Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2026 Ran by hanna (administrator) on DESKTOP-D26QFNO (HP 870-224) (11-03-2026 22:52:05) Running from C:\Users\hanna\Downloads\FRST64.exe Loaded Profiles: hanna Platform: Microsoft Windows 10 Home Version 22H2 19045.6466 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win64\steamwebhelper.exe <7> (C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (C:\Users\hanna\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\hanna\AppData\Local\Programs\Opera GX\127.0.5778.96\opera_crashreporter.exe (explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <36> (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (explorer.exe ->) (Opera Norway AS -> Opera Software) C:\Users\hanna\AppData\Local\Programs\Opera GX\opera.exe <16> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe (services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpDefenderCoreService.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\NisSrv.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_20ae8f14a487d5db\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2602.1001.5.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RZTHXHelper] => C:\Windows\system32\RZTHXHelper.exe (No File) HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [16907088 2025-06-02] (SteelSeries ApS -> SteelSeries A/S) HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [4143440 2025-12-02] (Riot Games, Inc. -> Riot Games, Inc.) HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [123140024 2026-03-08] (Discord Inc. -> Discord Inc.) HKU\S-1-5-21-3899324243-3341298170-2364891810-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [5767832 2026-03-10] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-3899324243-3341298170-2364891810-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1008336 2026-03-03] (Blizzard Entertainment, Inc. -> Blizzard Entertainment) HKU\S-1-5-21-3899324243-3341298170-2364891810-1001\...\Run: [Opera GX Stable] => C:\Users\hanna\AppData\Local\Programs\Opera GX\opera.exe [1883080 2026-03-06] (Opera Norway AS -> Opera Software) HKU\S-1-5-21-3899324243-3341298170-2364891810-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [50941392 2025-12-20] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-3899324243-3341298170-2364891810-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [3714720 2025-09-28] (Electronic Arts, Inc. -> Electronic Arts) HKU\S-1-5-21-3899324243-3341298170-2364891810-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [75381184 2026-02-16] (Riot Games, Inc. -> Riot Games, Inc.) HKU\S-1-5-21-3899324243-3341298170-2364891810-1001\...\Run: [BakkesMod] => C:\Program Files\BakkesMod\BakkesMod.exe [15850496 2023-01-24] () [File not signed] HKU\S-1-5-21-3899324243-3341298170-2364891810-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [24773784 2026-02-04] (Logitech Inc -> Logitech, Inc.) HKU\S-1-5-21-3899324243-3341298170-2364891810-1001\...\Run: [RazerAppEngine] => C:\Program Files\Razer\RazerAppEngine\RazerAppEngine.exe [853640 2025-10-25] (Razer USA Ltd. -> Razer Inc.) HKU\S-1-5-21-3899324243-3341298170-2364891810-1001\...\Run: [System Informer] => C:\Program Files\SystemInformer\SystemInformer.exe [3429000 2026-02-13] (Winsider Seminars & Solutions Inc. -> Winsider Seminars & Solutions, Inc.) HKU\S-1-5-21-3899324243-3341298170-2364891810-1001\...\Run: [MicrosoftEdgeAutoLaunch_80A17CD0F7EB219BE50B139A9C0576EE] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4342312 2026-03-06] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3899324243-3341298170-2364891810-1001\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [54272 2025-06-09] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3899324243-3341298170-2364891810-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [6089584 2025-10-17] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION HKU\S-1-5-18\...