64.zip
2022-07-31 18:29 – 2022-07-31 18:29 – 000000000 ____D C:Userski43dDownloadssnes9x-1.60-win32-x64
2022-07-31 18:11 – 2022-07-31 18:11 – 000433344 _____ C:Userski43dDownloadsGradius III (USA).zip
2022-07-31 18:10 – 2022-07-31 18:10 – 000448469 _____ C:Userski43dDownloadsgryzor.zip
2022-07-31 18:06 – 2022-07-31 18:06 – 002251365 _____ C:Userski43dDownloadsFinal Fantasy VI (Japan).zip
2022-07-30 12:48 – 2022-07-30 17:22 – 000000000 ____D C:Program FilesRecuva
2022-07-30 12:48 – 2022-07-30 12:48 – 000001701 _____ C:UsersPublicDesktopRecuva.lnk
2022-07-30 12:48 – 2022-07-30 12:48 – 000000000 ____D C:ProgramDataPiriform
2022-07-30 12:48 – 2022-07-30 12:48 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRecuva
2022-07-30 12:47 – 2022-07-30 12:47 – 011897288 _____ (Piriform Software Ltd) C:Userski43dDownloadsrcsetup153.exe
2022-07-30 12:43 – 2022-07-30 12:43 – 027125741 _____ C:Userski43dDownloadstestdisk-7.2-WIP.win64.zip
2022-07-30 04:16 – 2022-07-30 04:16 – 000000000 ____D C:NasCacheDirectory
2022-07-30 03:52 – 2022-07-30 03:52 – 000001076 _____ C:UsersPublicDesktopEaseUS Data Recovery Wizard.lnk
2022-07-30 03:52 – 2022-07-30 03:52 – 000000000 ____D C:Userski43dAppDataRoamingEaseUS
2022-07-30 03:52 – 2022-07-30 03:52 – 000000000 ____D C:ProgramDataSystemAcCrux
2022-07-30 03:52 – 2022-07-30 03:52 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsEaseUS
2022-07-30 03:51 – 2022-07-30 03:51 – 052092200 _____ (EaseUS ) C:Userski43dDownloadsdrw_affiliate_setup.exe
2022-07-30 03:51 – 2022-07-30 03:51 – 002072392 _____ C:Userski43dDownloadsDRW_affiliate_Installer_20220729.502145a1443141.exe
2022-07-30 03:51 – 2022-07-30 03:51 – 000000000 ____D C:Program FilesEaseUS
2022-07-30 03:39 – 2022-07-31 14:36 – 000000000 ____D C:Program Files (x86)Wondershare
2022-07-30 03:39 – 2022-07-30 03:39 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsK-Lite Codec Pack
2022-07-30 03:39 – 2022-07-30 03:39 – 000000000 ____D C:Program Files (x86)K-Lite Codec Pack
2022-07-29 23:49 – 2022-07-29 23:49 – 000000000 ____D C:Userski43dDownloads20th.Century.Boys.The.Last.Chapter.Our.Flag.2009.JAP.DVDRip.XviD-GiNJi
2022-07-29 20:57 – 2022-07-29 21:02 – 406343227 _____ C:Userski43dDownloadsicecat-60.7.0-gnu1.tar.bz2
2022-07-29 19:53 – 2022-08-07 16:39 – 000000000 ____D C:Program FilesPale Moon
2022-07-29 19:53 – 2022-07-29 19:53 – 000000968 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPale Moon.lnk
2022-07-29 19:53 – 2022-07-29 19:53 – 000000956 _____ C:UsersPublicDesktopPale Moon.lnk
2022-07-29 19:53 – 2022-07-29 19:53 – 000000000 ____D C:Userski43dAppDataRoamingMoonchild Productions
2022-07-29 19:53 – 2022-07-29 19:53 – 000000000 ____D C:Userski43dAppDataLocalMoonchild Productions
2022-07-29 19:47 – 2022-07-29 19:49 – 034724864 _____ (Moonchild Productions) C:Userski43dDownloadspalemoon-31.1.1.win64.installer.exe
2022-07-17 22:28 – 2022-07-17 22:28 – 000260348 _____ C:Userski43dDownloads1e0ecafd4776b5a.jpeg
2022-07-15 14:59 – 2022-07-15 14:59 – 000693248 _____ C:WINDOWSsystem32FsNVSDeviceSource.dll
2022-07-15 14:59 – 2022-07-15 14:59 – 000470528 _____ (curl, hxxps://curl.se/) C:WINDOWSSysWOW64curl.exe
2022-07-15 14:59 – 2022-07-15 14:59 – 000026624 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mode.com
2022-07-15 14:59 – 2022-07-15 14:59 – 000018944 _____ C:WINDOWSSysWOW64WsdProviderUtil.dll
2022-07-15 14:59 – 2022-07-15 14:59 – 000017920 _____ (Microsoft Corporation) C:WINDOWSSysWOW64tree.com
2022-07-15 14:59 – 2022-07-15 14:59 – 000012800 _____ (Microsoft Corporation) C:WINDOWSSysWOW64chcp.com
2022-07-15 14:58 – 2022-07-15 14:58 – 000530944 _____ (curl, hxxps://curl.se/) C:WINDOWSsystem32curl.exe
2022-07-15 14:58 – 2022-07-15 14:58 – 000270848 _____ C:WINDOWSsystem32EsclScan.dll
2022-07-15 14:58 – 2022-07-15 14:58 – 000152064 _____ C:WINDOWSsystem32EsclProtocol.dll
2022-07-15 14:58 – 2022-07-15 14:58 – 000033280 _____ (Microsoft Corporation) C:WINDOWSsystem32mode.com
2022-07-15 14:58 – 2022-07-15 14:58 – 000020992 _____ (Microsoft Corporation) C:WINDOWSsystem32tree.com
2022-07-15 14:58 – 2022-07-15 14:58 – 000014848 _____ (Microsoft Corporation) C:WINDOWSsystem32chcp.com
2022-07-15 14:57 – 2022-07-15 14:57 – 000061952 _____ C:WINDOWSsystem32printticketvalidation.dll
2022-07-15 14:57 – 2022-07-15 14:57 – 000057344 _____ C:WINDOWSsystem32APMonUI.dll
2022-07-15 14:56 – 2022-07-15 14:56 – 002260480 _____ C:WINDOWSsystem32TextInputMethodFormatter.dll
2022-07-15 14:56 – 2022-07-15 14:56 – 000024576 _____ C:WINDOWSsystem32WsdProviderUtil.dll
2022-07-15 14:55 – 2022-07-15 14:55 – 000640512 _____ C:WINDOWSsystem32SettingSyncDownloadHelper.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-08-14 23:07 – 2019-12-07 18:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2022-08-14 22:18 – 2021-03-12 02:01 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2022-08-14 21:49 – 2021-09-22 16:30 – 000000000 ____D C:Program FilesCCleaner
2022-08-14 21:04 – 2021-04-25 21:53 – 000000000 ____D C:Userski43dAppDataLocalLowMozilla
2022-08-14 19:10 – 2021-03-12 02:36 – 000004138 _____ C:WINDOWSsystem32TasksUser_Feed_Synchronization-{985564EC-A92A-4C9B-AD61-F04CAC94DC31}
2022-08-14 18:14 – 2021-09-22 21:56 – 000000000 ____D C:Userski43dAppDataRoamingvlc
2022-08-14 16:58 – 2019-12-07 18:14 – 000000000 ___HD C:WINDOWSELAMBKUP
2022-08-14 16:57 – 2020-05-30 21:52 – 000000000 ____D C:Program FilesMalwarebytes
