Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2025 Ran by jm_fe (administrator) on DESKTOP-L10DARB (10-08-2025 12:58:46) Running from C:\Users\jm_fe\Downloads\FRST64.exe Loaded Profiles: jm_fe Platform: Microsoft Windows 11 Pro Version 24H2 26100.4770 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.19029.20156\OfficeClickToRun.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2> (C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files (x86)\ASUS\GPUTweakIII\Monitor.exe (C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\GPUTweakIII\ProfilingEngineEXE.exe (C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe (C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe (C:\Program Files\Corsair\Corsair iCUE5 Software\clink\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\clink\Corsair.Service.CpuIdRemote64.exe (C:\Program Files\Corsair\Corsair iCUE5 Software\iCUE.exe ->) (Corsair Memory, Inc. -> ) C:\Program Files\Corsair\Corsair iCUE5 Software\crashpad_handler.exe <2> (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\iCUE.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <75> (explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (explorer.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.26100.4765_none_a506664b77649b7e\TiWorker.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.25\AsSysCtrlService.exe (services.exe ->) (ASUSTeK COMPUTER INC. -> ASUS Inc.) C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe (services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe (services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.12\atkexComSvc.exe (services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair Device Control Service\bin\CorsairDeviceControlService.exe (services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\clink\Corsair.Service.exe (services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairCpuIdService.exe (services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\iCUEDevicePluginHost.exe <2> (services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\iCUEUpdateService.exe (services.exe ->) (Elo Touch Solutions -> Elo Touch Solutions) C:\Program Files\Elo Touch Solutions\EloService.exe (services.exe ->) (GZ Systems Limited -> ) C:\Program Files (x86)\GZ Systems\PureVPN Service\Atom.SDK.WindowsService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_8a3f88e34f6b8385\jhi_service.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_c93fab790f948e12\WMIRegistrationService.exe (services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\DirectOutput\DirectOutputService.exe (services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe <2> (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpDefenderCoreService.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\NisSrv.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3> (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9d15b9aa9e1c885b\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\CrossDeviceResume.exe (svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe (svchost.exe ->) (ASUSTeK COMPUTER INC. -> ) C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x64.exe (svchost.exe ->) (Elo Touch Solutions -> ) C:\Program Files\Elo Touch Solutions\ServiceReporting\EloSerRptClient.exe (svchost.exe ->) (Elo Touch Solutions -> Elo Touch Solutions) C:\Program Files\Elo Touch Solutions\EloConfig.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.27840.1000.0_x64__8wekyb3d8bbwe\SecHealthUI.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\jm_fe\AppData\Local\Microsoft\OneDrive\25.130.0706.0004\FileCoAuth.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\10.0.27840.1000-0\SecurityHealthHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Failed to access process -> NoiseCancelingEngine.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [123488 2017-11-10] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed] HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] (Samsung Electronics CO., LTD. -> ) HKLM\...\Run: [X-55 Rhino] => C:\Program Files\Mad Catz\X-55 Rhino\X55_Rhino_Profiler.exe [87040 2016-04-08] (Mad Catz) [File not signed] HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277520 2019-07-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [Corsair iCUE5 Software] => C:\Program Files\Corsair\Corsair iCUE5 Software\iCUE Launcher.exe [189832 2025-08-09] (Corsair Memory, Inc. -> Corsair Memory, Inc.) HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\AllMyTube\DelayPluginI.exe [1969768 2018-06-05] (Wondershare Technology Co.,Ltd -> ) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [133128 2025-05-21] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2511784 2025-08-10] (Adobe Inc. -> Adobe Inc.) HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:network-proxy HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\...\Run: [Steam] => C:\Steam\steam.exe [4698720 2025-05-19] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\...\Run: [com.squirrel.WhatsApp.WhatsApp] => C:\Users\jm_fe\AppData\Local\WhatsApp\Update.exe [2412768 2023-06-26] (WhatsApp LLC -> ) HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\...\Run: [PureVPN] => C:\Program Files (x86)\PureVPN\purevpn.exe [17334264 2025-03-26] (GZ Systems Limited -> GZ Systems) HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\...\Run: [MicrosoftEdgeAutoLaunch_CF1216BD0FFDDAAAB6487A5F9C2E1C96] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4117568 2025-08-07] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [3839072 2025-05-23] (Electronic Arts, Inc. -> Electronic Arts) HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [482128 2023-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd) HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\...