\Run: [RazerAppEngine] => C:\Program Files\Razer\RazerAppEngine\RazerAppEngine.exe [853640 2025-10-25] (Razer USA Ltd. -> Razer Inc.) ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {C2D1B971-956F-4A45-B471-627D3B937E50} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe [1786528 2026-02-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {B1BFD983-06ED-4654-88A8-1E91C2502F45} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe [1786528 2026-02-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {6DFB9FCD-268E-4F16-8234-298D3988D66E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe [1786528 2026-02-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {0C8747C1-3620-4BE1-ACAA-A7E7F3D92265} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe [1786528 2026-02-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {E9866844-D437-48EA-AD05-9544E64CADE1} - System32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA App.exe [3324528 2025-10-15] (NVIDIA Corporation -> NVIDIA Corporation) Task: {EA89A38D-323C-46C6-B885-82AAE3C7EAF8} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1749785136 => C:\Users\hanna\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe [6292936 2026-02-25] (Opera Norway AS -> Opera Software) -> --scheduledtask --productiscomponent --installdir="C:\Users\hanna\AppData\Local\Programs\Opera GX\assistant" --producttype=assistant $(Arg0) Task: {62AF4B68-70B0-4396-9B75-68C5487B0DCD} - System32\Tasks\Opera GX scheduled Autoupdate 1749698685 => C:\Users\hanna\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe [6292936 2026-02-25] (Opera Norway AS -> Opera Software) Task: {D13467DF-99C7-4341-A90C-68042E41957A} - System32\Tasks\SystemInformerTaskAdmin => C:\Program Files\SystemInformer\SystemInformer.exe [3429000 2026-02-13] (Winsider Seminars & Solutions Inc. -> Winsider Seminars & Solutions, Inc.) Task: {9E602407-B4D6-48DC-A169-4CDF2686A535} - System32\Tasks\Ubisoft\Ubisoft Connect Background Update => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe [17192632 2026-02-03] (UBISOFT ENTERTAINMENT INC. -> Ubisoft) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{b7786fe0-e2cc-4913-bab7-1cb5fe7739b8}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{b7786fe0-e2cc-4913-bab7-1cb5fe7739b8}: [DhcpDomain] lan Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default [2026-03-12] Edge Notifications: Default -> hxxps://app.webull.com; hxxps://play.pokemonshowdown.com; hxxps://pro.kraken.com Edge Session Restore: Default -> is enabled. Edge Extension: (Phantom) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bfnaelmomeimhlpmgjnjophhpkkoljpa [2026-02-28] Edge Extension: (Microsoft Rewards) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnplfnhcidhhdapmblniehfaaompjlck [2025-06-09] Edge Extension: (Microsoft Edge Unminification Extension) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cgjgjfacjflmgphhhepmbhhbgjieaecn [2026-03-12] Edge Extension: (Google Docs Offline) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2026-02-28] Edge Extension: (StarKey Wallet - The official wallet for Supra) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hcjhpkgbmechpabifbggldplacolbkoh [2026-03-10] Edge Extension: (Coinbase Wallet extension) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad [2026-02-26] Edge Extension: (Jupiter Wallet) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iledlaeogohbilgbfhmbgkgmpplbfboh [2026-03-09] Edge Extension: (Alby - Bitcoin Wallet for Lightning & Nostr) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iokeahhehimjnekafflcihljlcjccdbe [2026-03-08] Edge Extension: (Edge relevant text