2022-08-14 15:37 – 2019-06-08 14:58 – 000000000 ____D C:Program Files (x86)Dell Digital Delivery Services
2022-08-14 13:08 – 2021-03-12 02:13 – 000000000 ____D C:Userski43d
2022-08-14 13:00 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSAppReadiness
2022-08-14 12:56 – 2019-09-26 19:31 – 000000000 __SHD C:Userski43dIntelGraphicsProfiles
2022-08-14 04:04 – 2019-12-07 18:14 – 000000000 ___HD C:Program FilesWindowsApps
2022-08-14 03:04 – 2020-09-20 18:31 – 000002432 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2022-08-14 03:04 – 2020-09-20 18:31 – 000002270 _____ C:UsersPublicDesktopMicrosoft Edge.lnk
2022-08-14 00:05 – 2021-09-04 19:15 – 000000000 ____D C:Userski43dAppDataRoamingobs-studio
2022-08-14 00:04 – 2021-03-12 02:36 – 000004562 _____ C:WINDOWSsystem32TasksAdobe Acrobat Update Task
2022-08-14 00:03 – 2022-06-07 20:16 – 000002075 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Acrobat DC.lnk
2022-08-14 00:03 – 2022-06-07 20:16 – 000002063 _____ C:UsersPublicDesktopAdobe Acrobat DC.lnk
2022-08-13 20:50 – 2021-10-08 00:32 – 000000000 ____D C:Userski43dAppDataRoamingHandBrake
2022-08-13 16:29 – 2021-09-22 16:31 – 000004210 _____ C:WINDOWSsystem32TasksCCleaner Update
2022-08-13 15:31 – 2020-02-26 17:38 – 000000000 ____D C:Userski43dAppDataLocalD3DSCache
2022-08-13 02:17 – 2021-09-21 01:48 – 000000000 ____D C:Userski43dAppDataLocalMovavi
2022-08-13 01:39 – 2019-09-27 16:25 – 000000000 ____D C:Program FilesMicrosoft Office
2022-08-12 14:27 – 2022-04-19 21:00 – 000001933 _____ C:Userski43dDesktopZoom.lnk
2022-08-12 14:27 – 2020-04-25 23:15 – 000000000 ____D C:Userski43dAppDataRoamingZoom
2022-08-12 00:47 – 2019-10-02 21:34 – 000001213 _____ C:Userski43dDesktopLINE.lnk
2022-08-12 00:41 – 2021-10-15 01:52 – 000000000 ____D C:WINDOWSsystem32TasksMozilla
2022-08-12 00:41 – 2021-04-25 21:53 – 000001007 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk
2022-08-12 00:41 – 2021-04-25 21:53 – 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2022-08-11 15:13 – 2021-03-12 02:36 – 000000006 ____H C:WINDOWSTasksSA.DAT
2022-08-11 15:13 – 2021-03-12 02:00 – 000008192 ___SH C:DumpStack.log.tmp
2022-08-11 15:13 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSServiceState
2022-08-11 15:13 – 2019-06-08 14:56 – 000000000 ____D C:Intel
2022-08-11 15:12 – 2019-12-07 18:03 – 000786432 _____ C:WINDOWSsystem32configBBI
2022-08-11 15:10 – 2021-09-24 12:15 – 000000000 ____D C:Userski43dAppDataLocalCrashDumps
2022-08-11 14:35 – 2020-04-17 01:16 – 000000214 _____ C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job
2022-08-11 00:13 – 2019-12-07 18:13 – 000000000 ____D C:WINDOWSINF
2022-08-10 22:29 – 2019-12-07 18:03 – 000000000 ____D C:WINDOWSCbsTemp
2022-08-10 22:27 – 2019-09-26 21:30 – 000000000 ____D C:WINDOWSsystem32MRT
2022-08-10 22:24 – 2019-09-26 21:29 – 144534560 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2022-08-10 21:54 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSsystem32SecureBootUpdates
2022-08-10 20:27 – 2021-03-12 02:24 – 001453122 _____ C:WINDOWSsystem32PerfStringBackup.INI
2022-08-10 20:27 – 2019-12-08 00:10 – 000484292 _____ C:WINDOWSsystem32perfh011.dat
2022-08-10 20:27 – 2019-12-08 00:10 – 000133474 _____ C:WINDOWSsystem32perfc011.dat
2022-08-10 20:19 – 2021-03-12 02:01 – 000419608 _____ C:WINDOWSsystem32FNTCACHE.DAT
2022-08-10 20:15 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSSysWOW64WinMetadata
2022-08-10 20:15 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSSysWOW64Dism
2022-08-10 20:15 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSSystemResources
2022-08-10 20:15 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSsystem32WinMetadata
2022-08-10 20:15 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns
2022-08-10 20:15 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSsystem32oobe
2022-08-10 20:15 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSsystem32Dism
2022-08-10 20:14 – 2019-12-08 00:13 – 000000000 ____D C:Program Files (x86)Windows Photo Viewer
2022-08-10 20:14 – 2019-12-07 18:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel
2022-08-10 20:14 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSShellExperiences
2022-08-10 20:14 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSbcastdvr
2022-08-10 17:55 – 2021-03-12 02:07 – 003011072 _____ (Microsoft Corporation) C:WINDOWSSysWOW64PrintConfig.dll
2022-08-07 17:30 – 2022-05-27 15:07 – 000000000 ____D C:Userski43dAppDataRoaminguTorrent
2022-08-05 00:44 – 2022-01-29 01:45 – 000000000 ____D C:Userski43dAppDataRoamingFileZilla
2022-08-05 00:44 – 2021-03-08 19:55 – 000000000 ___DC C:WINDOWSPanther
2022-08-04 22:45 – 2021-09-22 16:31 – 000001050 _____ C:UsersPublicDesktopCCleaner.lnk
2022-08-04 17:01 – 2021-04-25 21:53 – 000001180 _____ C:UsersPublicDesktopFirefox.lnk
2022-08-04 16:48 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSRegistration
2022-08-02 02:47 – 2021-12-31 00:31 – 000000000 ____D C:Userski43dAppDataRoamingMicrosoftWindowsStart MenuProgramsSteam
2022-07-31 16:22 – 2022-02-09 21:22 – 000000000 ____D C:ProgramDataMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-31 14:36 – 2021-07-29 22:27 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsWondershare
2022-07-31 14:36 – 2021-07-29 22:26 – 000000000 ____D C:ProgramDataWondershare
2022-07-30 03:40 – 2021-09-20 02:10 – 000000000 ____D C:UsersPublicDocumentsWondershare
2022-07-30 03:40 – 2021-07-29 22:29 – 000000000 ____D C:Userski43dAppDataRoamingWondershare