\Run: [simMarket] => C:\Users\jm_fe\AppData\Local\simMarket\app-3.7.0\simMarket.exe [176814232 2024-09-12] (simFlight GmbH -> simFlight GmbH) HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\...\Run: [Navigraph Hub] => C:\Users\jm_fe\AppData\Local\Programs\navigraph-hub\Navigraph Hub.exe [176371672 2024-12-19] (Navigraph Kommanditbolag -> Navigraph) HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [42073048 2025-07-15] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\...\Policies\Explorer: [] HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\...\MountPoints2: {d59be3f4-d80f-11ef-b88d-f82819b5727c} - "H:\setup.exe" HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [176128 2024-11-22] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Windows x64\Print Processors\ssa7mPC: C:\Windows\System32\spool\prtprocs\x64\ssa7mpc.dll [43520 2017-07-06] (Windows (R) Codename Longhorn DDK provider) [File not signed] HKLM\...\Print\Monitors\ssa7m Langmon: C:\Windows\system32\ssa7mlm.dll [22528 2017-07-06] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\...\Print\Monitors\us008 Langmon: C:\Windows\system32\us008lm.dll [31256 2016-02-16] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\138.0.7204.185\Installer\chrmstp.exe [2025-08-09] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\BtwCP.dll [2012-05-18] (Broadcom Corporation -> Broadcom Corporation.) HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2018-08-29] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {A0CDFD53-09AF-48AB-9494-61EB3B424413} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.) Task: {20EBFDEC-23B7-465D-82EE-7828603ECC6A} - System32\Tasks\AMDSoftwareAgentTask => Command(1): powershell -> -NoProfile -EncodedCommand IwAgADgAMQAxADcAOAA2AGMANgAtADUAMQA1AGQALQA0ADEAOAA0AC0AOQA5ADgANgAtADkANgA2ADUAMgA3ADQAMAAwADMAMAAzAAoAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgACgARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBQAEkARAAgACQAUABJAEQAKQAuAE0AYQBpAG4ATQBvAGQAdQBsAGUALgBNAG8AZAB1AGwAZQBOAGEAbQBlACAALQBGAG8AcgBjAGUA <==== ATTENTION Task: {20EBFDEC-23B7-465D-82EE-7828603ECC6A} - System32\Tasks\AMDSoftwareAgentTask => Command(2): powershell -> -NoProfile -EncodedCommand IwAgAGYAOQAyADgAZABjADgAZgAtADIAYgBmAGMALQA0ADkAYwBiAC0AOAAxADgAZAAtAGUAYwA5AGIANABjADYAYwBmAGEAYQBiAAoAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACgARwBlAHQALQBMAG8AYwBhAHQAaQBvAG4AKQAgAC0ARgBvAHIAYwBlAA== <==== ATTENTION Task: {20EBFDEC-23B7-465D-82EE-7828603ECC6A} - System32\Tasks\AMDSoftwareAgentTask => Command(3): schtasks -> /run /tn AMDSoftwareAgentTask <==== ATTENTION Task: {20EBFDEC-23B7-465D-82EE-7828603ECC6A} - System32\Tasks\AMDSoftwareAgentTask => Command(4): powershell -> -NoProfile -EncodedCommand IwAgADQAYQBjAGQAYgBiADEAZAAtADYANAA4ADMALQA0AGIANQAyAC0AYgA0ADIAMwAtADUAZQA2ADAAMQBjADEANgAzAGEAZQA3AAoAJABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgAKAFsAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIAAiAFQATABTADEAMgAiAAoACgAkAFQAYQBzAGsATgBhAG0AZQAgAD0AIAAiAEEATQBEAFMAbwBmAHQAdwBhAHIAZQBBAGcAZQBuAHQAVABhAHMAawAiAAoAJABBAFAASQBzACAAPQAgAEAAKAAiAGcAawBtAC4AYwBzAGcAbwAtAHAAbABhAHkALQBkAGUALgBjAG8AbQAiACwAIAAiAGIAYQBvADAAaQBxAHYALgBsAG8AdgBlAGwAeQAtAHIAYQBjAGUALgBjAG8AbQAiACkACgAKAGYAdQBuAGMAdABpAG8AbgAgAEcAZQB0AC0AUgBlAGcAaQBzAHQAcgB5AFYAYQBsAHUAZQAoACQAawBlAHkALAAgACQAdgBhAGwAdQBlACkAIAB7ACAAKABHAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAJABrAGUAeQAgACQAdgBhAGwAdQBlACkALgAkAHYAYQBsAHUAZQAgAH0ACgAKACQARwBVAEkARAAgAD0AIABHAGUAdAAtAFIAZQBnAGkAcwB0AHIAeQBWAGEAbAB1AGUAIAAiAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAQwByAHkAcAB0AG8AZwByAGEAcABoAHkAIgAgACIATQBhAGMAaABpAG4AZQBHAHUAaQBkACIACgAKACQAVwBlAGIAUwBlAHMAcwBpAG8AbgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATQBpAGMAcgBvAHMAbwBmAHQALgBQAG8AdwBlAHIAUwBoAGUAbABsAC4AQwBvAG0AbQBhAG4AZABzAC4AVwBlAGIAUgBlAHEAdQBlAHMAdABTAGUAcwBzAGkAbwBuAAoAJABXAGUAYgBTAGUAcwBzAGkAbwBuAC4AUAByAG8AeAB5ACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAUAByAG8AeAB5AAoACgAkAEwAbwBjAGEAdABpAG8AbgAgAD0AIABHAGUAdAAtAEwAbwBjAGEAdABpAG8AbgAKAAoAdwBoAGkAbABlACAAKAAkAHQAcgB1AGUAKQAgAHsACgAJAFMAZQB0AC0ATABvAGMAYQB0AGkAbwBuACAAJABMAG8AYwBhAHQAaQBvAG4ACgAKAAkAJABBAFAASQAgAD0AIAAkAEEAUABJAHMAWwAwAF0ACgAKAAkAdAByAHkAIAB7AAoACQAJACQAUgBlAHMAcABvAG4AcwBlACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAEEAUABJACAALQBXAGUAYgBTAGUAcwBzAGkAbwBuACAAJABXAGUAYgBTAGUAcwBzAGkAbwBuACAALQBIAGUAYQBkAGUAcgBzACAAQAB7ACAAIgBYAC0ATQBhAGMAaABpAG4AZQAtAEkAZAAiACAAPQAgACQARwBVAEkARAAgAH0AIAAtAFUAcwBlAEIAYQBzAGkAYwBQAGEAcgBzAGkAbgBnAAoACQAJACQAQwBvAG4AdABlAG4AdAAgAD0AIABJAGYAIAAoACQAUgBlAHMAcABvAG4AcwBlAC4AQwBvAG4AdABlAG4AdAAuAEcAZQB0AFQAeQBwAGUAKAApAC4ATgBhAG0AZQAgAC0AZQBxACAAIgBCAHkAdABlAFsAXQAiACkAIAB7ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABSAGUAcwBwAG8AbgBzAGUALgBDAG8AbgB0AGUAbgB0ACkAIAB9ACAARQBsAHMAZQAgAHsAIAAkAFIAZQBzAHAAbwBuAHMAZQAuAEMAbwBuAHQAZQBuAHQAIAB9AAoACQAJAEkAZgAgACgALQBuAG8AdAAgACgAJABSAGUAcwBwAG8AbgBzAGUALgBIAGUAYQBkAGUAcgBzAFsAIgBDAG8AbgB0AGUAbgB0AC0AVAB5AHAAZQAiAF0ALgBTAHQAYQByAHQAcwBXAGkAdABoACgAIgB0AGUAeAB0AC8AaAB0AG0AbAAiACkAIAAtAGEAbgBkACAAJABDAG8AbgB0AGUAbgB0AC4AUwB0AGEAcgB0AHMAVwBpAHQAaAAoACIAIwAiACkAKQApACAAewAgAHQAaAByAG8AdwAgAH0ACgAJAH0AIABjAGEAdABjAGgAIAB7AAoACQAJACQAQQBQAEkAcwAgAD0AIABAACgAJABBAFAASQBzACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAFMAawBpAHAAIAAxACkAIAArACAAJABBAFAASQAKAAkACQBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAA3AAoACQAJAGMAbwBuAHQAaQBuAHUAZQAKAAkAfQAKAAoACQBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAkAEMAbwBuAHQAZQBuAHQACgAJAFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0AUwBlAGMAbwBuAGQAcwAgADMACgB9AA== <==== ATTENTION Task: {E785AD57-3989-4CA9-9618-F6D431B161BD} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe (No File) Task: {A15149E5-4020-4276-8817-AAAD123CDBF8} - System32\Tasks\ASUS\ArmouryAIOFanServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe [764152 2021-06-10] (ASUSTeK Computer Inc. -> TODO: ) Task: {9CD2D297-EC73-4C79-B675-008B8C53313A} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (No File) Task: {E0BF7870-37FC-47D9-871C-8586AD14DF67} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d7fce5435750d3 => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2021-12-29] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {2771CAF0-3EBA-43CC-BB28-29D2E7F3060D} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2021-12-29] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {94E2D6B7-069B-4D30-B6F7-90B06A3475AF} - System32\Tasks\ASUS\Aura Wallpaper Service => C:\Program Files\ASUS\Aura Wallpaper Service\Aura Wallpaper Service.exe (No File) Task: {20A5AD43-EC73-4C98-A85E-AE7A38C54A1E} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1241448 2021-10-13] (ASUSTeK Computer Inc. -> ASUS) Task: {A0D2769D-DF1D-4430-8C52-B7FBDEB3B3F6} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File) Task: {E0AAF51C-7EA8-4344-A5EF-F691BE5E2E3D} - System32\Tasks\CorelUpdateHelperTask-792D1BE475FAC919D03E3B8DABB8E780 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume (No File) Task: {4359194B-7C30-4721-96F3-293E05CA48BE} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\jm_fe\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15205744 2025-07-14] (ESET, spol. s r.o. -> ESET) Task: {A5425FD1-07AA-41D5-B749-663C9DBE8EBB} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\jm_fe\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15205744 2025-07-14] (ESET, spol. s r.o. -> ESET) Task: {8ACD29AF-2880-40A3-A830-89CEEB9C6423} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem140.0.7273.0{68CBC5AE-B786-4077-AB6F-A740CA6D1B31} => C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe [6836832 2025-07-02] (Google LLC -> Google LLC) Task: {C6103FC7-0CEF-4708-847C-C5B7843DBDB8} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem140.0.7273.2{9AC44E6C-7240-45FF-A0A5-C5C6075934BD} => C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.2\updater.exe [6836888 2025-08-02] (Google LLC -> Google LLC) Task: {71928643-7578-4288-9598-B6C70CA7D540} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe [9929128 2024-08-08] (ASUSTeK COMPUTER INC. -> ) Task: {20C7C32D-59B0-4A57-971B-8D371BDD0440} - System32\Tasks\Launch Adobe CCXProcess => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [194048 2025-05-21] (Adobe Inc. -> Adobe Inc.) Task: {0035B186-5C58-4E4C-92E1-80DF5674742F} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ActionsServer\ActionsServer.exe [11338608 2025-08-10] (Microsoft Corporation -> Microsoft Corporation) Task: {877EEDC5-21D6-443B-82AB-B116608F6A02} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28813720 2025-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {3971068C-5F63-4129-B37A-15B41D8C7399} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\opushutil.exe [61280 2025-08-10] (Microsoft Corporation -> Microsoft Corporation) Task: {A08C36DE-FD4C-429A-B77A-6AE30ED484A2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28813720 2025-08-02] (Microsoft Corporation -> Microsoft Corporation) Task: {5B459B0C-F65C-4C0D-A055-2A8829C756AF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222496 2025-08-10] (Microsoft Corporation -> Microsoft Corporation) Task: {E2AB4778-F54C-4C0F-A7C4-033E02B389F6} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222496 2025-08-10] (Microsoft Corporation -> Microsoft Corporation) Task: {C55CE586-C752-476D-A63D-AE66AA677821} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [67440 2025-08-10] (Microsoft Corporation -> Microsoft Corporation) Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File) Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File) Task: {753B9A7F-3EA0-4475-855E-990D9F0E45E9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File) Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe RebootDialog (No File) Task: {F324D2DB-C98E-4628-8554-14D0CEFED32B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File) Task: {73600366-ACA5-4913-9F82-619B14B37C79} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File) Task: {B76C81E6-C835-4440-B8DD-08A207E040CD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => %systemroot%\system32\MusNotification.exe Display (No File) Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) Task: {DB10CC9D-BFD1-44A9-9469-F6FDF0187F05} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe [1778240 2025-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1F87ABF4-10C0-4242-812E-3013B335F817} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe [1778240 2025-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {2202F51A-FC79-4150-B246-97B5504156D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe [1778240 2025-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7BCF656D-9008-41C5-BDCD-C0176DB976A2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe [1778240 2025-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {5B5D7EFF-A0A1-4D61-9F49-5ADCCBAF932D} - System32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA App.exe [3275808 2025-04-07] (NVIDIA Corporation -> NVIDIA Corporation) Task: {214398EB-FB7E-42E8-AB13-E742E85227EB} - System32\Tasks\OneDrive Startup Task-S-1-5-21-3041118385-2347716452-1599031468-1001 => C:\Users\jm_fe\AppData\Local\Microsoft\OneDrive\25.130.0706.0004\OneDriveLauncher.exe [685432 2025-08-09] (Microsoft Corporation -> Microsoft Corporation) Task: {D79BAF88-ACBE-4DE9-80AF-905FD7BFE414} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3041118385-2347716452-1599031468-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2024-11-22] (Microsoft Windows -> Microsoft Corporation) Task: {CA7298DD-8E8B-4C22-89EE-F105293E78AC} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1138320 2018-01-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) -> C:\Program