[SOLVED] Having issues with my pc

[Carlosh]

I gonna link my other post to short this out.
Problems with the svchost.exe and iassdo.dll.mui
Here I having multiple issues, but before taking other steps I decide to clear infections on my computer first, I try Malwarebytes, RogueKiller, SuperAntiSpyware and ESET this last one failing on install.
Want to get rid of a trojan, TR/Black.Gen2, so far no method could help to remove it and just I was told to use the Farbar recovery Scan tool and follow the instructions for Malware removal.
===========================================================================================================================

This is the result of FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021
Ran by Carlos Luna (administrator) on 1989AH (ASUS All Series) (25-10-2021 20:29:33)
Running from C:\Users\Carlos Luna\Desktop
Loaded Profiles: Carlos Luna
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <3>
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Opera Software AS -> Opera Software) C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\80.0.4170.48\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\opera.exe <14>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech -> Logitech Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\Run: [Opera GX Browser Assistant] => C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\MountPoints2: {7776be3f-f783-11e4-b3bf-ab6770d31304} - E:\Startme.exe
HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\MountPoints2: {c02e2f6e-805e-11e6-9b0c-d850e63c46b2} - E:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\MountPoints2: {c2d0008f-546d-11e8-b0dd-0014d1237121} - F:\startme.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C9A5565-C85D-4309-810F-9B2EF6D93455} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Carlos Luna\Downloads\esetonlinescanner_esn.exe
Task: {1156D15A-AAE6-4EE4-A768-C21AF23191D3} - System32\Tasks\{9F4A8BFD-E17F-4A42-B4EE-55FD2C147405} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carlos Luna\AppData\Roaming\Nox\bin\Nox_unload.exe"
Task: {1ADD0762-CC79-45E7-B15D-17E123E1BE18} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2206488 2016-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {427624A0-6125-446F-84D9-BC6C71027E47} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2225952 2016-08-15] (Microsoft Corporation -> Microsoft)
Task: {42C14FFF-1A1E-4EF8-BF4F-7EE79A01CFD2} - System32\Tasks\Opera GX scheduled Autoupdate 1634241479 => C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\launcher.exe [3963600 2021-10-14] (Opera Software AS -> Opera Software)
Task: {4580E52B-91EE-42B5-9363-56BABDA2AFFC} - System32\Tasks\CorelUpdateHelperTask-F299A6B575097899476390FCD7D79BE3 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe
Task: {45A4D6E9-3EB8-4039-87C0-8EDD5A1CDC23} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1634663272 => C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\launcher.exe [3963600 2021-10-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {4D109734-C672-4DAB-8E1C-0848709181B8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2305226654-651215044-733858041-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {52482CF5-BDD9-49A4-94A9-43C7A412C125} - System32\Tasks\{CB3E5831-270F-443A-894C-A54F005941DE} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carlos Luna\Downloads\setup-gtarcade-601b27db75125.exe" -d "C:\Users\Carlos Luna\Downloads"
Task: {5918D14A-68E3-4CFE-B21E-E1748D153440} - System32\Tasks\AdobeAAMUpdater-1.0-CarlosLuna-PC-Carlos Luna => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {61AA0E70-25B1-4153-A33F-B19B7AC78098} - System32\Tasks\{0C2E49FB-E0FA-4939-849F-2F5A476D0F82} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carlos Luna\Downloads\coreaacSetup.exe" -d "C:\Users\Carlos Luna\Downloads"
Task: {62A6C492-DB90-48A0-8729-0E9EE4C6AA60} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {671E9D4A-C29E-4F2E-B2B6-E844B48D0215} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6A162083-B862-49A1-BAAD-73716A32E6AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2021-02-03] (Adobe Inc. -> Adobe)
Task: {6D10DDD6-E35A-4909-8989-1D5F095840CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [4624152 2014-06-24] (Piriform Ltd -> Piriform Ltd)
Task: {6FC4D6E7-AEFA-40A9-9BB7-93CA381DA6F7} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2021-09-21] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {93D89636-DEDB-4163-B18A-E7AA18E71A78} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe
Task: {A30BC2CE-E5F3-4757-A4D2-75EAD5A8EE1A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_pepper.exe [1452600 2019-04-13] (Adobe Inc. -> Adobe)
Task: {A3B005D3-E9D2-481C-8F83-C314EFE5F8A2} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1665312 2016-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B07B46E1-E12B-40BE-98B3-19CE5A3F4679} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2305226654-651215044-733858041-1000 => C:\Users\Carlos Luna\AppData\Local\MEGAsync\MEGAupdater.exe
Task: {B2EB5EF7-7A9A-498A-81EF-00A8AEEC7F30} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2021-02-03] (Adobe Inc. -> Adobe)
Task: {BD5159BA-C4CA-4CEC-A03A-8757F4788891} - System32\Tasks\{9AC3D973-ABA9-417C-BFEC-58F9A2E0316A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{7F7E4FA7-6F32-4DE2-917E-361E034AED7A}\setup.exe" -c -runfromtemp -l0x0409
Task: {CFE7C1EB-6D01-4C36-9CBB-4299E628064A} - System32\Tasks\{FB630E37-2B8D-498A-AF0C-D1E8035CCC9A} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carlos Luna\Downloads\remix-os-player-1-0-108.exe" -d "C:\Users\Carlos Luna\Downloads"
Task: {D0087371-BA7B-40D8-B082-1AA679E01EE7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2206488 2016-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {D0C532E0-D1C5-4939-9A5D-20C1E65CEBAA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1665312 2016-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {D685ED40-7570-4DD0-8D05-E36B8F49EF67} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {DD67DAB7-77D5-429A-A54E-4723DD7E316D} - System32\Tasks\{8BA74D91-FA29-419D-858B-36DC14E276AD} => C:\Windows\system32\pcalua.exe -a "F:\AutoPlay\Docs\Extras\Game Tools\DOSBox 0.63\DOSBox0.63-win32-installer.exe" -d "F:\AutoPlay\Docs\Extras\Game Tools\DOSBox 0.63"
Task: {E7C96D1D-73AE-4ED4-ACCB-72AAE2A699BB} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Carlos Luna\Downloads\esetonlinescanner_esn.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

IPSecPolicy: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{54a8fc58-9b91-49c0-9f77-0893a0c1aae3} <==== ATTENTION (Restriction - IP)
Tcpip\Parameters: [DhcpNameServer] 200.48.225.146 200.48.225.130
Tcpip\..\Interfaces\{4F611090-1E2A-4C0B-B218-CB68014871BD}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{577DA66F-E0C5-4726-8D88-1A73332085A9}: [DhcpNameServer] 200.48.225.146 200.48.225.130
Tcpip\..\Interfaces\{8D58557D-1DB6-4DD8-B77E-9A6F9972990A}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A27F8B15-26C0-4909-9700-9719E16C3A24}: [DhcpNameServer] 200.48.225.130 200.48.225.146
Tcpip\..\Interfaces\{B67BBEAF-70C7-4ED9-ADCE-DAC65DF532A9}: [DhcpNameServer] 200.48.225.146 200.48.225.130
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,26.0.0.1,9256]

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2021-02-03] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2021-02-03] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2305226654-651215044-733858041-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Carlos Luna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-05] (Unity Technologies SF -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2305226654-651215044-733858041-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc]
CHR HKLM-x32\...\Chrome\Extension: [mcegpkkjabjeiddmpmgbmjlmiebfiofd]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo]

Opera:
=======
OPR Profile: C:\Users\Carlos Luna\AppData\Roaming\Opera Software\Opera Stable [2021-10-14]
OPR DefaultSuggestURL: Opera Stable -> hxxps//www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Carlos Luna\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-09-29]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Carlos Luna\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-09-28]
StartMenuInternet: (HKU\S-1-5-21-2305226654-651215044-733858041-1000) Opera GXStable - "C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"Ms3D569C04App" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\Ms3D569C04App => C:\Windows\System32\Ms3D569C04App.dll <==== ATTENTION (Rootkit!/Locked Service)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2019-03-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [9473408 2021-01-18] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] (ASUSTeK Computer Inc. -> )
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-09-22] (Disc Soft Ltd -> Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169424 2021-08-06] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [123472 2021-08-06] (ESET, spol. s r.o. -> ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [194776 2021-08-06] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43904 2021-08-06] (ESET, spol. s r.o. -> ESET)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech -> Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech -> Logitech Inc.)
S4 mhyprot2; C:\Users\Carlos Luna\AppData\Local\Temp\mhyprot2.sys [1349408 2021-08-23] (miHoYo Co.,Ltd. -> ) <==== ATTENTION
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Semiconductor Corp -> Realtek Corporation)
S3 RvNetMP60; C:\Windows\System32\DRIVERS\RvNetMP60.sys [69048 2018-12-25] (Famatech Corp. -> Famatech Corp.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2017-08-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2016-12-03] (Duodian Online Technology Co. Ltd. -> BigNox Corporation)
S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]
S2 BlueStacksDrv; \??\C:\Program Files\BlueStacks\BstkDrv_bgp.sys [X]
S1 epfw; system32\DRIVERS\epfw.sys [X]
S1 epfwwfp; system32\DRIVERS\epfwwfp.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Carlos Luna\AppData\Local\Temp\tmpE675.tmp [X] <==== ATTENTION
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S1 YSDrv; \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: Ms3D569C04App -> no filepath.