2022-07-30 01:40 – 2019-09-28 11:15 – 000000000 ____D C:Program Files (x86)Google
2022-07-30 01:33 – 2021-09-22 16:31 – 000000000 ____D C:Userski43dAppDataLocalBitTorrentHelper
2022-07-29 02:32 – 2021-12-13 22:57 – 000003592 _____ C:WINDOWSsystem32TasksOneDrive Reporting Task-S-1-5-21-3065487495-3473570161-1620390084-1001
2022-07-29 02:32 – 2021-03-12 02:36 – 000003380 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-3065487495-3473570161-1620390084-1001
2022-07-29 02:32 – 2021-03-12 02:13 – 000002385 _____ C:Userski43dAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2022-07-27 20:40 – 2022-07-10 18:30 – 000003800 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskUserS-1-5-21-3065487495-3473570161-1620390084-1001UA
2022-07-27 20:40 – 2022-07-10 18:30 – 000003736 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskUserS-1-5-21-3065487495-3473570161-1620390084-1001Core
2022-07-21 18:57 – 2021-03-12 02:36 – 000003372 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2022-07-20 02:00 – 2021-01-31 15:13 – 000000000 ____D C:Userski43dDocumentsWeChat Files
2022-07-20 02:00 – 2021-01-31 15:13 – 000000000 ____D C:Userski43dAppDataLocalxwalk
2022-07-17 22:32 – 2019-12-07 18:14 – 000000000 ___RD C:WINDOWSPrintDialog
2022-07-17 22:32 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSsystem32setup
2022-07-17 22:32 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSsystem32es-MX
2022-07-17 22:32 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSsystem32DDFs
2022-07-17 22:32 – 2019-12-07 18:14 – 000000000 ____D C:WINDOWSShellComponents
==================== Files in the root of some directories ========
2021-01-31 15:13 – 2021-01-31 15:13 – 000045056 _____ () C:Userski43dAppDataRoamingWeb Data
2021-01-31 15:13 – 2021-01-31 15:13 – 000000000 _____ () C:Userski43dAppDataRoamingWeb Data-journal
2019-09-27 16:53 – 2019-09-27 16:53 – 000000036 _____ () C:Userski43dAppDataLocalhousecall.guid.cache
2021-09-21 01:33 – 2021-09-21 01:33 – 000002550 _____ () C:Userski43dAppDataLocalkrita-sysinfo.log
2021-09-21 01:33 – 2021-09-21 01:46 – 000000425 _____ () C:Userski43dAppDataLocalkrita.log
2021-09-21 01:46 – 2021-09-21 01:46 – 000000039 _____ () C:Userski43dAppDataLocalkritadisplayrc
2021-09-21 01:33 – 2021-09-21 01:46 – 000014710 _____ () C:Userski43dAppDataLocalkritarc
2022-05-02 19:28 – 2022-05-02 19:28 – 000000855 _____ () C:Userski43dAppDataLocalrecently-used.xbel
2019-09-27 19:12 – 2019-11-06 19:33 – 000000010 _____ () C:Userski43dAppDataLocalsponge.last.runtime.cache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-08-2022
Ran by ki43d (14-08-2022 23:46:11)
Running from C:Userski43dDownloads
Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) (2021-03-11 17:40:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3065487495-3473570161-1620390084-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-3065487495-3473570161-1620390084-503 – Limited – Disabled)
Guest (S-1-5-21-3065487495-3473570161-1620390084-501 – Limited – Disabled)
ki43d (S-1-5-21-3065487495-3473570161-1620390084-1001 – Administrator – Enabled) => C:Userski43d
WDAGUtilityAccount (S-1-5-21-3065487495-3473570161-1620390084-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled – Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (HKLM-x32…7-Zip) (Version: 19.00 – Igor Pavlov)
7-Zip 19.00 (x64) (HKLM…7-Zip) (Version: 19.00 – Igor Pavlov)
Adobe Acrobat DC (64-bit) (HKLM…{AC76BA86-1041-1033-7760-BC15014EA700}) (Version: 22.002.20191 – Adobe)
Adobe Refresh Manager (HKLM-x32…{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 – Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32…{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 – Apple Inc.)
Astrill (HKLM…{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version: – Astrill)
AstrillTun (HKLM…{0DED3A08-4EF4-47E3-8610-11BE75619038}) (Version: 1.0 – Astrill) Hidden
Battle.net (HKLM-x32…Battle.net) (Version: – Blizzard Entertainment)
CCleaner (HKLM…CCleaner) (Version: 6.02 – Piriform)
Dell Digital Delivery Services (HKLM-x32…{E530ABB7-9DCC-421B-B751-484375E8374A}) (Version: 5.0.49.0 – Dell Inc.)
Dell Mobile Connect Drivers (HKLM…{1E754E2C-CF3B-42CB-B36D-D560CEA96149}) (Version: 2.0.7811 – Screenovate Technologies Ltd.)
Dell Power Manager Service (HKLM…{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}) (Version: 3.2.0 – Dell Inc.)
Dell SupportAssist Remediation (HKLM…{388A412B-5C0C-4C1E-8BF7-B6E9E117F367}) (Version: 4.4.2.9869 – Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32…{4990dc23-fdee-4fec-8bde-9f5d4745f88b}) (Version: 4.4.2.9869 – Dell Inc.)
Dell Update – SupportAssist Update Plugin (HKLM…{77C86F54-9452-4EB6-B4C3-8A57FBF72D2B}) (Version: 4.4.0.9836 – Dell Inc.) Hidden
Dell Update – SupportAssist Update Plugin (HKLM-x32…{d2a00335-3e50-405c-8c5d-32e2a636bbe1}) (Version: 4.4.0.9836 – Dell Inc.)
Dell Update for Windows 10 (HKLM…{70E9F8CC-A23E-4C25-B292-C86C1821587C}) (Version: 3.0.1 – Dell, Inc.)
EaseUS Data Recovery Wizard (HKLM…EaseUS Data Recovery Wizard_is1) (Version: – EaseUS)
f.lux (HKUS-1-5-21-3065487495-3473570161-1620390084-1001…Flux) (Version: – f.lux Software LLC)
GIMP 2.10.22 (HKLM…GIMP-2_is1) (Version: 2.10.22 – The GIMP Team)
Google Update Helper (HKLM-x32…{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 – Google Inc.) Hidden
HandBrake 1.4.2 (HKLM-x32…HandBrake) (Version: 1.4.2 – )
HitmanPro 3.8 (HKLM…HitmanPro38) (Version: 3.8.30.326 – SurfRight B.V.)