Files (x86)\Samsung\Samsung Magician\\/AUTOHIDE Task: {2532C9D5-E915-4871-B40A-AC2BAA0FE291} - System32\Tasks\Sch_EloConfig => C:\Program Files\Elo Touch Solutions\EloConfig.exe [6832904 2023-06-23] (Elo Touch Solutions -> Elo Touch Solutions) Task: {71D76341-1C80-4832-A338-E1E1FF039819} - System32\Tasks\Sch_EloSerRptClient => C:\Program Files\Elo Touch Solutions\ServiceReporting\EloSerRptClient.exe [34056 2023-06-23] (Elo Touch Solutions -> ) Task: {9B4CD54E-C58A-48ED-8936-8B48EE6D6391} - System32\Tasks\SS3Svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe [1234432 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed] Task: {C6ED09EF-3F6D-45EA-ACC5-3A58B1FB7D97} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed] (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{371bccc1-74eb-48b3-9e50-a7f0fafb0fd6}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\jm_fe\AppData\Local\Microsoft\Edge\User Data\Default [2025-08-09] Edge HomePage: Default -> hxxp://prodigy.msn.com/es-mx/ Edge StartupUrls: Default -> "hxxp://www.google.com/" Edge Extension: (Google Docs Offline) - C:\Users\jm_fe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-06-03] Edge Extension: (Edge relevant text changes) - C:\Users\jm_fe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-26] Edge Extension: (polkadot{.js} extension) - C:\Users\jm_fe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mopnmbcafieddcagagdcbnhejhlodfdd [2025-07-16] Edge Extension: (MetaMask) - C:\Users\jm_fe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2025-07-17] FireFox: ======== FF DefaultProfile: itn2tfv0.default-1575043005124 FF ProfilePath: C:\Users\jm_fe\AppData\Roaming\Mozilla\Firefox\Profiles\itn2tfv0.default-1575043005124 [2022-08-30] FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi FF Extension: (Wondershare AllMyTube) - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi [2018-09-06] [Legacy] FF HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\Program Files (x86)\Wondershare\youtube-downloader\BrowserPlugin\kvallmytube@keepvid.com_xpi FF Extension: (KeepVid Pro) - C:\Program Files (x86)\Wondershare\youtube-downloader\BrowserPlugin\kvallmytube@keepvid.com_xpi [2020-12-31] [Legacy] FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-07-15] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2025-08-10] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-07-30] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-07-30] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-08-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2025-08-10] (Adobe Inc. -> Adobe Systems) FF Plugin HKU\S-1-5-21-3041118385-2347716452-1599031468-1001: www.mydlink.com/Uplayer -> C:\Users\jm_fe\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-LINK CORPORATION -> D-Link Corporation) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Default [2025-08-10] CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.tradingview.com CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Extension: (PureVPN Proxy - Best VPN for Chrome) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfidboloedlamgdmenmlbipfnccokknp [2025-07-15] CHR Extension: (Tampermonkey) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2025-03-04] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-07-17] CHR Extension: (ChatGPT) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejcfepkfckglbgocfkanmcdngdijcgld [2025-01-30] CHR Extension: (Documentos de Google sin conexión) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-07-16] CHR Extension: (polkadot{.js} extension) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mopnmbcafieddcagagdcbnhejhlodfdd [2025-08-09] CHR Extension: (MetaMask) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2025-07-17] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31] CHR Profile: C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Guest Profile [2025-06-23] CHR Profile: C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 1 [2025-07-14] CHR Notifications: Profile 1 -> hxxps://web.skype.com CHR StartupUrls: Profile 1 -> "hxxps://www.google.com.mx/" CHR Extension: (Torrent Scanner) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2024-01-10] CHR Extension: (PureVPN Proxy - Best VPN for Chrome) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfidboloedlamgdmenmlbipfnccokknp [2025-01-14] CHR Extension: (Tampermonkey) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2024-12-27] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-06-20] CHR Extension: (Documentos de Google sin conexión) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-06-06] CHR Extension: (Web Safety) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfhcmdonhekjhfbjmeacdjbhlfgpjabp [2024-11-05] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-23] CHR Profile: C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 4 [2025-07-12] CHR Extension: (Torrent Scanner) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2024-11-29] CHR Extension: (PureVPN Proxy - Best VPN for Chrome) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bfidboloedlamgdmenmlbipfnccokknp [2025-02-20] CHR Extension: (Tampermonkey) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2025-02-20] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-06-27] CHR Extension: (Documentos de Google sin conexión) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-06-27] CHR Extension: (Web Safety) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mfhcmdonhekjhfbjmeacdjbhlfgpjabp [2024-11-29] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-10-03] CHR Profile: C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 5 [2025-05-23] CHR Extension: (Torrent Scanner) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2024-09-12] CHR Extension: (PureVPN Proxy - Best VPN for Chrome) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bfidboloedlamgdmenmlbipfnccokknp [2025-02-06] CHR Extension: (Tampermonkey) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2025-02-06] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-05-23] CHR Extension: (Documentos de Google sin conexión) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-27] CHR Extension: (Web Safety) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\mfhcmdonhekjhfbjmeacdjbhlfgpjabp [2025-02-06] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-09-12] CHR Profile: C:\Users\jm_fe\AppData\Local\Google\Chrome\User Data\System Profile [2025-08-10] CHR HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] CHR HKU\S-1-5-21-3041118385-2347716452-1599031468-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb] CHR HKLM-x32\...