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-25 20:29 - 2021-10-25 20:32 - 000021753 _____ C:\Users\Carlos Luna\Desktop\FRST.txt
2021-10-25 20:29 - 2021-10-25 20:31 - 000000000 ____D C:\FRST
2021-10-25 19:16 - 2021-10-25 19:17 - 002310656 _____ (Farbar) C:\Users\Carlos Luna\Desktop\FRST64.exe
2021-10-24 19:45 - 2021-10-24 19:48 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\niemiro
2021-10-24 01:54 - 2021-10-24 01:54 - 002316112 _____ (niemiro) C:\Users\Carlos Luna\Desktop\SFCFix.exe
2021-10-24 01:20 - 2021-10-24 01:20 - 010228313 _____ (Macrovision Corporation) C:\Users\Carlos Luna\Downloads\asmwsoftpcoptimizersetup.exe
2021-10-24 01:04 - 2021-10-24 01:05 - 000000000 ____D C:\Users\Carlos Luna\Downloads\Windupdate
2021-10-24 00:28 - 2021-10-24 00:28 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\ElevatedDiagnostics
2021-10-24 00:11 - 2021-10-24 00:11 - 003298367 _____ C:\Users\Carlos Luna\Downloads\Windows6.1-KB3050265-x64.msu
2021-10-23 23:01 - 2021-10-23 23:02 - 000000000 ____D C:\Program Files\TEST
2021-10-23 21:43 - 2021-10-23 21:43 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\EOSUserHelper
2021-10-23 21:42 - 2021-10-23 21:42 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\Epic Games
2021-10-23 21:30 - 2021-10-23 21:30 - 000000000 ____D C:\Users\Default\AppData\Local\Epic Games
2021-10-21 20:11 - 2021-10-21 20:19 - 000000000 ____D C:\Users\Carlos Luna\Downloads\backups
2021-10-21 18:01 - 2021-10-21 18:01 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\CEF
2021-10-20 22:52 - 2021-10-20 22:53 - 000388608 _____ (Trend Micro Inc.) C:\Users\Carlos Luna\Downloads\HijackThis.exe
2021-10-19 12:08 - 2021-10-19 12:08 - 000004352 _____ C:\Windows\system32\Tasks\Opera GX scheduled assistant Autoupdate 1634663272
2021-10-19 05:27 - 2021-10-19 05:27 - 000284408 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2021-10-19 05:25 - 2021-10-19 05:25 - 000246952 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2021-10-19 02:18 - 2021-10-19 02:18 - 000057449 _____ C:\Windows\system32\NOTICE_mod
2021-10-18 22:48 - 2021-10-18 22:48 - 000909824 _____ (Farbar) C:\Users\Carlos Luna\Downloads\FSS.exe
2021-10-18 22:47 - 2021-10-18 22:48 - 201686784 _____ (SUPERAntiSpyware) C:\Users\Carlos Luna\Downloads\SUPERAntiSpyware.exe
2021-10-18 22:04 - 2021-10-21 19:46 - 000191832 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2021-10-17 02:19 - 2021-10-17 02:19 - 000000000 ____D C:\ProgramData\Emsisoft
2021-10-17 00:57 - 2021-10-17 00:57 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Carlos Luna\Downloads\rkill.exe
2021-10-14 14:58 - 2021-10-19 12:08 - 000004100 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1634241479
2021-10-14 14:58 - 2021-10-14 14:58 - 000001437 _____ C:\Users\Carlos Luna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser.lnk
2021-10-13 21:05 - 2021-10-13 21:06 - 000000083 _____ C:\Users\Carlos Luna\Documents\lista cosas.txt
2021-10-12 02:37 - 2021-10-12 02:37 - 000001085 _____ C:\Users\Carlos Luna\Desktop\Windows Media Player.lnk
2021-10-11 02:36 - 2021-10-11 02:36 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2021-10-11 02:35 - 2021-10-11 02:35 - 000000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2021-10-08 16:24 - 2021-10-08 16:24 - 000000000 ____D C:\.android
2021-10-08 04:10 - 2021-10-08 04:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 2.3
2021-10-08 04:10 - 2021-10-08 04:10 - 000000000 ____D C:\Program Files (x86)\Project64 3.0
2021-09-27 15:15 - 2021-09-27 20:37 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\GUI
2021-09-26 13:30 - 2021-10-25 18:34 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2021-09-26 13:30 - 2021-09-27 18:10 - 000000000 ____D C:\Program Files\BlueStacks_nxt
2021-09-26 13:26 - 2021-09-26 13:26 - 001168608 _____ (BlueStack Systems Inc.) C:\Users\Carlos Luna\Downloads\BlueStacksMicroInstaller_5.3.70.1004_native.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-25 20:23 - 2018-08-09 13:33 - 000000000 ____D C:\Users\Carlos Luna\Documents\Carlos
2021-10-25 19:58 - 2014-04-11 01:54 - 000000000 ____D C:\Users\Carlos Luna\Documents\My Games
2021-10-25 16:31 - 2020-10-21 01:14 - 000000000 ____D C:\Program Files\Genshin Impact
2021-10-25 13:18 - 2009-07-13 23:45 - 000023936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-10-25 13:18 - 2009-07-13 23:45 - 000023936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-10-25 13:13 - 2015-04-19 18:58 - 000007632 _____ C:\Users\Carlos Luna\AppData\Local\Resmon.ResmonCfg
2021-10-25 13:10 - 2020-07-17 23:22 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-25 13:10 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-10-24 22:18 - 2017-05-05 20:31 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\discord
2021-10-24 21:45 - 2017-05-05 20:30 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\Discord
2021-10-24 00:28 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2021-10-23 21:27 - 2014-06-22 19:37 - 000000000 ____D C:\Program Files (x86)\Steam
2021-10-23 02:22 - 2021-08-02 01:56 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\vlc
2021-10-21 19:47 - 2020-03-13 03:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-10-21 19:47 - 2014-05-10 22:18 - 000000000 ____D C:\Program Files\Java
2021-10-21 02:15 - 2014-03-12 19:32 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\Adobe
2021-10-21 02:04 - 2021-03-11 21:40 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\Opera Software
2021-10-21 01:54 - 2014-07-04 16:56 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\Adobe
2021-10-21 01:46 - 2015-10-24 19:03 - 000000000 ____D C:\Users\Carlos Luna\Downloads\Series
2021-10-20 23:09 - 2014-04-19 03:42 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-10-20 16:10 - 2009-01-01 01:05 - 000000000 ___RD C:\Program Files (x86)\ASUS
2021-10-19 20:16 - 2020-03-22 18:03 - 000689126 _____ C:\Windows\system32\perfh007.dat
2021-10-19 20:16 - 2020-03-22 18:03 - 000149098 _____ C:\Windows\system32\perfc007.dat
2021-10-19 20:16 - 2014-03-12 20:39 - 000745504 _____ C:\Windows\system32\perfh00A.dat
2021-10-19 20:16 - 2014-03-12 20:39 - 000158582 _____ C:\Windows\system32\perfc00A.dat
2021-10-19 20:16 - 2009-07-14 00:13 - 002514704 _____ C:\Windows\system32\PerfStringBackup.INI
2021-10-19 20:16 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2021-10-19 05:17 - 2009-01-01 00:26 - 000154328 _____ C:\Users\Carlos Luna\AppData\Local\GDIPFONTCACHEV1.DAT
2021-10-19 02:57 - 2009-07-13 23:45 - 005165616 _____ C:\Windows\system32\FNTCACHE.DAT
2021-10-19 02:10 - 2014-11-29 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2021-10-19 02:10 - 2014-11-29 20:43 - 000000000 ____D C:\Program Files\CPUID
2021-10-19 02:07 - 2016-06-08 15:04 - 000000000 ____D C:\Program Files (x86)\Minecraft
2021-10-19 02:06 - 2014-04-19 03:17 - 000000000 ____D C:\ProgramData\Adobe
2021-10-19 02:03 - 2015-02-16 14:11 - 000000000 ____D C:\Program Files (x86)\Java
2021-10-18 22:24 - 2019-02-06 20:46 - 000000000 ____D C:\Windows\system32\DAX2
2021-10-18 22:23 - 2021-05-01 02:22 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2021-10-18 22:05 - 2015-10-24 19:03 - 000000000 ____D C:\Users\Carlos Luna\Downloads\Archives
2021-10-18 22:02 - 2014-03-12 20:50 - 000000000 ____D C:\Windows\system32\Tasks\Games
2021-10-18 21:56 - 2016-06-08 15:05 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\.minecraft
2021-10-18 14:41 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2021-10-14 14:56 - 2016-01-14 23:46 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\Opera Software
2021-10-12 00:06 - 2009-01-01 03:16 - 000000000 ____D C:\Windows\Panther
2021-10-11 11:12 - 2016-04-14 00:33 - 000000000 ____D C:\Windows\pss
2021-10-11 02:35 - 2009-07-14 02:45 - 000000000 ___RD C:\Users\Public\Recorded TV
2021-10-11 02:14 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-10-10 23:03 - 2021-08-30 00:49 - 000000995 _____ C:\Users\Carlos Luna\Desktop\Genshin Impact.lnk
2021-10-10 23:03 - 2020-10-21 01:14 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\miHoYo
2021-10-10 23:03 - 2020-10-21 01:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genshin Impact
2021-10-10 13:31 - 2014-03-12 20:50 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2021-10-10 01:13 - 2009-07-14 00:08 - 000032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2021-10-08 16:24 - 2014-07-08 15:40 - 000000000 ____D C:\ProgramData\Apple
2021-10-08 03:55 - 2015-01-14 14:34 - 000000000 ____D C:\Users\Carlos Luna\Downloads\Zips
2021-10-03 02:51 - 2014-05-07 05:49 - 000000000 ____D C:\Users\Carlos Luna\AppData\LocalLow\Temp
2021-09-28 18:42 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2021-09-28 16:28 - 2019-12-06 23:13 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\FeePerfect
2021-09-27 20:58 - 2014-04-19 03:41 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-09-27 20:57 - 2014-04-19 03:42 - 000000000 ____D C:\Program Files\Adobe
2021-09-27 18:10 - 2021-06-26 13:48 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\BlueStacksSetup
2021-09-27 15:13 - 2009-01-01 00:23 - 000000000 ____D C:\Users\Carlos Luna
2021-09-27 12:25 - 2020-07-11 11:53 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\Bluestacks
2021-09-26 13:32 - 2021-08-06 18:53 - 000001987 _____ C:\Users\Public\Desktop\BlueStacks 5.lnk
2021-09-26 13:32 - 2021-06-26 13:51 - 000003856 _____ C:\Windows\system32\Tasks\BlueStacksHelper_nxt
2021-09-26 13:32 - 2021-06-26 13:51 - 000002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5 Multi-Instance Manager.lnk
2021-09-26 13:32 - 2021-06-26 13:51 - 000002135 _____ C:\Users\Public\Desktop\BlueStacks 5 Multi-Instance Manager.lnk
2021-09-26 13:32 - 2021-06-26 13:51 - 000001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk
2021-09-26 13:27 - 2019-09-23 03:35 - 000000000 ____D C:\Users\Public\BlueStacks
2021-09-26 01:50 - 2009-07-13 18:34 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\sens.dll
2021-09-25 14:50 - 2020-07-05 13:08 - 000000000 ____D C:\Users\Carlos Luna\Documents\SANGRE DORADA

==================== Files in the root of some directories ========

2014-10-07 03:30 - 2016-03-28 23:20 - 000000132 _____ () C:\Users\Carlos Luna\AppData\Roaming\Prefs. de formato OpenEXR de Adobe CS6
2014-08-07 03:52 - 2021-05-01 23:27 - 000000132 _____ () C:\Users\Carlos Luna\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2016-02-15 18:17 - 2017-09-18 11:15 - 002447075 _____ () C:\Users\Carlos Luna\AppData\Roaming\PS13_panel.log
2020-06-26 00:10 - 2020-06-26 00:10 - 000000045 _____ () C:\Users\Carlos Luna\AppData\Roaming\WB.CFG
2016-08-03 21:50 - 2017-09-17 09:56 - 000001456 _____ () C:\Users\Carlos Luna\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2021-01-10 12:03 - 2021-01-10 12:04 - 000000774 _____ () C:\Users\Carlos Luna\AppData\Local\install_info.txt
2015-08-07 11:17 - 2015-08-07 11:17 - 013545694 _____ () C:\Users\Carlos Luna\AppData\Local\package.nw.new
2018-08-31 01:09 - 2018-12-29 02:20 - 000000600 _____ () C:\Users\Carlos Luna\AppData\Local\PUTTY.RND
2015-04-19 18:58 - 2021-10-25 13:13 - 000007632 _____ () C:\Users\Carlos Luna\AppData\Local\Resmon.ResmonCfg
2019-10-18 02:55 - 2020-07-25 01:51 - 000000077 _____ () C:\Users\Carlos Luna\AppData\Local\update_progress.txt
2019-12-06 23:13 - 2019-12-06 23:13 - 000017408 _____ () C:\Users\Carlos Luna\AppData\Local\WebpageIcons.db
2018-06-21 16:19 - 2018-06-21 16:19 - 000000000 _____ () C:\Users\Carlos Luna\AppData\Local\{A194310A-E09D-4DA5-9E3E-1171E9EEAB3E}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-10-25 16:06
==================== End of FRST.txt ========================