Intel® Chipset Device Software (HKLM…{C844CC39-BC28-46CA-8239-3F37D8FE2A59}) (Version: 10.1.17541.8066 – Intel Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32…{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10208.5644 – Intel Corporation)
Intel® Management Engine Components (HKLM…{0854C811-6DAD-441D-AB36-2F73631A04A1}) (Version: 1.0.0.0 – Intel Corporation) Hidden
Intel® Management Engine Components (HKLM…{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1914.12.0.1255 – Intel Corporation)
Intel® Management Engine Components (HKLM…{20B3E53F-28F1-48CC-AA69-35EF7A935162}) (Version: 1.0.0.0 – Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM…{DBF0C0C0-C8CF-4F01-8B04-F80FC3B88EF6}) (Version: 1.0.0.0 – Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM…{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 – Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM…{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.0.1017 – Intel Corporation)
Intel® Rapid Storage Technology (HKLM…{F1612379-83A3-4F18-8B9B-7AA4A393E106}) (Version: 17.5.0.1017 – Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM…{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.52.230.1 – Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32…{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.52.230.1 – Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32…{c6de84fd-ece7-4c2a-9f06-8cabe7ab79a0}) (Version: 1.52.230.1 – Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM…{ACA5CFAC-9E99-4764-A7AD-AF5CF3FA15BF}) (Version: 17.0.2.1076 – Intel Corporation)
KeyScrambler (HKLM-x32…KeyScrambler) (Version: 3.16.0.1 – QFX Software Corporation)
K-Lite Codec Pack 16.0.5 Basic (HKLM-x32…KLiteCodecPack_is1) (Version: 16.0.5 – KLCP)
LINE (HKUS-1-5-21-3065487495-3473570161-1620390084-1001…LINE) (Version: 7.10.2.2807 – LINE Corporation)
Malwarebytes version 4.5.12.204 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.12.204 – Malwarebytes)
Maxx Audio Installer (x64) (HKLM…{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 – Waves Audio Ltd.) Hidden
Microsoft .NET Host – 5.0.17 (x64) (HKLM…{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 – Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver – 5.0.17 (x64) (HKLM…{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 – Microsoft Corporation) Hidden
Microsoft .NET Runtime – 5.0.17 (x64) (HKLM…{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 – Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 104.0.1293.54 – Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32…Microsoft EdgeWebView) (Version: 104.0.1293.54 – Microsoft Corporation)
Microsoft Office Home and Business 2016 – ja-jp (HKLM…HomeBusinessRetail – ja-jp) (Version: 16.0.15427.20210 – Microsoft Corporation)
Microsoft OneDrive (HKUS-1-5-21-3065487495-3473570161-1620390084-1001…OneDriveSetup.exe) (Version: 22.141.0703.0002 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 – Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM…{2FAF2A80-5906-467E-8AD2-B83C94383600}) (Version: 12.0.0.0 – Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32…{F85F7FF0-5DFF-4BC0-9045-C9573D1BC11F}) (Version: 12.0.0.0 – Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32…{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 – Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.4148 (HKLM…{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.6161 (HKLM…{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 – Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime – 11.0.61030 (HKLM…{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 – Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime – 11.0.61030 (HKLM…{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 – Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime – 11.0.61030 (HKLM-x32…{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 – Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime – 11.0.61030 (HKLM-x32…{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 – Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.21005 (HKLM-x32…{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime – 12.0.21005 (HKLM…{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 – Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime – 12.0.21005 (HKLM…{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 – Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime – 12.0.21005 (HKLM-x32…{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 – Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime – 12.0.21005 (HKLM-x32…{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 – Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.28.29334 (HKLM-x32…{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.28.29334 (HKLM-x32…{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 – Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime – 14.28.29334 (HKLM…{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 – Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime – 14.28.29334 (HKLM…{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 – Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime – 14.28.29334 (HKLM-x32…{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 – Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime – 14.28.29334 (HKLM-x32…{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 – Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime – 5.0.17 (x64) (HKLM…{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 – Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime – 5.0.17 (x64) (HKLM-x32…{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 – Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32…{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 – Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM…Mozilla Firefox 103.0.2 (x64 en-US)) (Version: 103.0.2 – Mozilla)
Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 88.0 – Mozilla)
NVIDIA PhysX (HKLM-x32…{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 – NVIDIA Corporation)
OBS Studio (HKLM-x32…OBS Studio) (Version: 27.0.1 – OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM…{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20178 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM…{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15427.20148 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM…{90160000-008C-0411-1000-0000000FF1CE}) (Version: 16.0.15427.20178 – Microsoft Corporation) Hidden
OpenAL (HKLM-x32…OpenAL) (Version: – )
Pale Moon 31.2.0.1 (x64 en-US) (HKLM…Pale Moon 31.2.0.1 (x64 en-US)) (Version: 31.2.0.1 – Moonchild Productions)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32…{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10480 – Qualcomm)
Realtek High Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 – Realtek Semiconductor Corp.)
Recuva (HKLM…Recuva) (Version: 1.53 – Piriform)
Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)
Subtitle Edit 3.6.2 (HKLM…SubtitleEdit_is1) (Version: 3.6.2.0 – Nikse)
SUPERAntiSpyware (HKLM…{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1246 – SUPERAntiSpyware.com)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM…{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 – Microsoft Corporation)
VLC media player (HKLM-x32…VLC media player) (Version: 3.0.16 – VideoLAN)
WeChat (HKLM-x32…WeChat) (Version: 3.1.0.72 – 腾讯科技(深圳)有限公司)
WhatsApp (HKUS-1-5-21-3065487495-3473570161-1620390084-1001…WhatsApp) (Version: 2.2214.12 – WhatsApp)
Windows PC 正常性チェック (HKLM…{91AD482B-BEB3-4DC7-8FC4-01AD0335489B}) (Version: 3.6.2204.08001 – Microsoft Corporation)
Zoom (HKUS-1-5-21-3065487495-3473570161-1620390084-1001…ZoomUMX) (Version: 5.11.4 (7185) – Zoom Video Communications, Inc.)
インテル® チップセット デバイス ソフトウェア (HKLM-x32…{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 – Intel® Corporation) Hidden
Packages:
=========
Dell CinemaColor -> C:Program FilesWindowsAppsPortraitDisplays.DellCinemaColor_2.4.78.0_x64__2dgmkzkw4h30c [2022-08-12] (Portrait Displays)
Dell Customer Connect -> C:Program FilesWindowsAppsDellInc.DellCustomerConnect_5.3.5.0_x64__htrsf667h5kn2 [2022-05-22] (Dell Inc)
Dell Digital Delivery -> C:Program FilesWindowsAppsDellInc.DellDigitalDelivery_5.0.49.0_x64__htrsf667h5kn2 [2022-08-11] (Dell Inc)
Dell Mobile Connect 3.3 -> C:Program FilesWindowsAppsScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2022-05-22] (Screenovate Technologies) [Startup Task]
Dell Power Manager -> C:Program FilesWindowsAppsDellInc.DellPowerManager_3.10.10.0_x64__htrsf667h5kn2 [2021-11-07] (Dell Inc)
Dell Update -> C:Program FilesWindowsAppsDellInc.DellUpdate_3.0.160.0_x64__htrsf667h5kn2 [2019-06-08] (Dell Inc)
LinkedIn -> C:Program FilesWindowsApps7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-09-26] (LinkedIn)
Media Suite Essentials for Dell -> C:Program FilesWindowsAppsDB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-04-17] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-31] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:Program FilesWindowsAppsMicrosoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-04-28] (Microsoft Corporation)
My Dell -> C:Program FilesWindowsAppsDellInc.MyDell_2.0.30.0_x64__htrsf667h5kn2 [2022-05-22] (Dell Inc)
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-03] (Microsoft Corporation)
Power Media Player for Dell -> C:Program FilesWindowsAppsDB6EA5DB.PowerMediaPlayerforDell_14.2.4925.0_x86__mcezb6ze687jp [2022-08-12] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:Program FilesWindowsAppsDB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-08-28] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:Program FilesWindowsAppsDB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2019-09-26] (CYBERLINK CORPORATION.)