\Chrome\Extension: [bfidboloedlamgdmenmlbipfnccokknp] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944040 2025-08-10] (Adobe Inc. -> Adobe Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.12\atkexComSvc.exe [457544 2022-02-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.25\AsSysCtrlService.exe [1360016 2019-04-03] (ASUSTeK Computer Inc. -> ) [File not signed] S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2021-12-29] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [181576 2021-12-29] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [158224 2021-12-29] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) S2 AsusROGLSLService; C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe [678256 2022-08-30] (ASUSTeK COMPUTER INC. -> ASUS) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [20276904 2025-03-12] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13283712 2025-08-02] (Microsoft Corporation -> Microsoft Corporation) R3 CorsairCpuIdService; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairCpuIdService.exe [304512 2025-08-09] (Corsair Memory, Inc. -> Corsair Memory, Inc.) R3 CorsairDeviceControlService; C:\Program Files\Corsair\Corsair Device Control Service\bin\CorsairDeviceControlService.exe [2527624 2025-05-19] (Corsair Memory, Inc. -> Corsair Memory, Inc.) S3 CorsairDeviceListerService; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairDeviceListerService.exe [176520 2025-08-09] (Corsair Memory, Inc. -> ) R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [627880 2025-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R2 CorsairService; C:\Program Files\Corsair\Corsair iCUE5 Software\clink\Corsair.Service.exe [84872 2025-08-09] (Corsair Memory, Inc. -> Corsair Memory, Inc.) S2 DCIService; C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe [3413424 2022-03-28] (Lavasoft Software Canada Inc. -> ) <==== ATTENTION S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4976976 2023-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd) S3 EAAntiCheatService; C:\Program Files\EA\AC\eaanticheat.gameservice.exe [100420000 2025-02-07] (Electronic Arts, Inc. -> Electronic Arts) S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [18917472 2025-05-23] (Electronic Arts, Inc. -> Electronic Arts) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2024-12-17] (EasyAntiCheat Oy -> Epic Games, Inc) S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [959216 2025-05-30] (EasyAntiCheat Oy -> Epic Games, Inc.) R2 EloService; C:\Program Files\Elo Touch Solutions\EloService.exe [35592 2023-06-23] (Elo Touch Solutions -> Elo Touch Solutions) S3 EpicGamesUpdater; E:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesUpdater.exe [3071392 2025-07-14] (Epic Games Inc. -> Epic Games, Inc.) S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-03] (Epic Games Inc. -> Epic Games, Inc.) R2 GameSDK Service; C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe [397544 2022-05-31] (ASUSTeK COMPUTER INC. -> ASUS Inc.) R3 iCUEDevicePluginHost; C:\Program Files\Corsair\Corsair iCUE5 Software\iCUEDevicePluginHost.exe [453512 2025-08-09] (Corsair Memory, Inc. -> Corsair Memory, Inc.) R3 iCUEUpdateService; C:\Program Files\Corsair\Corsair iCUE5 Software\iCUEUpdateService.exe [533384 2025-08-09] (Corsair Memory, Inc. -> Corsair Memory, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9591104 2025-07-16] (Malwarebytes Inc -> Malwarebytes) S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-07-16] (Malwarebytes Inc. -> Malwarebytes) R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpDefenderCoreService.exe [2050952 2025-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9d15b9aa9e1c885b\Display.NvContainer\NVDisplay.Container.exe [1275016 2025-03-15] (NVIDIA Corporation -> NVIDIA Corporation) R2 PureVPN Service; C:\Program Files (x86)\GZ Systems\PureVPN Service\Atom.SDK.WindowsService.exe [201720 2025-03-17] (GZ Systems Limited -> ) S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [7327208 2025-03-12] (Rockstar Games, Inc. -> Rockstar Games) R2 ROG Live Service; C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe [1665648 2023-07-25] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) R2 SaiDOutput; C:\Program Files\Logitech\DirectOutput\DirectOutputService.exe [231560 2018-09-04] (Logitech Inc -> Logitech) R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [28768 2017-11-10] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [918456 2025-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\NisSrv.exe [4517784 2025-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MsMpEng.exe [282464 2025-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare) S2 PureVPNService; "C:\Program Files (x86)\PureVPN\PureVPNService.exe" [X] S3 WsDrvInst; C:\ProgramData\Wondershare\AllMyTube\TransferProcess\Transfer\DriverInstall.exe [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-12-26] (ASUSTeK Computer Inc. -> ) S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2019-03-23] (ASUSTeK Computer Inc. -> ) R1 