changes) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-06-09] Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2026-03-12] Edge Extension: (Capital One Shopping: Save Now) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2026-03-08] Edge Extension: (Ronin Wallet) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kjmoohlgokccodicjjfebfomlbljgfhk [2025-06-09] Edge Extension: (Action Model) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lhciigpkocgkbnbjimbbiejpfijdbcag [2026-03-08] Edge Extension: (uBlock Origin) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2026-03-11] Edge Extension: (TunnelBear VPN) - C:\Users\hanna\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2025-12-10] Opera: ======= StartMenuInternet: (HKU\S-1-5-21-3899324243-3341298170-2364891810-1001) Opera GXStable - "C:\Users\hanna\AppData\Local\Programs\Opera GX\opera.exe" ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [3386064 2026-02-24] (Blizzard Entertainment, Inc. -> Blizzard Entertainment) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [20317352 2025-07-09] (BattlEye Innovations e.K. -> ) S3 Denuvo Anti-Cheat Update Service; C:\Program Files\Denuvo Anti-Cheat\denuvo-anti-cheat-update-service.exe [1196696 2025-11-05] (DENUVO GmbH -> Denuvo GmbH) S3 EAAntiCheatService; C:\Program Files\EA\AC\eaanticheat.gameservice.exe [154743544 2025-10-26] (Electronic Arts, Inc. -> Electronic Arts) S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [19205792 2025-09-28] (Electronic Arts, Inc. -> Electronic Arts) S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [985896 2026-03-05] (EasyAntiCheat Oy -> Epic Games, Inc.) S3 EpicGamesUpdater; C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesUpdater.exe [3344336 2025-12-20] (Epic Games Inc. -> Epic Games, Inc.) S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [1604512 2025-07-15] (Epic Games Inc. -> Epic Games, Inc.) R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [20112536 2026-02-04] (Logitech Inc -> Logitech, Inc.) R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpDefenderCoreService.exe [2067464 2026-02-10] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_20ae8f14a487d5db\Display.NvContainer\NVDisplay.Container.exe [1275624 2025-10-30] (NVIDIA Corporation -> NVIDIA Corporation) S3 Razer Elevation Service; C:\Program Files\Razer\razer_elevation_service\razer_elevation_service.exe [1741960 2025-10-25] (Razer USA Ltd. -> Razer Inc) S3 SteelSeriesGGUpdateServiceProxy; C:\Program Files\SteelSeries\GG\SteelSeriesGGUpdateServiceProxy.exe [1587712 2025-03-13] (GN Hearing A/S -> ) S3 UpcElevationService; C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher Core\UpcElevationService.exe [351928 2026-02-03] (UBISOFT ENTERTAINMENT INC. -> Ubisoft) S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [62279264 2025-12-02] (Riot Games, Inc. -> Riot Games, Inc.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\NisSrv.exe [4435096 2026-02-10] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MsMpEng.exe [290744 2026-02-10] (Microsoft Windows Publisher -> Microsoft Corporation) S2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA Corporation\NVIDIA App\NvContainer\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -ert S2 WslInstaller; C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_2.6.3.0_x64__8wekyb3d8bbwe\wslinstaller.exe [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Denuvo Anti-Cheat; C:\Program Files\Denuvo Anti-Cheat\denuvo-anti-cheat.sys [4275392 2025-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Denuvo GmbH) S3 HPOMENMS; C:\Windows\system32\drivers\HPOMENMS.sys [32264 2015-05-14] (Microsoft Windows Hardware Compatibility Publisher -> ) R2 HpReadHWData; C:\Windows\system32\drivers\HpReadHWData.sys [58952 2025-06-18] (HP