Translator -> C:Program FilesWindowsAppsMicrosoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2022-05-22] (Microsoft Corporation)
楽しもう Office -> C:Program FilesWindowsAppsMicrosoft.EnjoyOffice_1.0.60.0_x64__8wekyb3d8bbwe [2022-05-22] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKUS-1-5-21-3065487495-3473570161-1620390084-1001_ClassesCLSID{5EA43877-C6D8-4885-B77A-C0BB27E94372}InprocServer32 -> C:Userski43dAppDataLocalMicrosoftEdgeUpdate1.3.165.21psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKUS-1-5-21-3065487495-3473570161-1620390084-1001_ClassesCLSID{81093D63-7825-417B-BFC8-ADC63FA4E53D}InprocServer32 -> C:Userski43dAppDataLocalMicrosoftEdgeUpdate1.3.165.21psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKUS-1-5-21-3065487495-3473570161-1620390084-1001_ClassesCLSID{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}localserver32 -> C:Program FilesWavesMaxxAudioMaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
CustomCLSID: HKUS-1-5-21-3065487495-3473570161-1620390084-1001_ClassesCLSID{BFBE0943-74C5-40E0-9E80-0B808109E95D}InprocServer32 -> C:Userski43dAppDataLocalMicrosoftEdgeUpdate1.3.163.19psuser_64.dll => No File
CustomCLSID: HKUS-1-5-21-3065487495-3473570161-1620390084-1001_ClassesCLSID{D1CE12B0-2529-4B24-BE8E-189735EA0DC1}InprocServer32 -> C:Userski43dAppDataLocalMicrosoftEdgeUpdate1.3.165.21psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => -> No File
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:Program FilesIntelOptaneShellExtensionsOptaneShellExt.dll [2019-01-03] () [File not signed] [File is in use]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:Program FilesHitmanProhmpshext.dll [2022-08-07] (SurfRight B.V. -> SurfRight B.V.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2022-08-14] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:Program FilesIntelOptaneShellExtensionsOptaneShellExt.dll [2019-01-03] () [File not signed] [File is in use]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [HitmanPro] -> {D7CF1AF8-E2AD-4DA4-ACE5-77F8A58AB71D} => C:Program FilesHitmanProhmpshext.dll [2022-08-07] (SurfRight B.V. -> SurfRight B.V.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:Program FilesRecuvaRecuvaShell64.dll [2022-06-15] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:WINDOWSSystem32DriverStoreFileRepositoryigdlh64.inf_amd64_5dc194ddcb559d66igfxDTCM.dll [2020-12-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2022-08-14] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:Program FilesRecuvaRecuvaShell64.dll [2022-06-15] (Piriform Software Ltd -> Piriform Software Ltd)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-07-19 23:25 – 2019-02-22 01:00 – 000078336 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll
2019-01-03 18:16 – 2019-01-03 18:16 – 000126976 _____ (Intel Corporation) [File not signed] C:Program FilesIntelOptaneShellExtensionsiaStorAfsServiceApi.dll
2022-08-13 03:13 – 2022-08-13 03:13 – 001030144 _____ (Microsoft Corporation) [File not signed] C:Userski43dAppDataLocalLINEbincurrentdbghelp.dll
2022-08-01 12:19 – 2022-08-01 12:19 – 001548800 _____ (Robert Simpson, et al.) [File not signed] C:Program Files (x86)Dell Digital Delivery ServicesSQLite.Interop.dll
2022-07-30 03:39 – 2021-02-14 19:16 – 000759296 _____ (Tabibito Technology) [File not signed] C:Program Files (x86)K-Lite Codec PackIcaros64-bitIcarosPropertyHandler.dll
2022-08-13 03:13 – 2022-08-13 03:13 – 000035328 _____ (The Qt Company Ltd.) [File not signed] C:Userski43dAppDataLocalLINEbincurrentQt5TextToSpeech.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkASProxy => “”=”service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKUS-1-5-21-3065487495-3473570161-1620390084-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxps://www.yahoo.co.jp/
HKUS-1-5-21-3065487495-3473570161-1620390084-1001SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKUS-1-5-21-3065487495-3473570161-1620390084-1001 -> DefaultScope {66A78F4D-E724-4FF2-83D8-6C453CF6C93E} URL =
SearchScopes: HKUS-1-5-21-3065487495-3473570161-1620390084-1001 -> {66A78F4D-E724-4FF2-83D8-6C453CF6C93E} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2022-08-10] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 16:31 – 2018-09-15 16:31 – 000000824 _____ C:WINDOWSsystem32driversetchosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program Files (x86)NVIDIA CorporationPhysXCommon;%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;%SYSTEMROOT%System32WindowsPowerShellv1.0;%SYSTEMROOT%System32OpenSSH;C:Program Files (x86)IntelIntel® Management Engine ComponentsDAL;C:Program FilesIntelIntel® Management Engine ComponentsDAL;C:Program Filesdotnet
HKUS-1-5-21-3065487495-3473570161-1620390084-1001Control PanelDesktop\Wallpaper -> c:windowswebwallpapertheme1img1.jpg
DNS Servers: 198.18.192.1 – 192.168.0.1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM…StartupApprovedRun: => “SecurityHealth”
HKLM…StartupApprovedRun: => “DellMobileConnectWelcome”
HKLM…StartupApprovedRun: => “WindowsDefender”
HKLM…StartupApprovedRun: => “WavesSvc”
HKLM…StartupApprovedRun: => “Wondershare Helper Compact.exe”
HKLM…StartupApprovedRun: => “WSVCUUpdateHelper.exe”
HKLM…StartupApprovedRun32: => “Wondershare Helper Compact.exe”
HKLM…StartupApprovedRun32: => “APSDaemon”
HKLM…StartupApprovedRun32: => “Discord”
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…StartupApprovedRun: => “Steam”
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…StartupApprovedRun: => “f.lux”
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…StartupApprovedRun: => “Wechat”
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…StartupApprovedRun: => “MicrosoftEdgeAutoLaunch_651BD28083BE5F69B3FA653E81792869”
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…StartupApprovedRun: => “movavi_suite_agent”
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…StartupApprovedRun: => “utweb”
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…StartupApprovedRun: => “Battle.net”
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…StartupApprovedRun: => “CCleaner Smart Cleaning”
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…StartupApprovedRun: => “Microsoft Edge Update”
HKUS-1-5-21-3065487495-3473570161-1620390084-1001…StartupApprovedRun: => “SUPERAntiSpyware”
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5C2A04C7-D7EC-48E1-BC43-74DF45FC1847}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe => No File
FirewallRules: [{4D2A5391-508D-4855-857D-486EC1390267}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe => No File