 

[Carlosh]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by Carlos Luna (25-10-2021 20:34:14)
Running from C:\Users\Carlos Luna\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X64) (2009-01-01 05:23:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2305226654-651215044-733858041-500 - Administrator - Disabled)
Carlos Luna (S-1-5-21-2305226654-651215044-733858041-1000 - Administrator - Enabled) => C:\Users\Carlos Luna
Guest (S-1-5-21-2305226654-651215044-733858041-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2305226654-651215044-733858041-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 3.9.6 - Mirillis)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.465 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.171 - Adobe)
Autodesk Maya 2015 SP2 (HKLM\...\Autodesk Maya 2015 SP2) (Version: 15.2.1633.0 - Autodesk)
Autodesk Maya 2016 SP1 (HKLM\...\Autodesk Maya 2016 SP1) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP2 (HKLM\...\Autodesk Maya 2016 SP2) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP3 (HKLM\...\Autodesk Maya 2016 SP3) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP3P02 (HKLM\...\Autodesk Maya 2016 SP3P02) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP4 (HKLM\...\Autodesk Maya 2016 SP4) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP4P04 (HKLM\...\Autodesk Maya 2016 SP4P04) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP4P05 (HKLM\...\Autodesk Maya 2016 SP4P05) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP5 (HKLM\...\Autodesk Maya 2016 SP5) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP5P06 (HKLM\...\Autodesk Maya 2016 SP5P06) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP5P07 (HKLM\...\Autodesk Maya 2016 SP5P07) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP5P08 (HKLM\...\Autodesk Maya 2016 SP5P08) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP6 (HKLM\...\Autodesk Maya 2016 SP6) (Version: 16.6.2775.0 - Autodesk)
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.3.70.1004 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Corel Update Manager (HKLM\...\{9E1EE683-0C7B-46E7-83EC-1F5A1D8F2296}) (Version: 2.9.389 - Corel corporation) Hidden
CorelDRAW Graphics Suite 2017 - IPM (x64) (HKLM\...\{904B10A6-0D9C-4645-9C61-504FA92B9220}) (Version: 19.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - IPM Content (x64) (HKLM\...\{54F024CB-16AF-4CC0-9BC2-D2507E7C6C01}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - Writing Tools (x64) (HKLM\...\{E38357D4-1B80-400F-A6D7-B4D5DD83D979}) (Version: 19.1 - Corel Corporation) Hidden
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
CrystalDiskInfo 7.6.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.6.1 - Crystal Dew World)
Discord (HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{8CAF0391-512D-485C-B141-39D89E7EDCA8}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.12.1.0 - miHoYo Co.,Ltd)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{557D160E-2085-4D38-BDA3-1D5D3F74A3A4}) (Version: 6.0.4 - Intel Corporation)
Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft .NET Framework 4.8 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.8.106.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Research Mesh Virtual WIFI (HKLM-x32\...\{034A32D5-699E-4AED-A2EB-2CCB6E7F37F1}) (Version: 1.0.000 - Microsoft Research)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
NVIDIA Graphics Driver 451.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 451.67 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.34 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Opera GX Stable 80.0.4170.48 (HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\Opera GX 80.0.4170.48) (Version: 80.0.4170.48 - Opera Software)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Project64 version 3.0.1.5664 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 3.0.1.5664 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.7 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
UE4 Prerequisites (x86) (HKLM-x32\...\{6EAAE1C0-6000-45FA-B46D-D206144925BF}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x86) (HKLM-x32\...\{f1203e43-4ddb-4280-974e-73f14d793dbd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
WO Mic Client (HKLM-x32\...\WOMic) (Version: - )
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2305226654-651215044-733858041-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305226654-651215044-733858041-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305226654-651215044-733858041-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305226654-651215044-733858041-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305226654-651215044-733858041-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305226654-651215044-733858041-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6718864 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4220304 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2004-12-26] () [File not signed]
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [AutopanoShell.ShellContextMenu] -> {4B4F4C4F-5220-4798-ABF3-EC03F7C8A498} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2004-12-26] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2020-07-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2004-12-26] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\system32\ficvdec_x64.dll [652288 2013-05-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2009-01-01 01:06 - 2021-10-25 13:10 - 000034448 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2019-02-21 21:00 - 2019-02-21 21:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-05-01 02:09 - 2013-04-26 10:24 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 000173568 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\imageformats\qjpeg4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 001807360 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtCLucene4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 003276288 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtCore4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 012168192 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtGui4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 000750080 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtHelp4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 001085952 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtNetwork4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 000841728 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtOpenGL4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 001990144 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtScript4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 000897024 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtSql4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 000539136 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtXml4.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Carlos Luna\Cookies:9uiptag9KhjXpJROea9BnnRVF [1826]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2305226654-651215044-733858041-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp//latam.msn.com/?ocid=iehp
HKU\S-1-5-21-2305226654-651215044-733858041-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//www.google.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2305226654-651215044-733858041-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-2305226654-651215044-733858041-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll [2021-10-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-10-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-2305226654-651215044-733858041-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp//fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.

IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-10-18 22:12 - 2021-10-18 22:12 - 000000833 ____R C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-2305226654-651215044-733858041-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Carlos Luna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.48.225.146 - 200.48.225.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: ACTION_SVC => 3
MSCONFIG\Services: AdAppMgrSvc => 2
MSCONFIG\Services: Foundry License Server => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RLM => 2
MSCONFIG\Services: Rockstar Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: vgc => 3
MSCONFIG\Services: WTabletServiceCon => 2
MSCONFIG\startupfolder: C:^Users^Carlos Luna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameVox.lnk => C:\Windows\pss\GameVox.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ADSK DLMSession => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
MSCONFIG\startupreg: ADSKAppManager => "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
MSCONFIG\startupreg: Google Update => "C:\Users\Carlos Luna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ProxyCap => C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{26BF10EE-1D79-4107-B72C-C9B0B6530348}] => (Allow) C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\80.0.4170.48\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{5CB41C60-5184-4DE4-97E7-47A8CE3C61C2}C:\program files (x86)\womic\womicclient.exe] => (Allow) C:\program files (x86)\womic\womicclient.exe () [File not signed]
FirewallRules: [UDP Query User{C4B58CE0-9B62-4529-B69B-189EF82CB167}C:\program files (x86)\womic\womicclient.exe] => (Allow) C:\program files (x86)\womic\womicclient.exe () [File not signed]
FirewallRules: [TCP Query User{53066240-262C-4D89-AD40-374FC9C37118}C:\users\carlos luna\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\carlos luna\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{4FE1146C-6B94-4A3F-B3B9-03B3D4234638}C:\users\carlos luna\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\carlos luna\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{DFCFD19C-91C2-40C7-946E-3EE01B712C2E}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{6A80C201-3B27-4588-98EE-E01BBA7533C3}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{36077DE1-8476-401E-8EA6-52CBF9065A7D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D025ADD2-4276-4691-B046-73FA0D984488}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{586D1D22-7153-4987-97D8-B77472B9AF71}C:\program files\epic games\amongus\among us.exe] => (Allow) C:\program files\epic games\amongus\among us.exe () [File not signed]
FirewallRules: [UDP Query User{CC6FE1C3-7381-4122-8B0F-95493109FF5E}C:\program files\epic games\amongus\among us.exe] => (Allow) C:\program files\epic games\amongus\among us.exe () [File not signed]

==================== Restore Points =========================

25-10-2021 16:13:59 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: BlueStacks Hypervisor
Description: BlueStacks Hypervisor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BlueStacksDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: BigNox Service
Description: BigNox Service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: YSDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: AMSDK Driver
Description: AMSDK Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: amsdk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ehdrv
Description: ehdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ehdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: epfw
Description: epfw
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: epfw
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: epfwwfp
Description: epfwwfp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: epfwwfp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/23/2021 09:29:35 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT AUTHORITY)
Description: Application or service 'Epic Online Services local application.' could not be shut down.

Error: (10/23/2021 08:11:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HD-Player.exe, version: 5.3.70.1004, time stamp: 0x614976f6
Faulting module name: HD-Player.exe, version: 5.3.70.1004, time stamp: 0x614976f6
Exception code: 0xc0000005
Fault offset: 0x0000000000031409
Faulting process id: 0x874
Faulting application start time: 0x01d7c86b27659c15
Faulting application path: C:\Program Files\BlueStacks_nxt\HD-Player.exe
Faulting module path: C:\Program Files\BlueStacks_nxt\HD-Player.exe
Report Id: 4be535b1-3467-11ec-b7f3-d850e63c46b2

Error: (10/19/2021 06:16:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AntiMalware.exe, version: 3.2.28.0, time stamp: 0x60633416
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb7f5
Exception code: 0xe0434352
Fault offset: 0x0000c5af
Faulting process id: 0x1260
Faulting application start time: 0x01d7c4dab20fd0e2
Faulting application path: C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: f139c231-30cd-11ec-ac98-d850e63c46b2

Error: (10/19/2021 06:16:01 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AntiMalware.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
at Zemana.AntiMalware.UI.Program.Main(System.String[])

Error: (10/19/2021 06:01:08 AM) (Source: AntiMalware) (EventID: 0) (User: )
Description: Application has encountered a problem and needs to be closed. Please contact the adminstrator with the following information:

System.ComponentModel.Win32Exception (0x80004005): Error creating window handle.
at System.Windows.Forms.NativeWindow.CreateHandle(CreateParams cp)
at System.Windows.Forms.Control.CreateHandle()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.ControlCollection.Add(Control value)
at Zemana.AntiMalware.UI.Services.ScanPanelController.<>c__DisplayClass12_0.<AddScanFailedPanel>b__0(Panel pnl) in Z:\Projects\Zemana AntiMalware Staging\Zemana.AntiMalware.UI\Services\ScanPanelController.cs:line 73Error creating window handle.

Stack Trace:
at System.Windows.Forms.NativeWindow.CreateHandle(CreateParams cp)
at System.Windows.Forms.Control.CreateHandle()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.ControlCollection.Add(Control value)
at Zemana.AntiMalware.UI.Services.ScanPanelController.<>c__DisplayClass12_0.<AddScanFailedPanel>b__0(Panel pnl) in Z:\Projects\Zemana AntiMalware Staging\Zemana.AntiMalware.UI\Services\ScanPanelController.cs:line 73

Error: (10/19/2021 05:17:10 AM) (Source: MsiInstaller) (EventID: 1013) (User: 1989AH)
Description: Product: SuspendedBypass -- <<29017>>

Error: (10/19/2021 05:16:39 AM) (Source: MsiInstaller) (EventID: 11704) (User: 1989AH)
Description: Product: SuspendedBypass -- Error 1704. <<1704>>

Error: (10/19/2021 03:50:37 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.


System errors:
=============
Error: (10/25/2021 08:39:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (10/25/2021 07:53:18 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (10/25/2021 07:53:15 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (10/25/2021 07:53:13 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (10/25/2021 07:53:10 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (10/25/2021 07:53:08 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (10/25/2021 07:53:05 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (10/25/2021 07:53:02 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.