Inc. -> Windows (R) Win 7 DDK provider) R3 IntelReadyModeDriver; C:\Windows\System32\drivers\IntelReadyModeDriver.sys [34720 2016-11-07] (Intel Corporation -> Intel Corporation) R3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [82352 2026-02-10] (Microsoft Windows -> Microsoft Corporation) R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [44880 2025-08-16] (Logitech Inc -> Logitech) R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32080 2025-08-16] (Logitech Inc -> Logitech) R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [73040 2025-08-16] (Logitech Inc -> Logitech) R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [43568 2025-02-25] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS) R3 sshid; C:\Windows\System32\drivers\sshid.sys [46136 2025-04-07] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS) R3 SteelSeries_Sonar_VAD; C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_4a7a0876e89a4ff8\SteelSeries-Sonar-VAD.sys [95840 2025-05-14] (GN Hearing A/S -> Windows (R) Win 7 DDK provider) S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [44293288 2025-12-01] (Riot Games, Inc. -> Riot Games, Inc.) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21888 2026-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [635272 2026-02-10] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [102832 2026-02-10] (Microsoft Windows -> Microsoft Corporation) S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2026-03-11 22:52 - 2026-03-11 22:53 - 000019549 _____ C:\Users\hanna\Downloads\FRST.txt 2026-03-11 22:51 - 2026-03-11 22:52 - 000000000 ____D C:\FRST 2026-03-11 21:01 - 2026-03-11 21:04 - 002445824 _____ (Farbar) C:\Users\hanna\Downloads\FRST64.exe 2026-03-09 11:58 - 2026-03-09 11:58 - 000000223 _____ C:\Users\hanna\Desktop\Paragnosia.url 2026-03-08 22:16 - 2026-03-08 22:16 - 000001024 _____ C:\Users\hanna\Desktop\Vintage Story.lnk 2026-03-08 22:16 - 2026-03-08 22:16 - 000001010 _____ C:\Users\hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vintage Story.lnk 2026-03-08 22:11 - 2026-03-08 22:16 - 000000000 ____D C:\Users\hanna\AppData\Roaming\Vintagestory 2026-03-08 22:08 - 2026-03-08 22:09 - 596496880 _____ (Anego Systems ) C:\Users\hanna\Downloads\vs_install_win-x64_1.22.0-rc.1.exe 2026-03-08 19:28 - 2026-03-08 19:28 - 000000000 ____D C:\Users\hanna\AppData\Local\Discord 2026-03-08 18:09 - 2026-03-08 19:28 - 000000000 ____D C:\Users\hanna\AppData\Local\SquirrelTemp 2026-03-08 18:09 - 2026-03-08 18:09 - 000000000 ____D C:\ProgramData\SquirrelMachineInstalls 2026-03-08 17:47 - 2026-03-08 17:47 - 123140024 _____ (Discord Inc.) C:\Users\hanna\Downloads\DiscordSetup.exe 2026-03-08 14:51 - 2026-03-08 14:51 - 000007862 _____ C:\Users\hanna\Downloads\albyhub.bkp 2026-03-08 12:06 - 2026-03-08 15:25 - 000000000 ____D C:\Users\hanna\AppData\Local\albyhub 2026-03-08 12:06 - 2026-03-08 12:06 - 000000000 ____D C:\Users\hanna\Downloads\albyhub-Desktop-Windows 2026-03-08 12:06 - 2026-03-08 12:06 - 000000000 ____D C:\Users\hanna\AppData\Roaming\Alby Hub.exe 2026-03-08 12:05 - 2026-03-08 12:06 - 029733719 _____ C:\Users\hanna\Downloads\albyhub-Desktop-Windows.zip 2026-03-08 11:42 - 2026-03-08 11:42 - 000000002 _____ C:\Users\hanna\Downloads\mutiny-state.json 2026-03-07 23:37 - 2026-03-03 17:40 - 000452984 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_d.dll.0 2026-03-07 23:36 - 2026-03-07 23:36 - 000000000 ____D C:\Windows\Minidumps 2026-03-05 15:41 - 2026-03-05 15:41 - 000798534 _____ C:\Users\hanna\Downloads\v15044gf0000d6i7e57og65q2e3cgt50.mp4 2026-02-27 01:49 - 2026-02-27 01:49 - 000000000 ____D C:\Users\hanna\AppData\Local\FarFarWest 2026-02-26 22:15 - 2026-02-26 22:15 - 000000000 ____D C:\Users\hanna\AppData\Local\P1348 2026-02-26 09:07 - 2026-02-26 09:07 - 000129904 _____ C:\ProgramData\agent.uninstall.1772114829.bdinstall.v2.bin 2026-02-26 09:06 - 2026-02-26 09:06 - 000473476 _____ C:\ProgramData\cl.uninstall.1772114644.bdinstall.v2.bin 2026-02-26 08:52 - 2026-02-26 08:52 - 000695912 _____ C:\ProgramData\cl.1772113385.bdinstall.v2.bin 2026-02-26 08:52 - 2026-02-26 08:52 - 000136552 _____ C:\ProgramData\cl.kit.1772113384.bdinstall.v2.bin 2026-02-26 08:51 - 2026-02-26 08:51 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4 2026-02-26 08:50 - 2026-02-26 09:04 - 000000000 ____D C:\ProgramData\BDLogging 2026-02-26 08:46 - 2026-02-26 08:46 - 000000000 ____D C:\Users\hanna\AppData\Roaming\Bitdefender Security App 2026-02-26 08:43 - 2026-03-07 23:36 - 000000000 ____D C:\Program Files\Bitdefender 2026-02-26 08:43 - 2026-02-26 09:06 - 000000000 ____D C:\ProgramData\Bitdefender 2026-02-26 08:41 - 2026-02-26 08:41 - 000223484 _____ C:\ProgramData\agent.1772113297.bdinstall.v2.bin 2026-02-26 08:41 - 2026-02-26 08:41 - 000000000 ____D C:\ProgramData\Bitdefender Agent 2026-02-26 08:37 - 2026-02-26 08:37 - 021514816 _____ C:\Users\hanna\Downloads\bitdefender_avfree.exe 2026-02-26 08:33 - 2026-02-26 08:34 - 002849080 _____ (Malwarebytes) C:\Users\hanna\Downloads\MBSetup.exe 2026-02-26 06:35 - 2026-02-26 06:35 - 000000223 _____ C:\Users\hanna\Desktop\1348 Ex Voto Demo.url 2026-02-26 06:35 - 2026-02-26 06:35 - 000000000 ____D C:\Users\hanna\AppData\Local\LANESPLIT 2026-02-26 06:34 - 2026-02-26 06:34 - 000000223 _____ C:\Users\hanna\Desktop\Far Far West Demo.url 2026-02-26 06:33 - 2026-02-26 06:33 - 000000223 _____ C:\Users\hanna\Desktop\Everything is Crab Demo.url 2026-02-25 07:13 - 2026-02-25 07:13 - 000000000 ____D C:\Users\hanna\AppData\Local\R5 2026-02-22 04:37 - 2026-02-22 09:45 - 000000000 ____D C:\Users\hanna\AppData\Local\User Data 2026-02-22 04:37 - 2026-02-22 04:37 - 000000000 ____D C:\Users\hanna\AppData\Local\nwjs 2026-02-22 04:27 - 2026-02-22 04:27 - 000000223 _____ C:\Users\hanna\Desktop\Windrose Demo.url 2026-02-18 11:19 - 2026-02-18 11:19 - 000000223 _____ C:\Users\hanna\Desktop\WheelMates Playtest.url 2026-02-18 04:39 - 2026-02-18 04:39 - 000000223 _____ C:\Users\hanna\Desktop\Half Sword.url 2026-02-16 01:55 - 2026-02-16 01:55 - 086203282 _____ C:\Users\hanna\Downloads\Visual-C-Runtimes-All-in-One-Dec-2025.zip 2026-02-16 01:46 - 2026-02-16 01:48 - 000000000 ____D C:\Program Files (x86)\dotnet 2026-02-16 01:46 - 2026-02-16 01:46 - 000000000 ____D C:\Users\hanna\.dotnet 2026-02-16 01:02 - 2026-02-16 01:02 - 123443128 _____ (Discord Inc.) C:\Users\hanna\Downloads\DiscordSetup (1).exe 2026-02-15 22:43 - 2026-02-15 22:43 - 000000000 ____D C:\Windows\system32\Tasks\Agent Activation Runtime 2026-02-15 13:44 - 2026-02-15 13:44 - 000000000 ____D C:\Users\hanna\AppData\Local\Razer 2026-02-15 12:59 - 2026-02-15 23:21 - 000000000 ____D C:\Program Files\Razer 2026-02-15 12:48 - 2026-02-15 23:21 - 000000000 ____D C:\ProgramData\Razer 2026-02-15 12:30 - 2026-02-15 12:30 - 000000000 ____D C:\Users\hanna\Downloads\Razer-Synapse-4-Repair-Kit-main 2026-02-15 12:28 - 2026-02-15 12:28 - 000003790 _____ C:\Users\hanna\Downloads\Razer-Synapse-4-Repair-Kit-main.zip 2026-02-15 11:37 - 2026-02-15 13:27 - 000000000 ____D C:\Windows\system32\Tasks\Hewlett-Packard 2026-02-15 11:37 - 2026-02-15 11:39 - 000000000 ____D C:\Users\hanna\AppData\Local\HP 2026-02-15 11:37 - 2026-02-15 11:37 - 000000000 ____D C:\Program Files (x86)\HP 2026-02-15 11:22 - 2026-02-15 22:51 - 000000000 ____D C:\Users\hanna\AppData\Local\ElevatedDiagnostics 2026-02-15 11:16 - 2026-02-15 11:16 - 000000856 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk 2026-02-15 11:16 - 2026-02-15 11:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi 2026-02-15 11:16 - 2026-02-15 11:16 - 000000000 ____D C:\ProgramData\LGHUBData 2026-02-15 11:16 - 2026-02-15 11:16 - 000000000 ____D C:\Program Files\LGHUB 2026-02-15 11:10 - 2026-02-15 11:10 - 134222904 _____ C:\Windows\392667600.dat 2026-02-13 21:25 - 2026-02-13 21:25 - 000000928 _____ C:\Users\Public\Desktop\Overwatch.lnk 2026-02-13 21:25 - 2026-02-13 21:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch 2026-02-13 01:30 - 2026-02-13 01:30 - 000003200 _____ C:\Windows\system32\Tasks\SystemInformerTaskAdmin 2026-02-12 22:52 - 2026-03-10 02:05 - 000000000 ____D C:\Symbols 2026-02-12 22:46 - 2026-03-10 02:16 - 000000000 ____D C:\Users\hanna\AppData\Roaming\SystemInformer 2026-02-12 22:45 - 2026-03-10 02:02 - 000001805 _____ C:\Users\Public\Desktop\System Informer.lnk 2026-02-12 22:45 - 2026-02-12 22:45 - 023750192 _____ (System Informer) C:\Users\hanna\Downloads\systeminformer-3.2.25011-release-setup.exe 2026-02-12 22:45 - 2026-02-12 22:45 - 000001632 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Informer.lnk 2026-02-12 22:45 - 2026-02-12 22:45 - 000001592 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE Viewer.lnk 2026-02-12 22:45 - 2026-02-12 22:45 - 000000000 ____D C:\Program Files\SystemInformer ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2026-03-11 22:40 - 2025-06-08 20:28 - 000000000 ____D C:\Program Files (x86)\Steam 2026-03-11 17:54 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps 2026-03-11 17:54 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness 2026-03-11 17:54 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2026-03-11 17:39 - 2025-06-08 22:04 - 000000000 ____D C:\Windows\system32\SleepStudy 2026-03-11 11:41 - 2023-12-03 21:52 - 000000000 ____D C:\Windows\SystemTemp 2026-03-10 05:45 - 2025-08-08 14:20 - 000000000 ____D C:\Users\hanna\AppData\Roaming\EasyAntiCheat 2026-03-10 05:42 - 2025-06-08 20:16 - 000000000 ____D C:\Users\hanna\AppData\Local\ConnectedDevicesPlatform 2026-03-10 05:42 - 2025-06-08 20:15 - 000000000 ____D C:\ProgramData\NVIDIA 2026-03-09 22:20 - 2025-06-26 00:46 - 000000000 ____D C:\Users\hanna\AppData\Local\CrashDumps 2026-03-09 19:18 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\AppLocker 2026-03-09 13:57 - 2025-06-12 01:15 - 000000000 ____D C:\Users\hanna\AppData\Local\Ubisoft Game Launcher 2026-03-09 11:58 - 2025-06-08 21:28 - 000000000 ____D C:\Users\hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2026-03-09 11:47 - 2025-06-09 20:17 - 000000000 ____D C:\Users\hanna\AppData\Local\Battle.net 2026-03-09 10:44 - 2025-06-09 20:18 - 000000000 ____D C:\Program Files (x86)\Overwatch 2026-03-09 01:30 - 2025-07-25 21:39 - 000000000 ____D C:\Users\hanna\AppData\Local\D3DSCache 2026-03-08 23:28 - 2025-09-03 14:36 - 000000000 ____D C:\Users\hanna\AppData\Roaming\VintagestoryData 2026-03-08 22:09 - 2025-09-03 14:32 - 000000000 ____D C:\Program Files\dotnet 2026-03-08 22:09 - 2025-06-11 21:59 - 000000000 ____D C:\ProgramData\Package Cache 2026-03-08 19:47 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp 2026-03-08 12:06 - 2025-07-10 04:09 - 000000001 _____ C:\Windows\vgkbootstatus.dat 2026-03-08 09:16 - 2025-06-08 22:04 - 000002514 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2026-03-08 09:16 - 2025-06-08 22:04 - 000002352 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2026-03-08 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\NDF 2026-03-07 23:40 - 2025-06-08 20:11 - 000840602 _____ C:\Windows\system32\PerfStringBackup.INI 2026-03-07 23:40 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF 2026-03-07 23:36 - 2025-06-08 22:04 - 000008192 ___SH C:\DumpStack.log.tmp 2026-03-07 23:36 - 2025-06-08 22:04 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2026-03-07 23:36 - 2025-06-08 20:17 - 000000000 ____D C:\Intel 2026-03-07 23:36 - 2025-06-08 20:13 - 000000000 ____D C:\Users\hanna 2026-03-07 23:36 