FirewallRules: [{D1EA828C-1C0B-4A11-9987-0E4B5B13DE0C}] => (Allow) C:Program Files (x86)TencentWeChatWeChat.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{204651DC-61D1-41B9-87FF-CE81263CCB2F}] => (Allow) C:Program Files (x86)SteamsteamappscommonSlayTheSpireSlayTheSpire.exe => No File
FirewallRules: [{9F95EAD3-343E-42B6-ADE3-7851E9A0969A}] => (Allow) C:Program Files (x86)SteamsteamappscommonSlayTheSpireSlayTheSpire.exe => No File
FirewallRules: [{86BA064D-BBC7-441A-8B7A-8CED0F4EE6FA}] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{74870B0F-20B7-476A-AB9B-FF2E58DB563B}] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{07C9DDE2-EF2B-4FBA-80D6-9BF5FEE5A656}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC48576C-A8F6-4858-BBD2-2D39C61D49D8}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B2B7C576-A1C7-4EE7-8CD6-F7A6D4E3B692}] => (Allow) C:Userski43dAppDataRoamingZoombinairhost.exe => No File
FirewallRules: [{A56923BB-12FC-424D-82A5-CEF9BD0BF94C}] => (Allow) C:Userski43dAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8EFBBD1E-F4A5-4D9E-B1D2-B514FBC1AC7E}] => (Allow) C:Userski43dAppDataLocalLINEbin5.19.0.2020LineUpdater.exe => No File
FirewallRules: [{3A0AC51E-061B-4D00-AD34-887D14545D8F}] => (Allow) C:Userski43dAppDataLocalLINEbin5.19.0.2020LineUpdater.exe => No File
FirewallRules: [{180383F2-4B99-4035-891B-9B73344F0C95}] => (Allow) C:Userski43dAppDataLocalLINEbin5.19.0.2020LINE.exe => No File
FirewallRules: [{B31732A2-1D83-4577-9F7B-1BFA8341E397}] => (Allow) C:Userski43dAppDataLocalLINEbin5.19.0.2020LINE.exe => No File
FirewallRules: [{11D27DE4-85CA-4A9B-ADB8-8385E29F0A38}] => (Allow) C:Program Files (x86)Common FilesMcafeeMMSSHostMMSSHost.exe => No File
FirewallRules: [{FAF65571-0F75-44BA-A001-E0E43D29C8CA}] => (Allow) C:Program FilesCommon FilesMcAfeeMMSSHostMMSSHost.exe => No File
FirewallRules: [{4A6836F5-0943-4CA7-B3CA-0BCA51958ABB}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9F4D34F0-4C2F-45C3-B1C9-2E72EA4F2251}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DAE502A0-87E2-49DA-B17F-BE158CA203C9}] => (Allow) C:Program Files (x86)SteamsteamappscommonBlaster Master Zeroexebsm.exe => No File
FirewallRules: [{C2974B4E-9085-491A-8E1C-CA66379153AC}] => (Allow) C:Program Files (x86)SteamsteamappscommonBlaster Master Zeroexebsm.exe => No File
FirewallRules: [{82560D4A-0C7E-4566-8FBB-8E0DAFB5425F}] => (Allow) C:Program Files (x86)SteamsteamappscommonHeroSiegebinHero_Siege.exe => No File
FirewallRules: [{1D1290FB-DF41-4F0C-859A-16E41A8929EE}] => (Allow) C:Program Files (x86)SteamsteamappscommonHeroSiegebinHero_Siege.exe => No File
FirewallRules: [{2EC52B68-D25F-43A7-A216-59D9C0895A8A}] => (Allow) C:Program FilesWindowsAppsScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0appDellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{AD739769-8ED6-4E4A-809E-C9ADDBABB169}] => (Allow) C:Program FilesWindowsAppsScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0appDellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) [File not signed]
FirewallRules: [{D7DDD836-B2A1-4200-8890-3EB08B8BF07E}] => (Allow) C:Program Files (x86)Astrillastrill.exe (Astrill Systems Corp. -> Astrill)
FirewallRules: [{241C82EE-CC5C-44DD-8B57-CD0C274E7E31}] => (Allow) C:Userski43dAppDataRoamingTencentQQSTempSetupEx0QQSetupEx.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{BAD81A43-5877-4D7A-B78C-FDD13384E158}] => (Allow) C:Program Files (x86)TencentQQBinQQ.exe => No File
FirewallRules: [{9688DD4A-9D20-4029-972D-A5B7949E78F7}] => (Allow) C:Program Files (x86)TencentQQBinauclt.exe => No File
FirewallRules: [{ACCD5E5A-19C3-4F31-9723-B74F0E8C3927}] => (Allow) C:Program Files (x86)TencentQQBintxupd.exe => No File
FirewallRules: [{9ABB117D-B9F3-4BCA-86D4-E94DBCA2BCE3}] => (Allow) C:Program Files (x86)TencentQQBinSetupExSetupEx.exe => No File
FirewallRules: [{11F1B5E9-0DBB-4C46-A332-C9768E6DC613}] => (Allow) C:Program Files (x86)TencentQQBinmaLauncher.exe => No File
FirewallRules: [{8E17079A-8ACD-4E17-B98F-6F0BE6309A55}] => (Allow) C:Program Files (x86)TencentQQBinmaUpdat.exe => No File
FirewallRules: [{E16160AC-09EB-4F2A-9D46-09DA841697BA}] => (Allow) C:program files (x86)common filestencentqqdownload135tencentdl.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{92AB7D92-2F55-409A-A2F7-4A32E0D770C4}] => (Allow) C:program files (x86)common filestencentqqdownload135bugreport_xf.exe => No File
FirewallRules: [{69F988C4-996E-42E4-B41B-DC33CC4DB126}] => (Allow) C:Program Files (x86)TencentQzoneMusicQzoneMusic.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{507FF90B-8C9C-4824-BD7C-DFC015AD413E}] => (Allow) C:Program Files (x86)TencentQzoneMusicQzoneMusic.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{56E9E8C5-22F7-4E6F-BA7D-95C478EBA319}] => (Allow) C:Program Files (x86)TencentQQIntlBinQQ.exe => No File
FirewallRules: [{2A4E99B6-8D6C-4AB0-BC9B-A5A0DF4AB1CC}] => (Allow) C:Program Files (x86)TencentQQIntlBinQQ.exe => No File
FirewallRules: [TCP Query User{29825AD4-1F69-4FF0-92A0-013589DDD079}C:program files (x86)videolanvlcvlc.exe] => (Block) C:program files (x86)videolanvlcvlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{5F5CB4A6-2C8D-4892-90D0-C8DC013FFDCD}C:program files (x86)videolanvlcvlc.exe] => (Block) C:program files (x86)videolanvlcvlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{F59F55E7-48B5-4A9D-A1D1-D3E08E9ED11F}] => (Allow) C:Program Files (x86)SteamsteamappscommonTitan Quest Anniversary EditionTQ.exe => No File
FirewallRules: [{C67EA084-E611-4B37-B8F4-E364FA6ED165}] => (Allow) C:Program Files (x86)SteamsteamappscommonTitan Quest Anniversary EditionTQ.exe => No File
FirewallRules: [{872DD46B-BE86-48DE-8811-4308DCFC8337}] => (Allow) C:Program Files (x86)SteamsteamappscommonTitan Quest Anniversary EditionWorkshopToolTQWorkshopTool.exe => No File
FirewallRules: [{29344385-14B4-41D4-8A38-CA642D8A5D12}] => (Allow) C:Program Files (x86)SteamsteamappscommonTitan Quest Anniversary EditionWorkshopToolTQWorkshopTool.exe => No File
FirewallRules: [{DC8AE1E5-439C-4765-9680-3E4CA35FF14D}] => (Allow) C:Program Files (x86)Common FilesAppleApple Application SupportWebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9820E54E-E735-47F4-84BB-EA3B2CCE312B}] => (Allow) C:Program Files (x86)SteamsteamappscommonLoop HeroLoop Hero.exe => No File
FirewallRules: [{0C0F5D43-E290-4421-9C5B-AC32D328B792}] => (Allow) C:Program Files (x86)SteamsteamappscommonLoop HeroLoop Hero.exe => No File
FirewallRules: [{23FB71D7-5A2D-48E9-AAED-2C63C0A57F30}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{07DA94FD-336E-458A-AD60-BB8682DCA5BE}] => (Allow) C:Program Files (x86)SteamsteamappscommonSlayTheSpirejrebinjavaw.exe => No File
FirewallRules: [{3F3AF15F-7A52-458B-B292-CCC994AADA3C}] => (Allow) C:Program Files (x86)SteamsteamappscommonSlayTheSpirejrebinjavaw.exe => No File