Windows Defender:
================
Date: 2016-05-08 05:04:37.251
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-02-03 02:42:01.148
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/SupTab&threatid=214126
Name:BrowserModifier:Win32/SupTab
Severity:High
Category:Browser Modifier
Path Found:file:C:\Program Files (x86)\TData\DuiLib.dll;file:C:\Program Files (x86)\TData\MCfig.ini;file:C:\Program Files (x86)\TData\msvcp110.dll;file:C:\Program Files (x86)\TData\msvcr110.dll;file:C:\Program Files (x86)\TData\Raydld.exe;file:C:\Program Files (x86)\TData\skin\About.xml;file:C:\Program Files (x86)\TData\skin\about_banner.png;file:C:\Program Files (x86)\TData\skin\animate_history.png;file:C:\Program Files (x86)\TData\skin\animate_portal.png;file:C:\Program Files (x86)\TData\skin\animate_recent.png;file:C:\Program Files (x86)\TData\skin\big_button_down.png;file:C:\Program Files (x86)\TData\skin\bk_shadow.png;file:C:\Program Files (x86)\TData\skin\bottom_toolbar_bk.png;file:C:\Program Files (x86)\TData\skin\brower_back.png;file:C:\Program Files (x86)\TData\skin\brower_refresh.png;file:C:\Program Files (x86)\TData\skin\btn.png;file:C:\Program Files (x86)\TData\skin\btn_browser_dir.png;file:C:\Program Files (x86)\TData\skin\ck_box.png;file:C:\Program Files (x86)\TData\skin\ck_check.png;file:C:\Program Files
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2016-02-03 02:11:35.241
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/SupTab&threatid=214126
Name:BrowserModifier:Win32/SupTab
Severity:High
Category:Browser Modifier
Path Found:file:C:\Program Files (x86)\TData\DuiLib.dll;file:C:\Program Files (x86)\TData\MCfig.ini;file:C:\Program Files (x86)\TData\msvcp110.dll;file:C:\Program Files (x86)\TData\msvcr110.dll;file:C:\Program Files (x86)\TData\Raydld.exe;file:C:\Program Files (x86)\TData\skin\About.xml;file:C:\Program Files (x86)\TData\skin\about_banner.png;file:C:\Program Files (x86)\TData\skin\animate_history.png;file:C:\Program Files (x86)\TData\skin\animate_portal.png;file:C:\Program Files (x86)\TData\skin\animate_recent.png;file:C:\Program Files (x86)\TData\skin\big_button_down.png;file:C:\Program Files (x86)\TData\skin\bk_shadow.png;file:C:\Program Files (x86)\TData\skin\bottom_toolbar_bk.png;file:C:\Program Files (x86)\TData\skin\brower_back.png;file:C:\Program Files (x86)\TData\skin\brower_refresh.png;file:C:\Program Files (x86)\TData\skin\btn.png;file:C:\Program Files (x86)\TData\skin\btn_browser_dir.png;file:C:\Program Files (x86)\TData\skin\ck_box.png;file:C:\Program Files (x86)\TData\skin\ck_check.png;file:C:\Program Files
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2016-02-03 02:10:32.255
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/SupTab&threatid=214126
Name:BrowserModifier:Win32/SupTab
Severity:High
Category:Browser Modifier
Path Found:file:C:\Program Files (x86)\TData\TData.exe;process: pid:3380,ProcessStart:130989568244561237
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2016-02-03 00:26:57.463
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/SupTab&threatid=214126
Name:BrowserModifier:Win32/SupTab
Severity:High
Category:Browser Modifier
Path Found:file:C:\Program Files (x86)\TData\DuiLib.dll;file:C:\Program Files (x86)\TData\MCfig.ini;file:C:\Program Files (x86)\TData\msvcp110.dll;file:C:\Program Files (x86)\TData\msvcr110.dll;file:C:\Program Files (x86)\TData\Raydld.exe;file:C:\Program Files (x86)\TData\skin\About.xml;file:C:\Program Files (x86)\TData\skin\about_banner.png;file:C:\Program Files (x86)\TData\skin\animate_history.png;file:C:\Program Files (x86)\TData\skin\animate_portal.png;file:C:\Program Files (x86)\TData\skin\animate_recent.png;file:C:\Program Files (x86)\TData\skin\big_button_down.png;file:C:\Program Files (x86)\TData\skin\bk_shadow.png;file:C:\Program Files (x86)\TData\skin\bottom_toolbar_bk.png;file:C:\Program Files (x86)\TData\skin\brower_back.png;file:C:\Program Files (x86)\TData\skin\brower_refresh.png;file:C:\Program Files (x86)\TData\skin\btn.png;file:C:\Program Files (x86)\TData\skin\btn_browser_dir.png;file:C:\Program Files (x86)\TData\skin\ck_box.png;file:C:\Program Files (x86)\TData\skin\ck_check.png;file:C:\Program Files
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2015-09-16 13:10:27.854
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

==================== Memory info ===========================

BIOS: American Megatrends Inc. 2003 10/15/2014
Motherboard: ASUSTeK COMPUTER INC. H87-PLUS
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 77%
Total physical RAM: 7634.46 MB
Available physical RAM: 1720.27 MB
Total Virtual: 15267.06 MB
Available Virtual: 5682.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:460.86 GB) NTFS
Drive h: (CarlosLuna) (Fixed) (Total:465.76 GB) (Free:253.9 GB) NTFS

\\?\Volume{6f327824-d7c3-11dd-893f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 844382C4)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 

[DR M]

Hi, Carlosh.
Welcome to Sysnative Forums.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


==========================

Allow me some time to review your logs and be back to you as soon as I am ready (usually within 24 hours).

 

[Carlosh]

Thank you I will wait and make sure to not make changes on the pc.

 

[DR M]

Hi, Carlosh.

Apologies for the delay.

Please do the following:

1. Find some necessary stuff

1. An empty USB flash drive
2. A healthy computer (either yours or a friend's)

2. Protect the healthy computer and download FRST on the USB drive

Using the healthy computer:

2.1. As a layer of protection, to ensure autorun is blocked on the flash drive, install on the healthy computer dr_Bora's program, MCShield::Anti-Malware Tool::. This tool is a resident drive detector and scanner, meant not just to block the autorun.inf, but also to clean the malicious files from the drive.

• Download it from here: MCShield
• Save it on your Desktop.
• Double click the MCShield-Setup.exe on your desktop, and follow the instructions until it gets installed (Yes, Next, I agree, Next, Install).
• Click on Run to let it run.
• Go to the General tab in the menu at the left and tick the option Always show the log file in case of infection.
• OK and close the window.

2.2. Download the right version of FRST for your system, and save it on your USB drive.

• FRST 32-bit
• FRST 64-bit

Note: If you don't know which one to download, download and save both on your USB drive. Only the right version will run on your system, the other will throw an error message. The one that works is the one you should be using from now on.


3. Enter System Recovery Options from the Advanced Boot Options

Using the faulty computer:

• Start by shutting down your computer.
• Press on the power button on the case to turn it on.
• After the computer is about 3 - 5 seconds into the boot-up process, hold down the power button to shut down the computer.
• Repeat the above process once again.
• For the third time, turn on the computer and allow it to boot up.
• If you completed the process correctly, a message saying Preparing Automatic Repair should appear.
• In a few seconds, another message will appear stating Diagnosing your PC and Automatic Repair will open.
• When you reach the Automatic Repair screen, click on Advanced Options.
• At the next screen, select Troubleshoot.
• When you see the next screen, select Advanced Options.
• You will get the following options:
  • Startup Repair
  • Startup Settings
  • Command Prompt
  • Uninstall Updates
  • System Restore
  • System Image Recovery
• Select Command Prompt.

Run FRST from the Command Prompt

1. In the black window that will open, called command prompt, type notepad and press on Enter.
2. Notepad will open. Click on the File menu and select Open.
3. Click on Computer, find the letter for your USB Flash Drive, then close the window and Notepad.
4. In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe) and press on Enter. As I told you before, run both of them if you are unsure about the architecture (x32 or x64) of your computer. Only the right one will run. IMPORTANT: Replace the letter e with the drive letter of your USB Flash Drive.
5. FRST will open.
6. Click on Yes to accept the disclaimer.
7. Click on the Scan button and wait for the scan to complete.
8. A log called FRST.txt will be saved on your USB Flash Drive.

4. Provide the FRST.txt

Using the healthy computer:

Insert the USB drive, open the FRST.txt, copy its content and paste it here, in your next reply.

 

[Carlosh]

Thanks for the reply.
I will try to do this steps, but will take some time, right now I don't have a healthy computer at hand and my friends don't live near me to ask them for help.

 

[DR M]

Carlosh,

There are signs that the computer may be infected with a rootkit which is a serious infection. The reason I asked you to find a healthy computer is to make sure that the usb stick with the FRST in it won't be infected. If there is no way to find a healthy computer, then do the step 2 above using your computer.

 

[Carlosh]

There is other way to enter Automatic Repair screen? Ill keep trying but so far I couldn't make it work.

 

[DR M]

Hi, Carlosh.

You can enter the Recovery Environment following these steps as well:

• Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
• Choose Update and Security.
• From the menu at the left, choose Recovery.
• Under the title Advanced startup at the right, choose Restart now.
• From the window that will appear choose Troubleshoot and then Advanced options.
• Choose Command Prompt.

 

[DR M]

OUPSSSS....

Carlosh, that's why you could not enter the Recovery Environment! I gave you instructions for Windows 10! My apologies!

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.
• On the System Recovery Options menu select Command Prompt.

Again, my apologies!

 

[Carlosh]

Sorry for the bother once again, but I having a problem, when I enter to select the language settings, my keyboard and mouse stop working, same happens when I do a startup repair. For some reason both stop working in that kind of screen.

 

[DR M]

Carlosh, what happens after you choose Repair your computer and Enter?

 

[DR M]

Carlosh, if keyboard and mouse doesn't work in the Recovery Environment, this is most likely related to USB drivers.

• If the computer has both USB 3.0 and USB 2.0 ports plug devices to older ports (2.0).
• Check BIOS for options related to USB. To get in to the BIOS, you have to use the proper key. The computer is ASUS, so probably it is the Delete or the F2 key. You have to press the key as soon as the computer starts, before the Windows logo appears. Use the arrows to move and Enter to select an option. Search for a USB Configuration option and enabled Legacy USB Support if it is listed. Another possibility is listed here.

After trying the above, check if you can boot in the Recovery Environment.