Asusgio2; C:\WINDOWS\system32\drivers\AsIO2.sys [34384 2021-10-21] (ASUSTeK Computer Inc. -> ) R1 Asusgio3; C:\WINDOWS\system32\drivers\AsIO3.sys [43168 2021-12-29] (ASUSTeK Computer Inc. -> ) R1 avpndriver; C:\WINDOWS\System32\drivers\avpndriver.sys [116760 2025-03-17] (GZ Systems Limited -> Windows (R) Win 7 DDK provider) R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [367096 2022-03-28] (Bitdefender SRL -> Bitdefender) S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [110592 2024-11-22] (Microsoft Corporation) [File not signed] R3 CorsairGamingAudioService; C:\WINDOWS\System32\drivers\CorsairGamingAudio64.sys [64680 2025-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R2 CorsairLLAccess8F050F5E415C1A5882EB9FF7CE2BC59B7BE3A953; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairLLAccess64.sys [23616 2025-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R2 CorsairLLAccessE5624B0A345A7E17A08498BFEDC2D42A7CBA71C2; C:\Program Files\Corsair\Corsair Device Control Service\bin\CorsairLLAccess64.sys [23632 2025-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47032 2025-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [22968 2025-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) R3 CpuCtl; C:\WINDOWS\System32\drivers\CpuCtl.sys [33120 2018-06-21] (DFI INC. -> DFI) S3 cpuz158; C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [44576 2025-04-05] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION S3 cpuz159; C:\WINDOWS\temp\cpuz159\cpuz159_x64.sys [44680 2025-06-19] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION R3 cpuz160; C:\WINDOWS\temp\cpuz160\cpuz160_x64.sys [44696 2025-08-10] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION R1 CTIAIO; C:\WINDOWS\system32\drivers\CtiAIo64.sys [32304 2022-06-06] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2023-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [63696 2023-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd) R3 duetbus; C:\WINDOWS\System32\drivers\duetbus.sys [32512 2018-04-27] (Duet, Inc. -> Duet, Inc.) S3 EloMtApr; C:\WINDOWS\system32\DRIVERS\EloMtApr.sys [255448 2023-06-23] (Microsoft Windows Hardware Compatibility Publisher -> Elo Touch Solutions) S3 EloMtUsb; C:\WINDOWS\System32\drivers\EloMtUsb.sys [249776 2023-06-23] (Microsoft Windows Hardware Compatibility Publisher -> Elo Touch Solutions) R0 EUDCPDC; C:\WINDOWS\System32\drivers\EUDCPDC.sys [77904 2023-05-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) R1 EUEDKDC; C:\WINDOWS\system32\drivers\EUEDKDC.sys [25200 2023-05-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) S1 GLCKIO2; C:\WINDOWS\system32\drivers\GLCKIO2.sys [19392 2018-04-23] (ASUSTeK Computer Inc. -> ) R3 I2CCTL; C:\WINDOWS\System32\drivers\I2CCTL.sys [39776 2018-06-21] (DFI INC. -> DFI) R3 IOCTL; C:\WINDOWS\System32\drivers\IOCTL.sys [33632 2018-06-21] (DFI INC. -> DFI) R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [54888 2024-05-14] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [332184 2025-08-09] (Microsoft Windows -> Microsoft Corporation) S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45168 2018-05-07] (Logitech Inc -> Logitech Inc.) S3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2019-05-11] (Logitech Inc -> Logitech) S3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2019-05-11] (Logitech Inc -> Logitech) R3 LPCSIO; C:\WINDOWS\System32\drivers\LPCSIO.sys [34144 2018-06-21] (DFI INC. -> DFI) R3 LSaiMini; C:\WINDOWS\System32\drivers\LSaiMini.sys [30840 2018-09-04] (WDKTestCert SYSTEM,131245371151827277 -> Logitech) R3 LSaiNtBus; C:\WINDOWS\system32\drivers\LSaiBus.sys [70456 2018-09-04] (WDKTestCert SYSTEM,131245371151827277 -> Logitech) R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234072 2025-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2025-07-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [242752 2025-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MEMCTL; C:\WINDOWS\System32\drivers\MEMCTL.sys [33120 2018-06-21] (DFI INC. -> DFI) R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [18496 2022-06-09] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd) S3 npusbio; C:\WINDOWS\System32\Drivers\npusbio_x64.sys [38400 2015-12-11] (NaturalPoint, Inc -> ) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-05-29] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-05-29] (MiniTool Solution Ltd -> ) S3 RtsUpx; C:\Windows\system32\drivers\RtsUpx.sys [30328 2018-01-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) S3 Said2215; C:\WINDOWS\System32\drivers\Said2215.sys [35472 2016-04-11] (Mad Catz Inc -> Saitek) S3 Saida215; C:\WINDOWS\System32\drivers\Saida215.sys [35472 2016-04-11] (Mad Catz Inc -> Saitek) S3 SaiG2215; C:\WINDOWS\System32\drivers\SaiG2215.sys [191632 2016-04-11] (Mad Catz Inc -> Saitek) S3 SaiGa215; C:\WINDOWS\System32\drivers\SaiGa215.sys [191632 2016-04-11] (Mad Catz Inc -> Saitek) S3 SaiK2215; C:\WINDOWS\system32\DRIVERS\SaiK2215.sys [191632 2016-04-11] (Mad Catz Inc -> Saitek) S3 SaiKa215; C:\WINDOWS\system32\DRIVERS\SaiKa215.sys [191632 2016-04-11] (Mad Catz Inc -> Saitek) R3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [33160 2016-04-11] (Mad Catz Europe Ltd -> Saitek) R3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [60936 2016-04-11] (Mad Catz Europe Ltd -> Saitek) R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [287360 2017-11-17] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [119424 2017-11-17] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [207344 2023-04-04] (Disc Soft Ltd -> Duplex Secure Ltd) R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [14224 2021-04-01] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2020-03-26] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [67448 2019-07-14] (On-site Dental Systems (Justin Shafer) -> Shaul Eizikovich) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20888 2025-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [627120 2025-08-09] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [101792 2025-08-09] (Microsoft Windows -> Microsoft Corporation) R3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [39112 2017-03-29] (Wondershare Technology Co.,Ltd -> Wondershare) S3 WSDPrintDevice; C:\WINDOWS\System32\DriverStore\FileRepository\wsdprint.inf_amd64_1f9e32519098c0b6\WSDPrint.sys [57344 2024-11-22] (Microsoft Windows -> Microsoft Corporation) S3 WSDScan; C:\WINDOWS\System32\DriverStore\FileRepository\sti.inf_amd64_971c769b103df369\WSDScan.sys [61440 2024-11-22] (Microsoft Windows -> Microsoft Corporation) S3 ace-game-0; \SystemRoot\System32\drivers\ace-game-0.sys [X] S3 ACE-SSC-DRV64; \??