FirewallRules: [TCP Query User{20BA3A06-2C5D-4513-8209-94C69B70FFFC}C:userski43dappdatalocaldiscordapp-1.0.9004discord.exe] => (Allow) C:userski43dappdatalocaldiscordapp-1.0.9004discord.exe => No File
FirewallRules: [UDP Query User{98B151F9-C861-45EC-AA9C-8D5911C5D021}C:userski43dappdatalocaldiscordapp-1.0.9004discord.exe] => (Allow) C:userski43dappdatalocaldiscordapp-1.0.9004discord.exe => No File
FirewallRules: [{4F0B8E75-3955-464A-B5BB-031C8578C216}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5cSkypeSkype.exe => No File
FirewallRules: [{F658D120-1955-425E-B903-F6C12ACDECC8}] => (Allow) C:Userski43dAppDataRoaminguTorrentuTorrent.exe => No File
FirewallRules: [{683E4BD0-016F-4DAA-AB59-ED4D04EAC3BA}] => (Allow) C:Userski43dAppDataRoaminguTorrentuTorrent.exe => No File
FirewallRules: [{9A79B12F-DB70-4BC1-B412-0BD7DE2CA572}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E21A2146-337E-46C8-8D06-04B5BE662C5B}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1F970ECF-A4D7-4D19-B87B-9945527E7748}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B8DCBDA9-DBD1-4648-9F41-995C9A89E5CB}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A275CEFE-DDB0-40E1-9FB7-BBD1D01E3570}] => (Allow) C:Program FilesPale Moonpalemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{9F169FB0-9ECA-424F-B466-F05003E56526}] => (Allow) C:Program FilesPale Moonpalemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [TCP Query User{75BF5937-0D67-45B8-9345-16F85DDC501E}C:program filesdc++dcplusplus.exe] => (Allow) C:program filesdc++dcplusplus.exe => No File
FirewallRules: [UDP Query User{5E8A9508-5A84-427F-92A1-CFFC7B22E949}C:program filesdc++dcplusplus.exe] => (Allow) C:program filesdc++dcplusplus.exe => No File
FirewallRules: [{416D6936-B57B-4AE1-952B-63F5C85CC5F4}] => (Allow) LPort=57209
FirewallRules: [{A3E6687F-AC76-4314-A6D8-3496C19931DE}] => (Allow) LPort=57210
FirewallRules: [{675D7A20-3292-4792-95A8-61C06F77906E}] => (Allow) LPort=57211
FirewallRules: [{7065558F-F7F0-473C-8D92-072D6611724D}] => (Allow) LPort=57212
FirewallRules: [{FCF6D421-5011-4BBB-B769-C8432B2D87E0}] => (Allow) LPort=57213
FirewallRules: [{5DD4C55B-BCFF-4AA0-9C9B-24ED0ECB9830}] => (Allow) LPort=57214
FirewallRules: [{383287AB-6395-4938-956C-264C28F54FF6}] => (Allow) LPort=57215
FirewallRules: [{167FA084-5B24-429F-9D8D-5BA5E962FCA7}] => (Allow) LPort=57216
FirewallRules: [{CD587533-E6C9-4B0E-ACA0-62DFBBDCAB9C}] => (Allow) LPort=57217
FirewallRules: [{0DE78486-9D2E-47B6-8B49-1C57A6BE85E0}] => (Allow) LPort=57218
FirewallRules: [{5C6037B9-6C12-4478-B0BF-78C204489E16}] => (Allow) LPort=57209
FirewallRules: [{8B8785BF-E2BF-49DB-93F2-CA53590E1871}] => (Allow) LPort=57210
FirewallRules: [{3E2A19FE-6C8F-4D42-9175-0B32D16CDE2F}] => (Allow) LPort=57211
FirewallRules: [{491BA7E5-7903-4F43-B8DF-9F808FE0A45D}] => (Allow) LPort=57212
FirewallRules: [{C2AA6BA5-28D4-477C-926A-E39BE646EE6B}] => (Allow) LPort=57213
FirewallRules: [{FEA4ECEB-334E-46C3-A8DD-CD289FB70C38}] => (Allow) LPort=57214
FirewallRules: [{74C00C25-582E-42FD-9525-06C78DD7CB7B}] => (Allow) LPort=57215
FirewallRules: [{6BF2C668-C302-451D-B96E-0AE504EAAF47}] => (Allow) LPort=57216
FirewallRules: [{CEEDC783-EF1B-441E-8D65-93452D65C455}] => (Allow) LPort=57217
FirewallRules: [{4688C5A6-3432-476D-849A-A91A52D632B1}] => (Allow) LPort=57218
FirewallRules: [{E84FDECF-666E-43AB-A383-EFE1BF63D310}] => (Allow) LPort=23007
FirewallRules: [{51DBC59C-B97A-4F4D-A197-854C1625DAE1}] => (Allow) LPort=23008
FirewallRules: [{7096E10E-CCAB-4A26-A263-803C54A1191C}] => (Allow) LPort=33009
FirewallRules: [{25F4185A-955C-4F02-B2C3-C3B228EA46B6}] => (Allow) LPort=33010
FirewallRules: [{2A021943-CB73-496C-91A9-559560632136}] => (Allow) LPort=33011
FirewallRules: [{2BE04735-E2F5-4EF8-AFC9-9F8DEB99FF86}] => (Allow) LPort=43012
FirewallRules: [{65D6019D-EE21-40B7-96F7-AFC8BA6A9733}] => (Allow) LPort=43013
FirewallRules: [{2100C081-9476-4EB3-ADBC-AEA0E5DB3DAB}] => (Allow) LPort=53014
FirewallRules: [{3B66C576-F473-4A41-86D9-F344FED533A2}] => (Allow) LPort=53015
FirewallRules: [{490E8E9E-13F2-4A35-A139-53989CFA801A}] => (Allow) LPort=53016
FirewallRules: [{F7A701A5-0EAE-4977-B672-10CC74CBE65A}] => (Allow) LPort=23007
FirewallRules: [{888410EB-8317-4826-B7E0-3BDC92C44956}] => (Allow) LPort=23008
FirewallRules: [{8AD27D3D-995C-4E77-92A9-300D63CA738F}] => (Allow) LPort=33009
FirewallRules: [{D45ADE5E-E3F2-4F62-9A8F-FFD8F2B2F1A6}] => (Allow) LPort=33010
FirewallRules: [{5967EAAD-5BBC-4EE6-A743-A2F7DC618566}] => (Allow) LPort=33011
FirewallRules: [{324A40D6-19B4-4F0C-9E8D-04BD6137BCE6}] => (Allow) LPort=43012
FirewallRules: [{DB685073-9AFA-48C6-A470-1482A064904A}] => (Allow) LPort=43013
FirewallRules: [{49138850-C133-4206-BE1E-8CACA5B9CDBA}] => (Allow) LPort=53014
FirewallRules: [{0E1936F7-852F-4290-8E65-E959B27DAE4F}] => (Allow) LPort=53015
FirewallRules: [{D1ED447C-499A-45D0-A82C-70C9B6410CEE}] => (Allow) LPort=53016
FirewallRules: [{EACF8780-049C-4C84-B95B-BFEF0670CDD5}] => (Allow) LPort=50053
FirewallRules: [{B04F3F35-DC63-4BEB-93E6-BB0E95097D9D}] => (Allow) LPort=50053
FirewallRules: [{DDDD0A54-F946-4512-B1C6-BAF762AE778B}] => (Allow) C:Program Files (x86)MicrosoftEdgeWebViewApplication104.0.1293.54msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
10-08-2022 16:47:28 Windows モジュール インストーラー
10-08-2022 17:06:24 Windows モジュール インストーラー
10-08-2022 22:27:09 Windows モジュール インストーラー
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (08/11/2022 03:16:46 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for “C:Program Files (x86)DellUpdateServiceServiceShell.exe”.Error in manifest or policy file “C:Program Files (x86)DellUpdateServiceServiceShell.exe.Config” on line 12.
Invalid Xml syntax.
Error: (08/11/2022 03:10:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Autoruns64.exe, version: 14.0.9.0, time stamp: 0x620ab70c
Faulting module name: Autoruns64.exe, version: 14.0.9.0, time stamp: 0x620ab70c
Exception code: 0xc0000005
Fault offset: 0x00000000000cd315
Faulting process id: 0xce8
Faulting application start time: 0x01d8ad44771d5150
Faulting application path: C:Userski43dDownloadsAutorunsAutoruns64.exe
Faulting module path: C:Userski43dDownloadsAutorunsAutoruns64.exe
Report Id: 41f93f37-4c26-4f3c-b33e-32fb53097144
Faulting package full name:
Faulting package-relative application ID:
Error: (08/11/2022 02:33:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, システム シャットダウンが実行中です。
.
Error: (08/11/2022 02:33:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, システム シャットダウンが実行中です。
]
Error: (08/11/2022 02:33:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, システム シャットダウンが実行中です。
.