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ServiceState 2026-03-07 05:21 - 2025-06-08 22:04 - 000003534 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2026-03-07 05:21 - 2025-06-08 22:04 - 000003408 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2026-03-06 14:54 - 2026-02-04 10:09 - 000000000 ____D C:\Users\hanna\Zenbeats User 2026-03-06 14:44 - 2026-02-04 09:50 - 000000000 ____D C:\Users\Public\Documents\Zenbeats Library 2026-03-06 11:49 - 2025-06-09 20:17 - 000000000 ____D C:\Program Files (x86)\Battle.net 2026-03-06 04:00 - 2025-06-11 22:24 - 000004244 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1749698685 2026-03-06 04:00 - 2025-06-11 22:24 - 000001413 _____ C:\Users\hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser.lnk 2026-03-05 17:50 - 2025-06-18 03:09 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS 2026-03-03 17:40 - 2025-06-08 21:30 - 004589944 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll 2026-03-03 17:40 - 2025-06-08 21:30 - 000911736 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll.0 2026-03-03 17:40 - 2025-06-08 21:30 - 000911736 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll 2026-03-03 17:40 - 2025-06-08 21:30 - 000289144 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll 2026-03-03 17:40 - 2025-06-08 21:30 - 000260472 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll 2026-03-03 17:40 - 2025-06-08 21:30 - 000166264 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll 2026-03-03 17:40 - 2025-06-08 21:30 - 000153968 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe 2026-03-03 17:40 - 2025-06-08 21:30 - 000084344 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe 2026-02-27 01:49 - 2025-06-09 04:53 - 000000000 ____D C:\Users\hanna\AppData\Local\UnrealEngine 2026-02-26 10:35 - 2019-12-07 04:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2026-02-26 08:52 - 2019-12-07 04:03 - 000032768 _____ C:\Windows\system32\config\ELAM 2026-02-25 16:44 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\LiveKernelReports 2026-02-24 19:03 - 2026-01-10 14:44 - 000000000 ____D C:\ProgramData\PackerCrashCanary 2026-02-24 18:43 - 2025-08-08 14:20 - 000000000 ____D C:\ProgramData\Packer 2026-02-20 15:51 - 2025-07-20 10:28 - 000000000 ____D C:\Users\hanna\AppData\Local\LGHUB 2026-02-19 23:15 - 2026-01-08 00:00 - 000000000 ____D C:\Users\hanna\AppData\Roaming\qBittorrent 2026-02-16 08:28 - 2025-06-08 20:16 - 000000000 ____D C:\Users\hanna\AppData\Local\Packages 2026-02-16 01:57 - 2019-12-07 04:03 - 000524288 _____ C:\Windows\system32\config\BBI 2026-02-16 01:50 - 2025-06-08 22:04 - 000286232 _____ C:\Windows\system32\FNTCACHE.DAT 2026-02-16 00:48 - 2025-06-08 20:13 - 000000000 ____D C:\Users\hanna\AppData\Roaming\Microsoft\Windows 2026-02-15 23:20 - 2025-06-08 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2026-02-15 22:42 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\Registration 2026-02-15 11:36 - 2025-06-18 00:29 - 000000000 ____D C:\Users\hanna\AppData\Roaming\HP 2026-02-15 11:10 - 2025-07-20 10:28 - 000000000 ____D C:\Users\hanna\AppData\Roaming\G HUB 2026-02-15 10:33 - 2025-08-16 14:52 - 000000000 ____D C:\Users\hanna\AppData\Roaming\lghub 2026-02-13 20:33 - 2025-06-09 20:16 - 000000000 ____D C:\Users\hanna\AppData\Local\Blizzard Entertainment 2026-02-11 12:32 - 2025-06-08 20:49 - 000000000 ____D C:\Windows\system32\MRT 2026-02-11 12:28 - 2025-06-08 20:49 - 221154392 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2026-02-10 00:33 - 2025-06-08 22:04 - 000000000 ____D C:\Windows\system32\Drivers\wd 2026-02-09 16:03 - 2025-06-12 22:25 - 000004532 _____ C:\Windows\system32\Tasks\Opera GX scheduled assistant Autoupdate 1749785136 ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================