 

[Carlosh]

Thanks a lot for your patience, finally I could make it work, was other option for the mouse and keyboard but still the issue was there.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021
Ran by SYSTEM on MININT-GU7P53Q (30-10-2021 19:07:31)
Running from G:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) -> English (United States)
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [ProxyCap] => C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech -> Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\Carlos Luna\...\Run: [Opera GX Browser Assistant] => C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\Carlos Luna\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (Borislav Surbat -> MyCity)
HKU\Carlos Luna\...\Run: [Google Update] => "C:\Users\Carlos Luna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Startup: C:\Users\Carlos Luna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameVox.lnk [2016-03-17]
ShortcutTarget: GameVox.lnk -> C:\Program Files (x86)\GameVox\GameVox.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C9A5565-C85D-4309-810F-9B2EF6D93455} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Carlos Luna\Downloads\esetonlinescanner_esn.exe
Task: {1156D15A-AAE6-4EE4-A768-C21AF23191D3} - System32\Tasks\{9F4A8BFD-E17F-4A42-B4EE-55FD2C147405} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carlos Luna\AppData\Roaming\Nox\bin\Nox_unload.exe"
Task: {1ADD0762-CC79-45E7-B15D-17E123E1BE18} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2206488 2016-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {427624A0-6125-446F-84D9-BC6C71027E47} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2225952 2016-08-15] (Microsoft Corporation -> Microsoft)
Task: {4580E52B-91EE-42B5-9363-56BABDA2AFFC} - System32\Tasks\CorelUpdateHelperTask-F299A6B575097899476390FCD7D79BE3 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe
Task: {45A4D6E9-3EB8-4039-87C0-8EDD5A1CDC23} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1634663272 => C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\launcher.exe [3963600 2021-10-19] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {4D109734-C672-4DAB-8E1C-0848709181B8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2305226654-651215044-733858041-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Corporation)
Task: {52482CF5-BDD9-49A4-94A9-43C7A412C125} - System32\Tasks\{CB3E5831-270F-443A-894C-A54F005941DE} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carlos Luna\Downloads\setup-gtarcade-601b27db75125.exe" -d "C:\Users\Carlos Luna\Downloads"
Task: {5918D14A-68E3-4CFE-B21E-E1748D153440} - System32\Tasks\AdobeAAMUpdater-1.0-CarlosLuna-PC-Carlos Luna => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {61AA0E70-25B1-4153-A33F-B19B7AC78098} - System32\Tasks\{0C2E49FB-E0FA-4939-849F-2F5A476D0F82} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carlos Luna\Downloads\coreaacSetup.exe" -d "C:\Users\Carlos Luna\Downloads"
Task: {62A6C492-DB90-48A0-8729-0E9EE4C6AA60} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {671E9D4A-C29E-4F2E-B2B6-E844B48D0215} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6A162083-B862-49A1-BAAD-73716A32E6AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2021-02-03] (Adobe Inc. -> Adobe)
Task: {6D10DDD6-E35A-4909-8989-1D5F095840CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [4624152 2014-06-24] (Piriform Ltd -> Piriform Ltd)
Task: {6FC4D6E7-AEFA-40A9-9BB7-93CA381DA6F7} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2021-09-20] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {8F95A2D6-F062-4745-A5AF-962DB9825FAA} - System32\Tasks\Opera GX scheduled Autoupdate 1634241479 => C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\launcher.exe [3963600 2021-10-19] (Opera Software AS -> Opera Software)
Task: {93D89636-DEDB-4163-B18A-E7AA18E71A78} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe
Task: {A30BC2CE-E5F3-4757-A4D2-75EAD5A8EE1A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_pepper.exe [1452600 2019-04-13] (Adobe Inc. -> Adobe)
Task: {A3B005D3-E9D2-481C-8F83-C314EFE5F8A2} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1665312 2016-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B07B46E1-E12B-40BE-98B3-19CE5A3F4679} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2305226654-651215044-733858041-1000 => C:\Users\Carlos Luna\AppData\Local\MEGAsync\MEGAupdater.exe
Task: {B2EB5EF7-7A9A-498A-81EF-00A8AEEC7F30} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2021-02-03] (Adobe Inc. -> Adobe)
Task: {BD5159BA-C4CA-4CEC-A03A-8757F4788891} - System32\Tasks\{9AC3D973-ABA9-417C-BFEC-58F9A2E0316A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{7F7E4FA7-6F32-4DE2-917E-361E034AED7A}\setup.exe" -c -runfromtemp -l0x0409
Task: {CFE7C1EB-6D01-4C36-9CBB-4299E628064A} - System32\Tasks\{FB630E37-2B8D-498A-AF0C-D1E8035CCC9A} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carlos Luna\Downloads\remix-os-player-1-0-108.exe" -d "C:\Users\Carlos Luna\Downloads"
Task: {D0087371-BA7B-40D8-B082-1AA679E01EE7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2206488 2016-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {D0C532E0-D1C5-4939-9A5D-20C1E65CEBAA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1665312 2016-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {D685ED40-7570-4DD0-8D05-E36B8F49EF67} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {DD67DAB7-77D5-429A-A54E-4723DD7E316D} - System32\Tasks\{8BA74D91-FA29-419D-858B-36DC14E276AD} => C:\Windows\system32\pcalua.exe -a "F:\AutoPlay\Docs\Extras\Game Tools\DOSBox 0.63\DOSBox0.63-win32-installer.exe" -d "F:\AutoPlay\Docs\Extras\Game Tools\DOSBox 0.63"
Task: {E7C96D1D-73AE-4ED4-ACCB-72AAE2A699BB} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Carlos Luna\Downloads\esetonlinescanner_esn.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82128 2015-07-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2021-02-03] (Adobe Inc. -> Adobe)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-28] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2019-03-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-10-23] (Epic Games Inc. -> Epic Games, Inc.)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation)
S2 Ms3D569C04App; C:\Windows\System32\Ms3D569C04App.dll [10600572 2021-09-26] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [9473408 2021-01-18] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S4 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation)
S1 AFD; C:\Windows\system32\drivers\afd.sys [496128 2017-04-04] (Microsoft Corporation)
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2020-01-02] (Microsoft Corporation)
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2020-01-02] (Microsoft Corporation)
S3 AppID; C:\Windows\system32\drivers\appid.sys [62464 2020-01-02] (Microsoft Corporation)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] (ASUSTeK Computer Inc. -> )
S1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation)
S2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [320728 2021-09-20] (Bluestack Systems, Inc -> Bluestack System Inc.)
S3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90112 2018-07-18] (Microsoft Corporation)
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92672 2019-02-10] (Microsoft Corporation)
S1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] (Microsoft Corporation)
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-13] (Microsoft Corporation)
S3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation)
S1 CSC; C:\Windows\System32\drivers\csc.sys [516096 2018-06-29] (Microsoft Corporation)
S1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [115200 2018-04-25] (Microsoft Corporation)
S1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation)
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2015-12-08] (Microsoft Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-09-21] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-09-21] (Disc Soft Ltd -> Disc Soft Ltd)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169424 2021-08-06] (ESET, spol. s r.o. -> ESET)
S0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [123472 2021-08-06] (ESET, spol. s r.o. -> ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [194776 2021-08-06] (ESET, spol. s r.o. -> ESET)
S2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43904 2021-08-06] (ESET, spol. s r.o. -> ESET)
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2018-02-10] (Microsoft Corporation)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195584 2019-02-10] (Microsoft Corporation)
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [205312 2019-02-10] (Microsoft Corporation)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2019-08-26] (Microsoft Corporation)
S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation)
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-13] (Microsoft Corporation)
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-13] (Microsoft Corporation)
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2019-03-04] (Microsoft Corporation)
S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [754176 2019-12-09] (Microsoft Corporation)
S3 intelppm; C:\Windows\system32\drivers\intelppm.sys [62464 2020-01-02] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation)
S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation)
S0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [246952 2021-10-19] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [284408 2021-10-19] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech -> Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech -> Logitech Inc.)
S2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation)
S2 luafv; C:\Windows\system32\drivers\luafv.sys [114688 2019-03-28] (Microsoft Corporation)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation)
S3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2019-09-09] (Microsoft Corporation)
S3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2018-08-10] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [142336 2016-09-08] (Microsoft Corporation)
S3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [161280 2020-01-02] (Microsoft Corporation)
S3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [291328 2020-01-02] (Microsoft Corporation)
S3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [129536 2020-01-02] (Microsoft Corporation)
S1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2019-02-03] (Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation)
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [324608 2017-09-13] (Microsoft Corporation)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation)
S3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2018-12-07] (Microsoft Corporation)
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation)
S3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation)
S3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [58368 2018-12-07] (Microsoft Corporation)
S1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [45056 2017-12-31] (Microsoft Corporation)
S1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [262656 2019-02-21] (Microsoft Corporation)
S1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44544 2020-01-02] (Microsoft Corporation)
S1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [26112 2017-08-10] (Microsoft Corporation)
S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663552 2019-06-12] (Microsoft Corporation)
S3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation)
S3 Processor; C:\Windows\system32\drivers\processr.sys [60928 2020-01-02] (Microsoft Corporation)
S1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2017-12-31] (Microsoft Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation)
S3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation)
S1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [317440 2019-09-09] (Microsoft Corporation)
S3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation)
S1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation)
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165888 2010-11-20] (Microsoft Corporation)
S1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation)
S1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation)
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-16] (Microsoft Corporation)
S2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation)
S3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Semiconductor Corp -> Realtek Corporation)
S3 RvNetMP60; C:\Windows\System32\DRIVERS\RvNetMP60.sys [69048 2018-12-25] (Famatech Corp. -> Famatech Corp.)
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [6656 2010-11-20] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation)
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation)
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation)
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation)
S3 srv; C:\Windows\System32\DRIVERS\srv.sys [464384 2020-01-02] (Microsoft Corporation)
S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [406016 2020-01-02] (Microsoft Corporation)
S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [169984 2020-01-02] (Microsoft Corporation)
S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [46080 2016-07-07] (Microsoft Corporation)
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation)
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-16] (Microsoft Corporation)
S1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [117248 2017-07-29] (Microsoft Corporation)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [40448 2017-08-13] (Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832 2013-10-01] (Microsoft Corporation)
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2019-02-10] (Microsoft Corporation)
S3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] (Microsoft Corporation)
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824 2013-07-12] (Microsoft Corporation)
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2018-05-02] (Microsoft Corporation)
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation)
S3 usbehci; C:\Windows\system32\drivers\usbehci.sys [56320 2018-05-02] (Microsoft Corporation)
S3 usbhub; C:\Windows\system32\drivers\usbhub.sys [344064 2018-05-02] (Microsoft Corporation)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2018-05-02] (Microsoft Corporation)
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2016-02-03] (Microsoft Corporation)
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2018-05-02] (Microsoft Corporation)
S3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [19968 2013-02-11] (Microsoft Corporation)
S1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2016-12-02] (Duodian Online Technology Co. Ltd. -> BigNox Corporation)
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation)
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [21760 2010-11-20] (Microsoft Corporation)
S3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation)
S1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation)
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2018-12-07] (Microsoft Corporation)
S1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2018-12-07] (Microsoft Corporation)
S1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation)
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation)
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2018-02-10] (Microsoft Corporation)
S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [35696 2017-11-25] (Beijing Wolicheng Technology Co., Ltd. -> Windows (R) Win 7 DDK provider)
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [22016 2019-08-19] (Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation)
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [679936 2009-07-13] (Microsoft Corporation)
S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]
S2 BlueStacksDrv; \??\C:\Program Files\BlueStacks\BstkDrv_bgp.sys [X]
S1 epfw; system32\DRIVERS\epfw.sys [X]
S1 epfwwfp; system32\DRIVERS\epfwwfp.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Carlos Luna\AppData\Local\Temp\tmpE675.tmp [X] <==== ATTENTION
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S1 YSDrv; \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [X]
UpperFilters: [{4D36E967-E325-11CE-BFC1-08002BE10318}] -> [PartMgr edevmon]
UpperFilters: [{4D36E96B-E325-11CE-BFC1-08002BE10318}] -> [ekbdflt kbdclass]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: Ms3D569C04App -> C:\Windows\System32\Ms3D569C04App.dll ()