Error: (08/11/2022 02:33:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, システム シャットダウンが実行中です。
]
Error: (08/11/2022 01:40:35 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007
Error: (08/11/2022 01:40:35 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0
System errors:
=============
Error: (08/13/2022 02:11:36 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NCNDJGQ)
Description: The server {ED1D0FDF-4414-470A-A56D-CFB68623FC58} did not register with DCOM within the required timeout.
Error: (08/13/2022 02:09:33 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NCNDJGQ)
Description: The server {ED1D0FDF-4414-470A-A56D-CFB68623FC58} did not register with DCOM within the required timeout.
Error: (08/13/2022 02:08:11 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NCNDJGQ)
Description: The server {ED1D0FDF-4414-470A-A56D-CFB68623FC58} did not register with DCOM within the required timeout.
Error: (08/13/2022 02:04:18 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NCNDJGQ)
Description: The server {ED1D0FDF-4414-470A-A56D-CFB68623FC58} did not register with DCOM within the required timeout.
Error: (08/13/2022 01:20:42 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
Error: (08/11/2022 03:16:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Client Management Service service failed to start due to the following error:
The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
Error: (08/11/2022 03:13:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error:
The system cannot find the file specified.
Error: (08/11/2022 03:12:06 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NCNDJGQ)
Description: DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “利用不可” in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Windows Defender:
================
Date: 2022-08-14 19:03:44
Description:
Microsoft Defender ウイルス対策 スキャンは完了する前に停止しました。
スキャン ID: {D1ABFB4A-0625-4189-A4FC-BA02E70A9A98}
スキャンの種類: マルウェア対策
スキャン パラメーター: クイック スキャン
ユーザー: NT AUTHORITYSYSTEM
Date: 2022-08-13 20:18:38
Description:
Microsoft Defender ウイルス対策 スキャンは完了する前に停止しました。
スキャン ID: {98803926-E8CE-4C8E-9D9B-9DEEB39D2787}
スキャンの種類: マルウェア対策
スキャン パラメーター: クイック スキャン
ユーザー: NT AUTHORITYSYSTEM
Date: 2022-08-12 19:31:52
Description:
Microsoft Defender ウイルス対策 スキャンは完了する前に停止しました。
スキャン ID: {E67C6899-6378-4449-B7BA-2200398385A6}
スキャンの種類: マルウェア対策
スキャン パラメーター: クイック スキャン
ユーザー: NT AUTHORITYSYSTEM
Date: 2022-08-10 22:02:04
Description:
Microsoft Defender ウイルス対策 スキャンは完了する前に停止しました。
スキャン ID: {E18C4CDF-1C40-4D06-9707-FFD9B4969502}
スキャンの種類: マルウェア対策
スキャン パラメーター: クイック スキャン
ユーザー: NT AUTHORITYSYSTEM
Date: 2022-08-05 19:23:23
Description:
Microsoft Defender ウイルス対策 スキャンは完了する前に停止しました。
スキャン ID: {2CCEAFD8-6BC0-449A-9EC8-1B1D0157E431}
スキャンの種類: マルウェア対策
スキャン パラメーター: クイック スキャン
ユーザー: NT AUTHORITYSYSTEM
Event[0]:
Date: 2022-08-11 14:35:34
Description:
Microsoft Defender ウイルス対策 リアルタイム保護機能でエラーが発生して失敗しました。
機能: アクセス時
エラー コード: 0x8007043c
エラーの説明: このサービスはセーフ モードで開始できません
理由: 不明な理由でマルウェア対策セキュリティ インテリジェンスが機能を停止しました。サービスを再起動することで問題が解決する場合があります。
Date: 2022-08-08 19:13:26
Description:
Microsoft Defender ウイルス対策 リアルタイム保護機能でエラーが発生して失敗しました。
機能: アクセス時
エラー コード: 0x8007043c
エラーの説明: このサービスはセーフ モードで開始できません
理由: 不明な理由でマルウェア対策セキュリティ インテリジェンスが機能を停止しました。サービスを再起動することで問題が解決する場合があります。
Date: 2022-08-05 19:31:20
Description:
Microsoft Defender ウイルス対策 リアルタイム保護機能でエラーが発生して失敗しました。
機能: アクセス時
エラー コード: 0x8007043c
エラーの説明: このサービスはセーフ モードで開始できません
理由: 不明な理由でマルウェア対策セキュリティ インテリジェンスが機能を停止しました。サービスを再起動することで問題が解決する場合があります。
Date: 2022-08-05 09:21:11
Description:
Microsoft Defender ウイルス対策 リアルタイム保護機能でエラーが発生して失敗しました。
機能: アクセス時
エラー コード: 0x8007043c
エラーの説明: このサービスはセーフ モードで開始できません
理由: 不明な理由でマルウェア対策セキュリティ インテリジェンスが機能を停止しました。サービスを再起動することで問題が解決する場合があります。
Date: 2022-08-04 17:05:01
Description:
Microsoft Defender ウイルス対策 リアルタイム保護機能でエラーが発生して失敗しました。
機能: アクセス時
エラー コード: 0x8007043c
エラーの説明: このサービスはセーフ モードで開始できません
理由: 不明な理由でマルウェア対策セキュリティ インテリジェンスが機能を停止しました。サービスを再起動することで問題が解決する場合があります。
CodeIntegrity:
===============
Date: 2022-08-14 23:46:51
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3ProgramDataMicrosoftWindows DefenderPlatform4.18.2205.7-0MsMpEng.exe) attempted to load DeviceHarddiskVolume3WindowsSystem32DriverStoreFileRepositoryigdlh64.inf_amd64_5dc194ddcb559d66igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-08-14 17:34:59
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3Program FilesMozilla Firefoxfirefox.exe) attempted to load DeviceHarddiskVolume3Program FilesMalwarebytesAnti-Malwarembae64.dll that did not meet the Microsoft signing level requirements.
Date: 2022-08-14 12:59:34
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3WindowsSystem32WaaSMedicAgent.exe) attempted to load DeviceHarddiskVolume3WindowsSystem32ASProxy64.dll that did not meet the Microsoft signing level requirements.
Date: 2022-08-14 12:56:46
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3WindowsSystem32SIHClient.exe) attempted to load DeviceHarddiskVolume3WindowsSystem32ASProxy64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. 1.9.0 03/25/2022
Motherboard: Dell Inc. 09YTN7
Processor: Intel® Core i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 86%
Total physical RAM: 8089.31 MB
Available physical RAM: 1054.04 MB
Total Virtual: 15399.11 MB
Available Virtual: 2221.89 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:915.75 GB) (Free:775.69 GB) (Model: TOSHIBA MQ04ABF100) NTFS
Drive e: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:152.02 GB) (Model: Seagate Expansion+ SCSI Disk Device) NTFS
\?Volume{590cc7ce-dc1a-4e43-a981-a3aa890aad57} (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.39 GB) NTFS
\?Volume{524c4f32-4646-4f49-9965-5f45f54ed27e} (Image) (Fixed) (Total:12.76 GB) (Free:0.15 GB) NTFS
\?Volume{14b89a6a-d620-4575-bcb3-370e5d6132a5} (DELLSUPPORT) (Fixed) (Total:1.17 GB) (Free:0.42 GB) NTFS
\?Volume{416e90f9-bc08-43ce-9424-bd57667b284d} (ESP) (Fixed) (Total:0.73 GB) (Free:0.66 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AD77004B)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: EE417D67)
Partition 1: (Not Active) – (Size=931.5 GB) – (Type=07 NTFS)
==================== End of Addition.txt =======================