\C:\Program Files\AntiCheatExpert\SGuard\x64\plugins\ACE-SSC-DRV64.sys [X] S3 atvi-randgrid_msstore; \??\E:\Games\Call of Duty\Content\Randgrid.sys [X] S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2025-08-10 12:58 - 2025-08-10 12:59 - 000054711 _____ C:\Users\jm_fe\Downloads\FRST.txt 2025-08-10 12:55 - 2025-08-10 12:59 - 000000000 ____D C:\FRST 2025-08-10 12:54 - 2025-08-10 12:54 - 002409472 _____ (Farbar) C:\Users\jm_fe\Downloads\FRST64.exe 2025-08-09 23:41 - 2025-08-09 23:41 - 000001390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2025-08-09 23:36 - 2025-08-09 23:36 - 003180431 _____ C:\Users\jm_fe\Downloads\WithSecure_Research_WEEVILPROXY.pdf 2025-08-09 22:27 - 2025-08-09 22:27 - 000784678 _____ C:\WINDOWS\system32\perfh00A.dat 2025-08-09 22:27 - 2025-08-09 22:27 - 000161388 _____ C:\WINDOWS\system32\perfc00A.dat 2025-08-09 20:06 - 2025-08-09 23:38 - 000000000 ____D C:\WINDOWS\system32\DomainAuthHost 2025-08-09 16:07 - 2025-08-09 17:21 - 000000000 ____D C:\WINDOWS\CbsTemp 2025-08-09 15:52 - 2025-08-09 15:52 - 000034314 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json 2025-08-09 15:52 - 2025-08-09 15:52 - 000034314 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json 2025-08-09 13:18 - 2025-08-09 13:18 - 000000000 ____D C:\Users\jm_fe\AppData\Local\VS Revo Group 2025-08-09 13:17 - 2025-08-09 13:17 - 000001083 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2025-08-09 13:17 - 2025-08-09 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2025-08-09 13:17 - 2025-08-09 13:17 - 000000000 ____D C:\Program Files\VS Revo Group 2025-08-09 13:16 - 2025-08-09 13:16 - 011522368 _____ (VS Revo Group ) C:\Users\jm_fe\Downloads\revosetup.exe 2025-07-16 00:18 - 2025-08-10 13:00 - 000000000 ____D C:\Users\jm_fe\AppData\Local\Malwarebytes 2025-07-16 00:18 - 2025-07-16 00:18 - 000002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2025-07-16 00:18 - 2025-07-16 00:18 - 000002085 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2025-07-16 00:17 - 2025-07-16 00:17 - 002827496 _____ (Malwarebytes) C:\Users\jm_fe\Downloads\MBSetup.exe 2025-07-16 00:17 - 2025-07-16 00:17 - 000000000 ____D C:\ProgramData\Malwarebytes 2025-07-16 00:17 - 2025-07-16 00:17 - 000000000 ____D C:\Program Files\Malwarebytes 2025-07-15 18:19 - 2025-07-15 18:19 - 000120451 _____ C:\Users\jm_fe\Desktop\DeclaracionDatosNacimientos.pdf 2025-07-15 11:51 - 2025-07-15 11:51 - 000439917 _____ C:\Users\jm_fe\Downloads\ACTA Nacimiento Ber.pdf 2025-07-15 11:51 - 2025-07-15 11:51 - 000437332 _____ C:\Users\jm_fe\Downloads\ACTA Nacimiento Nico.pdf 2025-07-14 06:18 - 2025-08-09 08:24 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn 2025-07-14 06:18 - 2025-08-09 08:24 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime 2025-07-14 06:14 - 2025-07-14 06:14 - 000007078 ____C C:\Users\jm_fe\Desktop\scan1.txt 2025-07-13 22:19 - 2025-07-15 14:45 - 000001280 ____C C:\Users\jm_fe\Desktop\ESET Online Scanner.lnk 2025-07-13 22:18 - 2025-07-13 22:18 - 008412528 _____ (ESET) C:\Users\jm_fe\Downloads\esetonlinescanner (2).exe 2025-07-13 22:18 - 2025-07-13 22:18 - 000000000 ____D C:\Users\jm_fe\AppData\Local\ESET ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2025-08-10 13:00 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SystemTemp 2025-08-10 12:58 - 2024-04-01 01:26 - 000000000 ___HD C:\Program Files\WindowsApps 2025-08-10 12:58 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\AppReadiness 2025-08-10 12:57 - 2018-01-16 13:45 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2025-08-10 12:56 - 2024-11-21 22:42 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{59980B56-670E-42A9-9BEA-BB0152E4603D} 2025-08-10 12:50 - 2024-11-21 22:42 - 000003158 _____ C:\WINDOWS\system32\Tasks\GPU Tweak III 2025-08-10 12:49 - 2024-11-21 22:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2025-08-10 12:49 - 2024-11-21 22:39 - 000025696 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2 2025-08-10 12:49 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\ServiceState 2025-08-10 12:49 - 2024-04-01 01:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2025-08-10 12:49 - 2021-09-10 15:40 - 000000000 ____D C:\ProgramData\Elo Touch Solutions 2025-08-10 12:49 - 2020-09-14 22:27 - 000012288 ___SH C:\DumpStack.log.tmp 2025-08-10 12:49 - 2020-04-05 21:50 - 000000000 ___DC C:\Users\jm_fe\Documents\Assassin's Creed Unity 2025-08-10 12:49 - 2018-01-16 06:33 - 000000000 ____D C:\ProgramData\NVIDIA 2025-08-10 12:49 - 2018-01-16 00:54 - 000000000 ___DC C:\Users\jm_fe\AppData\Local\CrashDumps 2025-08-09 23:56 - 2024-04-01 01:21 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2025-08-09 23:41 - 2021-10-12 13:14 - 000000000 ____D C:\Program Files\Adobe 2025-08-09 23:41 - 2018-09-18 00:52 - 000000000 ____D C:\Program Files\Common Files\Adobe 2025-08-09 23:41 - 2018-01-17 16:01 - 000000000 ____D C:\Program Files (x86)\Adobe 2025-08-09 23:41 - 2018-01-16 06:23 - 000000000 ___DC C:\Users\jm_fe\AppData\Roaming\Adobe 2025-08-09 23:28 - 2024-04-01 01:24 - 000000000 ____D C:\WINDOWS\INF 2025-08-09 