==================== One month (created) (All) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-28 14:52 - 2021-10-30 15:46 - 000000000 ____D C:\ProgramData\MCShield
2021-10-28 14:52 - 2021-10-28 14:52 - 000000000 ____D C:\Program Files (x86)\MCShield
2021-10-28 14:44 - 2021-10-28 14:45 - 002856736 _____ (MyCity) C:\Users\Carlos Luna\Desktop\MCShield-Setup.exe
2021-10-26 19:53 - 2021-10-26 19:53 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Carlos Luna\Downloads\iExplore.exe
2021-10-26 19:52 - 2021-10-26 20:03 - 000002062 _____ C:\Users\Carlos Luna\Desktop\Rkill.txt
2021-10-25 17:34 - 2021-10-25 17:39 - 000047701 _____ C:\Users\Carlos Luna\Desktop\Addition.txt
2021-10-25 17:29 - 2021-10-25 17:39 - 000034232 _____ C:\Users\Carlos Luna\Desktop\FRST.txt
2021-10-25 17:29 - 2021-10-25 17:31 - 000000000 ____D C:\FRST
2021-10-25 16:16 - 2021-10-25 16:17 - 002310656 _____ (Farbar) C:\Users\Carlos Luna\Desktop\FRST64.exe
2021-10-24 16:45 - 2021-10-24 16:48 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\niemiro
2021-10-23 22:54 - 2021-10-23 22:54 - 002316112 _____ (niemiro) C:\Users\Carlos Luna\Desktop\SFCFix.exe
2021-10-23 22:20 - 2021-10-23 22:20 - 010228313 _____ (Macrovision Corporation) C:\Users\Carlos Luna\Downloads\asmwsoftpcoptimizersetup.exe
2021-10-23 22:04 - 2021-10-23 22:05 - 000000000 ____D C:\Users\Carlos Luna\Downloads\Windupdate
2021-10-23 21:28 - 2021-10-28 19:08 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\ElevatedDiagnostics
2021-10-23 21:11 - 2021-10-23 21:11 - 003298367 _____ C:\Users\Carlos Luna\Downloads\Windows6.1-KB3050265-x64.msu
2021-10-23 20:15 - 2021-10-23 20:16 - 136393144 _____ (Microsoft Corporation) C:\Users\Carlos Luna\Downloads\MSERT.exe
2021-10-23 20:01 - 2021-10-23 20:02 - 000000000 ____D C:\Program Files\TEST
2021-10-23 18:43 - 2021-10-23 18:43 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\EOSUserHelper
2021-10-23 18:42 - 2021-10-23 18:42 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\Epic Games
2021-10-23 18:30 - 2021-10-23 18:30 - 000000000 ____D C:\Users\Default\AppData\Local\Epic Games
2021-10-21 17:11 - 2021-10-21 17:19 - 000000000 ____D C:\Users\Carlos Luna\Downloads\backups
2021-10-21 15:01 - 2021-10-21 15:01 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\CEF
2021-10-20 19:52 - 2021-10-20 19:53 - 000388608 _____ (Trend Micro Inc.) C:\Users\Carlos Luna\Downloads\HijackThis.exe
2021-10-19 09:08 - 2021-10-19 09:08 - 000004352 _____ C:\Windows\System32\Tasks\Opera GX scheduled assistant Autoupdate 1634663272
2021-10-19 02:27 - 2021-10-19 02:27 - 000284408 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klupd_klif_klark.sys
2021-10-19 02:25 - 2021-10-19 02:25 - 000246952 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klupd_klif_arkmon.sys
2021-10-18 23:18 - 2021-10-18 23:18 - 000057449 _____ C:\Windows\System32\NOTICE_mod
2021-10-18 19:48 - 2021-10-18 19:48 - 000909824 _____ (Farbar) C:\Users\Carlos Luna\Downloads\FSS.exe
2021-10-18 19:47 - 2021-10-18 19:48 - 201686784 _____ (SUPERAntiSpyware) C:\Users\Carlos Luna\Downloads\SUPERAntiSpyware.exe
2021-10-18 19:04 - 2021-10-21 16:46 - 000191832 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2021-10-16 23:19 - 2021-10-16 23:19 - 000000000 ____D C:\ProgramData\Emsisoft
2021-10-16 21:57 - 2021-10-16 21:57 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Carlos Luna\Downloads\rkill.exe
2021-10-14 11:58 - 2021-10-26 09:39 - 000004100 _____ C:\Windows\System32\Tasks\Opera GX scheduled Autoupdate 1634241479
2021-10-13 18:05 - 2021-10-13 18:06 - 000000083 _____ C:\Users\Carlos Luna\Documents\lista cosas.txt
2021-10-11 23:37 - 2021-10-11 23:37 - 000001085 _____ C:\Users\Carlos Luna\Desktop\Windows Media Player.lnk
2021-10-10 23:35 - 2021-10-10 23:35 - 000000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2021-10-08 13:24 - 2021-10-08 13:24 - 000000000 ____D C:\.android
2021-10-08 01:10 - 2021-10-08 01:10 - 000000000 ____D C:\Program Files (x86)\Project64 3.0

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-30 15:49 - 2009-07-13 20:45 - 000023936 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-10-30 15:49 - 2009-07-13 20:45 - 000023936 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-10-30 15:46 - 2020-07-17 20:22 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-30 15:46 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-10-30 15:12 - 2014-06-22 16:37 - 000000000 ____D C:\Program Files (x86)\Steam
2021-10-30 14:55 - 2014-08-07 00:52 - 000000132 _____ C:\Users\Carlos Luna\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2021-10-30 13:19 - 2017-05-05 17:31 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\discord
2021-10-30 13:18 - 2017-05-05 17:30 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\Discord
2021-10-30 09:50 - 2021-09-26 10:30 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2021-10-30 09:46 - 2015-04-19 15:58 - 000007633 _____ C:\Users\Carlos Luna\AppData\Local\Resmon.ResmonCfg
2021-10-30 09:44 - 2014-07-04 13:56 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\Adobe
2021-10-29 19:34 - 2020-10-20 22:14 - 000000000 ____D C:\Program Files\Genshin Impact
2021-10-28 19:09 - 2016-04-13 21:33 - 000000000 ____D C:\Windows\pss
2021-10-28 15:29 - 2020-03-22 15:03 - 000689126 _____ C:\Windows\System32\perfh007.dat
2021-10-28 15:29 - 2020-03-22 15:03 - 000149098 _____ C:\Windows\System32\perfc007.dat
2021-10-28 15:29 - 2014-03-12 17:39 - 000745504 _____ C:\Windows\System32\perfh00A.dat
2021-10-28 15:29 - 2014-03-12 17:39 - 000158582 _____ C:\Windows\System32\perfc00A.dat
2021-10-28 15:29 - 2009-07-13 21:13 - 002514704 _____ C:\Windows\System32\PerfStringBackup.INI
2021-10-28 15:29 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2021-10-28 15:28 - 2018-08-09 10:46 - 000000000 ____D C:\Users\Carlos Luna\Documents\Hermanos
2021-10-25 17:23 - 2018-08-09 10:33 - 000000000 ____D C:\Users\Carlos Luna\Documents\Carlos
2021-10-25 16:58 - 2014-04-10 22:54 - 000000000 ____D C:\Users\Carlos Luna\Documents\My Games
2021-10-23 21:28 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF
2021-10-22 23:22 - 2021-08-01 22:56 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\vlc
2021-10-21 16:47 - 2014-05-10 19:18 - 000000000 ____D C:\Program Files\Java
2021-10-20 23:15 - 2014-03-12 16:32 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\Adobe
2021-10-20 23:04 - 2021-03-11 18:40 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\Opera Software
2021-10-20 22:46 - 2015-10-24 16:03 - 000000000 ____D C:\Users\Carlos Luna\Downloads\Series
2021-10-20 20:09 - 2014-04-19 00:42 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-10-20 13:10 - 2008-12-31 22:05 - 000000000 ___RD C:\Program Files (x86)\ASUS
2021-10-19 02:17 - 2008-12-31 21:26 - 000154328 _____ C:\Users\Carlos Luna\AppData\Local\GDIPFONTCACHEV1.DAT
2021-10-18 23:57 - 2009-07-13 20:45 - 005165616 _____ C:\Windows\System32\FNTCACHE.DAT
2021-10-18 23:10 - 2014-11-29 17:43 - 000000000 ____D C:\Program Files\CPUID
2021-10-18 23:07 - 2016-06-08 12:04 - 000000000 ____D C:\Program Files (x86)\Minecraft
2021-10-18 23:06 - 2014-04-19 00:17 - 000000000 ____D C:\ProgramData\Adobe
2021-10-18 23:03 - 2015-02-16 11:11 - 000000000 ____D C:\Program Files (x86)\Java
2021-10-18 19:24 - 2019-02-06 17:46 - 000000000 ____D C:\Windows\System32\DAX2
2021-10-18 19:23 - 2021-04-30 23:22 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2021-10-18 19:05 - 2015-10-24 16:03 - 000000000 ____D C:\Users\Carlos Luna\Downloads\Archives
2021-10-18 19:02 - 2014-03-12 17:50 - 000000000 ____D C:\Windows\System32\Tasks\Games
2021-10-18 18:56 - 2016-06-08 12:05 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\.minecraft
2021-10-18 11:41 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\rescache
2021-10-14 11:56 - 2016-01-14 20:46 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\Opera Software
2021-10-11 21:06 - 2009-01-01 00:16 - 000000000 ____D C:\Windows\Panther
2021-10-10 23:35 - 2009-07-13 23:45 - 000000000 ___RD C:\Users\Public\Recorded TV
2021-10-10 23:14 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-10-10 20:03 - 2021-08-29 21:49 - 000000995 _____ C:\Users\Carlos Luna\Desktop\Genshin Impact.lnk
2021-10-10 20:03 - 2020-10-20 22:14 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\miHoYo
2021-10-10 10:31 - 2014-03-12 17:50 - 000018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2021-10-09 22:13 - 2009-07-13 21:08 - 000032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2021-10-08 13:24 - 2014-07-08 12:40 - 000000000 ____D C:\ProgramData\Apple
2021-10-08 00:55 - 2015-01-14 11:34 - 000000000 ____D C:\Users\Carlos Luna\Downloads\Zips
2021-10-02 23:51 - 2014-05-07 02:49 - 000000000 ____D C:\Users\Carlos Luna\AppData\LocalLow\Temp

==================== KnownDLLs (Whitelisted) =========================


==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2021-04-29 11:41] - [2020-01-29 18:23] - 001010688 _____ (Microsoft Corporation) 8638404CAC7EAC3F44824EAFBF91A715

C:\Windows\SysWOW64\User32.dll
[2021-04-29 11:41] - [2020-01-29 18:30] - 000834560 _____ (Microsoft Corporation) 8A4B88FFFCC661A3824860467CEB1D78

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\dllhost.exe => MD5 is legit
C:\Windows\SysWOW64\dllhost.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2021-10-30 14:46

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8130.46 MB
Available physical RAM: 7191.11 MB
Total Virtual: 8128.61 MB
Available Virtual: 7192.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:460.28 GB) NTFS
Drive d: (CarlosLuna) (Fixed) (Total:465.76 GB) (Free:253.9 GB) NTFS
Drive g: (KINGSTON) (Removable) (Total:14.41 GB) (Free:14.39 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 319F4949)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 844382C4)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.4 GB) (Disk ID: 233DB68B)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0C)
==================== End of FRST.txt ========================

 

[DR M]

Hi, Carlosh.

How did you overcome the issue with mouse and keyboard? Essentially it was something in the BIOS? Or something else?

Now...

Let's remove the rootkit.

1. Prepare the fix

Open a notepad window (Start > All Programs > Accessories > Notepad), copy and paste the following code in it, and name it as fixlist.txt. Change the Save as Type to All Files and save it in the USB drive where the FRST tool is.

Be careful to select the whole content of the code below.

S2 Ms3D569C04App; C:\Windows\System32\Ms3D569C04App.dll [10600572 2021-09-26] ()
NETSVC: Ms3D569C04App -> C:\Windows\System32\Ms3D569C04App.dll ()
C:\Windows\System32\Ms3D569C04App.dll

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


2. Enter Recovery Environment

Enter the Recovery Environment as you did before. Select Command Prompt again.

After that...

Run FRST from the Command Prompt

1. In the black window that will open, called command prompt, type notepad and press on Enter.
2. Notepad will open. Click on the File menu and select Open.
3. Click on Computer, find the letter for your USB Flash Drive, then close the window and Notepad.
4. In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe) and press on Enter. IMPORTANT: Replace the letter e with the drive letter of your USB Flash Drive.
5. FRST will open.
6. Click on Yes to accept the disclaimer.
7. Click on the FIX button and wait for the scan to complete.
8. A log called fixlog.txt will be saved on your USB Flash Drive.

3. Provide the FRST.txt

Open the USB drive, find fixlog.txt, open it, copy its content and paste it here, in your next reply.


NOTE: Credits to Picasso for the valuable advice.

 

[Carlosh]

I think was solved, but it seems that it works sometimes and others doesn't, not sure why, but the option I activated were in the Boot tab on Asus Bios to give a full initialization to the keyboard and mouse drivers.

Also here is the fix log, that is a bit more shorter that I was expecting, hope I did everything right.

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by SYSTEM (01-11-2021 02:46:45) Run:1
Running from G:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
S2 Ms3D569C04App; C:\Windows\System32\Ms3D569C04App.dll [10600572 2021-09-26] ()
NETSVC: Ms3D569C04App -> C:\Windows\System32\Ms3D569C04App.dll ()
C:\Windows\System32\Ms3D569C04App.dll
*****************

HKLM\System\ControlSet001\Services\Ms3D569C04App => removed successfully
Ms3D569C04App => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Ms3D569C04App => removed successfully
C:\Windows\System32\Ms3D569C04App.dll => moved successfully

==== End of Fixlog 02:46:45 ====

 

[DR M]

Carlosh,

The fix did exactly what we expected: it removed the rootkit.

Now, let's see FRST logs in normal mode this time.

• Double-click on the FRST icon (it is on your Desktop) to run it, as you did before. When the tool opens click Yes to disclaimer.
• Make sure to check the 90 Days Files option, under the section of the Optional Scans.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please copy and paste the content of these two logs in your next reply.

 

[Carlosh]

Thanks a lot, yeah I could confirm that the process that was taking away the CPU and Memory is gone so far, I open many of the programs and games to check if any could make it come back, but so far there is no sign of it.

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2021
Ran by Carlos Luna (administrator) on 1989AH (ASUS All Series) (01-11-2021 15:33:22)
Running from C:\Users\Carlos Luna\Desktop
Loaded Profiles: Carlos Luna
: Microsoft Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Borislav Surbat -> MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Opera Software AS -> Opera Software) C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\80.0.4170.61\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\opera.exe <12>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [ProxyCap] => C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech -> Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\Run: [Opera GX Browser Assistant] => C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (Borislav Surbat -> MyCity)
HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\Run: [Google Update] => "C:\Users\Carlos Luna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\MountPoints2: {7776be3f-f783-11e4-b3bf-ab6770d31304} - E:\Startme.exe
HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\MountPoints2: {c02e2f6e-805e-11e6-9b0c-d850e63c46b2} - E:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\MountPoints2: {c2d0008f-546d-11e8-b0dd-0014d1237121} - F:\startme.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\Carlos Luna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameVox.lnk [2016-03-17]
ShortcutTarget: GameVox.lnk -> C:\Program Files (x86)\GameVox\GameVox.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C9A5565-C85D-4309-810F-9B2EF6D93455} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Carlos Luna\Downloads\esetonlinescanner_esn.exe
Task: {1156D15A-AAE6-4EE4-A768-C21AF23191D3} - System32\Tasks\{9F4A8BFD-E17F-4A42-B4EE-55FD2C147405} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carlos Luna\AppData\Roaming\Nox\bin\Nox_unload.exe"
Task: {1ADD0762-CC79-45E7-B15D-17E123E1BE18} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2206488 2016-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {427624A0-6125-446F-84D9-BC6C71027E47} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2225952 2016-08-15] (Microsoft Corporation -> Microsoft)
Task: {4580E52B-91EE-42B5-9363-56BABDA2AFFC} - System32\Tasks\CorelUpdateHelperTask-F299A6B575097899476390FCD7D79BE3 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe
Task: {45A4D6E9-3EB8-4039-87C0-8EDD5A1CDC23} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1634663272 => C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\launcher.exe [3963600 2021-10-19] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {4D109734-C672-4DAB-8E1C-0848709181B8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2305226654-651215044-733858041-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {52482CF5-BDD9-49A4-94A9-43C7A412C125} - System32\Tasks\{CB3E5831-270F-443A-894C-A54F005941DE} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carlos Luna\Downloads\setup-gtarcade-601b27db75125.exe" -d "C:\Users\Carlos Luna\Downloads"
Task: {5918D14A-68E3-4CFE-B21E-E1748D153440} - System32\Tasks\AdobeAAMUpdater-1.0-CarlosLuna-PC-Carlos Luna => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {61AA0E70-25B1-4153-A33F-B19B7AC78098} - System32\Tasks\{0C2E49FB-E0FA-4939-849F-2F5A476D0F82} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carlos Luna\Downloads\coreaacSetup.exe" -d "C:\Users\Carlos Luna\Downloads"
Task: {62A6C492-DB90-48A0-8729-0E9EE4C6AA60} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {671E9D4A-C29E-4F2E-B2B6-E844B48D0215} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6A162083-B862-49A1-BAAD-73716A32E6AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2021-02-03] (Adobe Inc. -> Adobe)
Task: {6D10DDD6-E35A-4909-8989-1D5F095840CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [4624152 2014-06-24] (Piriform Ltd -> Piriform Ltd)
Task: {6FC4D6E7-AEFA-40A9-9BB7-93CA381DA6F7} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2021-09-21] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {8F95A2D6-F062-4745-A5AF-962DB9825FAA} - System32\Tasks\Opera GX scheduled Autoupdate 1634241479 => C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\launcher.exe [3963600 2021-10-19] (Opera Software AS -> Opera Software)
Task: {93D89636-DEDB-4163-B18A-E7AA18E71A78} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe
Task: {A30BC2CE-E5F3-4757-A4D2-75EAD5A8EE1A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_pepper.exe [1452600 2019-04-13] (Adobe Inc. -> Adobe)
Task: {A3B005D3-E9D2-481C-8F83-C314EFE5F8A2} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1665312 2016-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B07B46E1-E12B-40BE-98B3-19CE5A3F4679} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2305226654-651215044-733858041-1000 => C:\Users\Carlos Luna\AppData\Local\MEGAsync\MEGAupdater.exe
Task: {B2EB5EF7-7A9A-498A-81EF-00A8AEEC7F30} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2021-02-03] (Adobe Inc. -> Adobe)
Task: {BD5159BA-C4CA-4CEC-A03A-8757F4788891} - System32\Tasks\{9AC3D973-ABA9-417C-BFEC-58F9A2E0316A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{7F7E4FA7-6F32-4DE2-917E-361E034AED7A}\setup.exe" -c -runfromtemp -l0x0409
Task: {CFE7C1EB-6D01-4C36-9CBB-4299E628064A} - System32\Tasks\{FB630E37-2B8D-498A-AF0C-D1E8035CCC9A} => C:\Windows\system32\pcalua.exe -a "C:\Users\Carlos Luna\Downloads\remix-os-player-1-0-108.exe" -d "C:\Users\Carlos Luna\Downloads"
Task: {D0087371-BA7B-40D8-B082-1AA679E01EE7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2206488 2016-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {D0C532E0-D1C5-4939-9A5D-20C1E65CEBAA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1665312 2016-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {D685ED40-7570-4DD0-8D05-E36B8F49EF67} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {DD67DAB7-77D5-429A-A54E-4723DD7E316D} - System32\Tasks\{8BA74D91-FA29-419D-858B-36DC14E276AD} => C:\Windows\system32\pcalua.exe -a "F:\AutoPlay\Docs\Extras\Game Tools\DOSBox 0.63\DOSBox0.63-win32-installer.exe" -d "F:\AutoPlay\Docs\Extras\Game Tools\DOSBox 0.63"
Task: {E7C96D1D-73AE-4ED4-ACCB-72AAE2A699BB} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Carlos Luna\Downloads\esetonlinescanner_esn.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

IPSecPolicy: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{54a8fc58-9b91-49c0-9f77-0893a0c1aae3} <==== ATTENTION (Restriction - IP)
Tcpip\Parameters: [DhcpNameServer] 200.48.225.146 200.48.225.130
Tcpip\..\Interfaces\{4F611090-1E2A-4C0B-B218-CB68014871BD}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{577DA66F-E0C5-4726-8D88-1A73332085A9}: [DhcpNameServer] 200.48.225.146 200.48.225.130
Tcpip\..\Interfaces\{8D58557D-1DB6-4DD8-B77E-9A6F9972990A}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A27F8B15-26C0-4909-9700-9719E16C3A24}: [DhcpNameServer] 200.48.225.130 200.48.225.146
Tcpip\..\Interfaces\{B67BBEAF-70C7-4ED9-ADCE-DAC65DF532A9}: [DhcpNameServer] 200.48.225.146 200.48.225.130
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,26.0.0.1,9256]

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2021-02-03] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2021-02-03] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2305226654-651215044-733858041-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Carlos Luna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-05] (Unity Technologies SF -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2305226654-651215044-733858041-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc]
CHR HKLM-x32\...\Chrome\Extension: [mcegpkkjabjeiddmpmgbmjlmiebfiofd]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo]