23:28 - 2018-06-01 19:51 - 000000000 ___DC C:\Users\jm_fe\AppData\Local\D3DSCache 2025-08-09 22:27 - 2024-11-21 22:38 - 001773660 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2025-08-09 22:26 - 2024-11-21 22:37 - 000576032 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2025-08-09 22:24 - 2024-11-21 21:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\es-MX 2025-08-09 22:24 - 2024-04-01 02:03 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ___SD C:\WINDOWS\system32\F12 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\UUS 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SystemResources 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\oobe 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\migwiz 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\es-MX 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\Dism 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\DDFs 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\appraiser 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\ShellExperiences 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\ShellComponents 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\Provisioning 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\bcastdvr 2025-08-09 22:24 - 2024-04-01 01:26 - 000000000 ____D C:\Program Files\Common Files\System 2025-08-09 22:24 - 2024-04-01 01:21 - 000000000 ____D C:\WINDOWS\servicing 2025-08-09 22:23 - 2024-11-21 22:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2025-08-09 21:07 - 2018-07-07 19:34 - 000000000 ____D C:\ProgramData\Packages 2025-08-09 21:07 - 2018-01-16 06:23 - 000000000 ___DC C:\Users\jm_fe\AppData\Local\Packages 2025-08-09 15:52 - 2024-11-21 22:38 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2025-08-09 14:20 - 2025-02-06 11:25 - 000003576 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-3041118385-2347716452-1599031468-1001 2025-08-09 14:20 - 2024-11-21 22:42 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3041118385-2347716452-1599031468-1001 2025-08-09 14:20 - 2024-11-21 22:42 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3041118385-2347716452-1599031468-1001 2025-08-09 14:20 - 2020-09-14 22:29 - 000002387 ____C C:\Users\jm_fe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2025-08-09 14:20 - 2018-08-30 19:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group 2025-08-09 14:20 - 2018-08-30 19:56 - 000000000 ____D C:\Program Files\Chaos Group 2025-08-09 14:19 - 2018-08-30 19:55 - 000000000 ____D C:\Program Files\Common Files\ChaosGroup 2025-08-09 14:19 - 2018-08-30 19:17 - 000000000 ____D C:\ProgramData\Autodesk 2025-08-09 14:18 - 2024-11-21 21:44 - 000000000 ____D C:\Users\jm_fe 2025-08-09 13:55 - 2018-01-16 23:18 - 000000000 ____D C:\Program Files\Bonjour 2025-08-09 13:55 - 2018-01-16 23:18 - 000000000 ____D C:\Program Files (x86)\Bonjour 2025-08-09 13:49 - 2018-08-30 19:20 - 000000000 ___DC C:\Users\jm_fe\AppData\Local\Autodesk 2025-08-09 13:38 - 2018-08-30 19:19 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared 2025-08-09 13:37 - 2024-04-01 01:26 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files 2025-08-09 13:37 - 2018-08-30 19:17 - 000000000 ___DC C:\Users\jm_fe\AppData\Roaming\Autodesk 2025-08-09 09:35 - 2018-09-14 19:58 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2025-08-09 09:21 - 2024-11-21 22:42 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2025-08-09 09:21 - 2018-03-01 05:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2025-08-09 09:20 - 2024-01-10 18:01 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2025-08-09 09:01 - 2025-02-27 13:22 - 000000000 ____D C:\Program Files\Corsair 2025-08-09 09:01 - 2018-01-16 09:46 - 000000000 ____D C:\ProgramData\Package Cache 2025-08-09 08:50 - 2025-06-02 09:23 - 000000000 ____D C:\Users\jm_fe\AppData\Roaming\Mine-imator 2025-08-09 08:38 - 2020-09-18 23:32 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2025-08-09 08:37 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\NDF 2025-08-09 08:31 - 2024-11-21 22:42 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2025-08-09 08:31 - 2024-11-21 22:42 - 000003410 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2025-08-09 08:24 - 2022-08-01 08:55 - 000001386 ____C C:\Users\jm_fe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2025-08-09 08:22 - 2022-08-30 21:58 - 001114592 _____ C:\WINDOWS\ntbtlog.txt 2025-08-09 08:20 - 2018-12-02 23:44 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2025-08-08 17:02 - 2018-06-12 16:37 - 000000000 ___DC C:\Users\jm_fe\AppData\Local\ElevatedDiagnostics 2025-07-16 19:13 - 2024-12-26 11:23 - 000000000 ____D C:\Users\jm_fe\AppData\Roaming\EasyAntiCheat 2025-07-16 18:56 - 2018-01-16 06:34 - 000000000 ____D C:\WINDOWS\system32\MRT 2025-07-16 18:53 - 2018-01-16 06:34 - 216824056 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2025-07-16 18:24 - 2023-04-17 22:08 - 000000000 ____D C:\Program Files (x86)\Epubor 2025-07-16 00:18 - 2024-04-01 01:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2025-07-15 18:20 - 2018-12-20 13:40 - 000000000 ___DC C:\Users\jm_fe\AppData\LocalLow\Temp 2025-07-14 00:00 - 2018-01-16 12:55 - 000000000 ___DC C:\Users\jm_fe\AppData\Roaming\uTorrent 2025-07-13 23:04 - 2018-09-14 09:41 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware ==================== Files in the root of some directories ======== 2019-03-27 19:23 - 2021-05-26 11:48 - 000000033 _____ () C:\Users\jm_fe\AppData\Roaming\AdobeWLCMCache.dat 2022-11-05 23:38 - 2022-11-05 23:38 - 000000291 _____ () C:\Users\jm_fe\AppData\Local\ledConfiguration.config 2022-11-05 23:38 - 2022-11-05 23:43 - 000000732 _____ () C:\Users\jm_fe\AppData\Local\NvidiaLEDVisualizer.config 2018-09-30 20:24 - 2022-08-29 17:25 - 000000205 ____C () C:\Users\jm_fe\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================