Opera:
=======
OPR Profile: C:\Users\Carlos Luna\AppData\Roaming\Opera Software\Opera Stable [2021-10-14]
OPR DefaultSuggestURL: Opera Stable -> hxxps//www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Carlos Luna\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-09-29]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Carlos Luna\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-09-28]
StartMenuInternet: (HKU\S-1-5-21-2305226654-651215044-733858041-1000) Opera GXStable - "C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82128 2015-07-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2021-02-03] (Adobe Inc. -> Adobe)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2019-03-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-10-23] (Epic Games Inc. -> Epic Games, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [9473408 2021-01-18] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S4 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] (ASUSTeK Computer Inc. -> )
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [320728 2021-09-20] (Bluestack Systems, Inc -> Bluestack System Inc.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-09-22] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-09-22] (Disc Soft Ltd -> Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169424 2021-08-06] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [123472 2021-08-06] (ESET, spol. s r.o. -> ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [194776 2021-08-06] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43904 2021-08-06] (ESET, spol. s r.o. -> ESET)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [246952 2021-10-19] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [284408 2021-10-19] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech -> Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech -> Logitech Inc.)
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Semiconductor Corp -> Realtek Corporation)
S3 RvNetMP60; C:\Windows\System32\DRIVERS\RvNetMP60.sys [69048 2018-12-25] (Famatech Corp. -> Famatech Corp.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2017-08-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2016-12-03] (Duodian Online Technology Co. Ltd. -> BigNox Corporation)
R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [35696 2017-11-25] (Beijing Wolicheng Technology Co., Ltd. -> Windows (R) Win 7 DDK provider)
S1 amsdk; \??\C:\Windows\system32\drivers\amsdk.sys [X]
S2 BlueStacksDrv; \??\C:\Program Files\BlueStacks\BstkDrv_bgp.sys [X]
S1 epfw; system32\DRIVERS\epfw.sys [X]
S1 epfwwfp; system32\DRIVERS\epfwwfp.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Carlos Luna\AppData\Local\Temp\tmpE675.tmp [X] <==== ATTENTION
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S1 YSDrv; \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-01 15:33 - 2021-11-01 15:35 - 000023852 _____ C:\Users\Carlos Luna\Desktop\FRST.txt
2021-11-01 15:33 - 2021-11-01 15:33 - 000000000 ____D C:\Users\Carlos Luna\Desktop\FRST-OlderVersion
2021-10-31 20:20 - 2021-10-31 20:20 - 000000186 _____ C:\Users\Carlos Luna\Documents\fixlist.txt
2021-10-30 19:13 - 2021-10-30 19:10 - 000038441 _____ C:\Users\Carlos Luna\Documents\FRST.txt
2021-10-28 17:52 - 2021-11-01 11:01 - 000000000 ____D C:\ProgramData\MCShield
2021-10-28 17:52 - 2021-10-28 17:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2021-10-28 17:52 - 2021-10-28 17:52 - 000000000 ____D C:\Program Files (x86)\MCShield
2021-10-28 17:44 - 2021-10-28 17:45 - 002856736 _____ (MyCity) C:\Users\Carlos Luna\Desktop\MCShield-Setup.exe
2021-10-26 22:53 - 2021-10-26 22:53 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Carlos Luna\Downloads\iExplore.exe
2021-10-25 20:29 - 2021-11-01 15:34 - 000000000 ____D C:\FRST
2021-10-25 19:16 - 2021-11-01 15:33 - 002310656 _____ (Farbar) C:\Users\Carlos Luna\Desktop\FRST64.exe
2021-10-24 19:45 - 2021-10-24 19:48 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\niemiro
2021-10-24 01:54 - 2021-10-24 01:54 - 002316112 _____ (niemiro) C:\Users\Carlos Luna\Desktop\SFCFix.exe
2021-10-24 01:20 - 2021-10-24 01:20 - 010228313 _____ (Macrovision Corporation) C:\Users\Carlos Luna\Downloads\asmwsoftpcoptimizersetup.exe
2021-10-24 01:04 - 2021-10-24 01:05 - 000000000 ____D C:\Users\Carlos Luna\Downloads\Windupdate
2021-10-24 00:28 - 2021-10-28 22:08 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\ElevatedDiagnostics
2021-10-24 00:11 - 2021-10-24 00:11 - 003298367 _____ C:\Users\Carlos Luna\Downloads\Windows6.1-KB3050265-x64.msu
2021-10-23 23:01 - 2021-10-23 23:02 - 000000000 ____D C:\Program Files\TEST
2021-10-23 21:43 - 2021-10-23 21:43 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\EOSUserHelper
2021-10-23 21:42 - 2021-10-23 21:42 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\Epic Games
2021-10-23 21:30 - 2021-10-23 21:30 - 000000000 ____D C:\Users\Default\AppData\Local\Epic Games
2021-10-21 20:11 - 2021-10-21 20:19 - 000000000 ____D C:\Users\Carlos Luna\Downloads\backups
2021-10-21 18:01 - 2021-10-21 18:01 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\CEF
2021-10-20 22:52 - 2021-10-20 22:53 - 000388608 _____ (Trend Micro Inc.) C:\Users\Carlos Luna\Downloads\HijackThis.exe
2021-10-19 12:08 - 2021-10-19 12:08 - 000004352 _____ C:\Windows\system32\Tasks\Opera GX scheduled assistant Autoupdate 1634663272
2021-10-19 05:27 - 2021-10-19 05:27 - 000284408 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2021-10-19 05:25 - 2021-10-19 05:25 - 000246952 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2021-10-19 02:18 - 2021-10-19 02:18 - 000057449 _____ C:\Windows\system32\NOTICE_mod
2021-10-18 22:48 - 2021-10-18 22:48 - 000909824 _____ (Farbar) C:\Users\Carlos Luna\Downloads\FSS.exe
2021-10-18 22:47 - 2021-10-18 22:48 - 201686784 _____ (SUPERAntiSpyware) C:\Users\Carlos Luna\Downloads\SUPERAntiSpyware.exe
2021-10-18 22:04 - 2021-10-21 19:46 - 000191832 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2021-10-17 02:19 - 2021-10-17 02:19 - 000000000 ____D C:\ProgramData\Emsisoft
2021-10-17 00:57 - 2021-10-17 00:57 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Carlos Luna\Downloads\rkill.exe
2021-10-14 14:58 - 2021-10-26 12:39 - 000004100 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1634241479
2021-10-14 14:58 - 2021-10-14 14:58 - 000001437 _____ C:\Users\Carlos Luna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser.lnk
2021-10-13 21:05 - 2021-10-13 21:06 - 000000083 _____ C:\Users\Carlos Luna\Documents\lista cosas.txt
2021-10-12 02:37 - 2021-10-12 02:37 - 000001085 _____ C:\Users\Carlos Luna\Desktop\Windows Media Player.lnk
2021-10-11 02:36 - 2021-10-11 02:36 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2021-10-11 02:35 - 2021-10-11 02:35 - 000000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2021-10-08 16:24 - 2021-10-08 16:24 - 000000000 ____D C:\.android
2021-10-08 04:10 - 2021-10-08 04:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 2.3
2021-10-08 04:10 - 2021-10-08 04:10 - 000000000 ____D C:\Program Files (x86)\Project64 3.0

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-01 13:10 - 2015-04-19 18:58 - 000007630 _____ C:\Users\Carlos Luna\AppData\Local\Resmon.ResmonCfg
2021-11-01 13:05 - 2021-09-26 13:30 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2021-11-01 11:06 - 2009-07-13 23:45 - 000023936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-11-01 11:06 - 2009-07-13 23:45 - 000023936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-11-01 11:01 - 2020-07-17 23:22 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-01 11:00 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-11-01 04:01 - 2014-06-22 19:37 - 000000000 ____D C:\Program Files (x86)\Steam
2021-10-31 23:43 - 2020-10-21 01:14 - 000000000 ____D C:\Program Files\Genshin Impact
2021-10-31 22:27 - 2017-05-05 20:31 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\discord
2021-10-31 22:18 - 2017-05-05 20:30 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\Discord
2021-10-31 14:14 - 2014-07-04 16:56 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\Adobe
2021-10-30 17:55 - 2014-08-07 03:52 - 000000132 _____ C:\Users\Carlos Luna\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2021-10-28 22:09 - 2016-04-14 00:33 - 000000000 ____D C:\Windows\pss
2021-10-28 18:29 - 2020-03-22 18:03 - 000689126 _____ C:\Windows\system32\perfh007.dat
2021-10-28 18:29 - 2020-03-22 18:03 - 000149098 _____ C:\Windows\system32\perfc007.dat
2021-10-28 18:29 - 2014-03-12 20:39 - 000745504 _____ C:\Windows\system32\perfh00A.dat
2021-10-28 18:29 - 2014-03-12 20:39 - 000158582 _____ C:\Windows\system32\perfc00A.dat
2021-10-28 18:29 - 2009-07-14 00:13 - 002514704 _____ C:\Windows\system32\PerfStringBackup.INI
2021-10-28 18:29 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2021-10-28 18:28 - 2018-08-09 13:46 - 000000000 ____D C:\Users\Carlos Luna\Documents\Hermanos
2021-10-25 20:23 - 2018-08-09 13:33 - 000000000 ____D C:\Users\Carlos Luna\Documents\Carlos
2021-10-25 19:58 - 2014-04-11 01:54 - 000000000 ____D C:\Users\Carlos Luna\Documents\My Games
2021-10-24 00:28 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2021-10-23 02:22 - 2021-08-02 01:56 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\vlc
2021-10-21 19:47 - 2020-03-13 03:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-10-21 19:47 - 2014-05-10 22:18 - 000000000 ____D C:\Program Files\Java
2021-10-21 02:15 - 2014-03-12 19:32 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\Adobe
2021-10-21 02:04 - 2021-03-11 21:40 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\Opera Software
2021-10-21 01:46 - 2015-10-24 19:03 - 000000000 ____D C:\Users\Carlos Luna\Downloads\Series
2021-10-20 23:09 - 2014-04-19 03:42 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-10-20 16:10 - 2009-01-01 01:05 - 000000000 ___RD C:\Program Files (x86)\ASUS
2021-10-19 05:17 - 2009-01-01 00:26 - 000154328 _____ C:\Users\Carlos Luna\AppData\Local\GDIPFONTCACHEV1.DAT
2021-10-19 02:57 - 2009-07-13 23:45 - 005165616 _____ C:\Windows\system32\FNTCACHE.DAT
2021-10-19 02:10 - 2014-11-29 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2021-10-19 02:10 - 2014-11-29 20:43 - 000000000 ____D C:\Program Files\CPUID
2021-10-19 02:07 - 2016-06-08 15:04 - 000000000 ____D C:\Program Files (x86)\Minecraft
2021-10-19 02:06 - 2014-04-19 03:17 - 000000000 ____D C:\ProgramData\Adobe
2021-10-19 02:03 - 2015-02-16 14:11 - 000000000 ____D C:\Program Files (x86)\Java
2021-10-18 22:24 - 2019-02-06 20:46 - 000000000 ____D C:\Windows\system32\DAX2
2021-10-18 22:23 - 2021-05-01 02:22 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2021-10-18 22:05 - 2015-10-24 19:03 - 000000000 ____D C:\Users\Carlos Luna\Downloads\Archives
2021-10-18 22:02 - 2014-03-12 20:50 - 000000000 ____D C:\Windows\system32\Tasks\Games
2021-10-18 21:56 - 2016-06-08 15:05 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\.minecraft
2021-10-18 14:41 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2021-10-14 14:56 - 2016-01-14 23:46 - 000000000 ____D C:\Users\Carlos Luna\AppData\Roaming\Opera Software
2021-10-12 00:06 - 2009-01-01 03:16 - 000000000 ____D C:\Windows\Panther
2021-10-11 02:35 - 2009-07-14 02:45 - 000000000 ___RD C:\Users\Public\Recorded TV
2021-10-11 02:14 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-10-10 23:03 - 2021-08-30 00:49 - 000000995 _____ C:\Users\Carlos Luna\Desktop\Genshin Impact.lnk
2021-10-10 23:03 - 2020-10-21 01:14 - 000000000 ____D C:\Users\Carlos Luna\AppData\Local\miHoYo
2021-10-10 23:03 - 2020-10-21 01:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genshin Impact
2021-10-10 13:31 - 2014-03-12 20:50 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2021-10-10 01:13 - 2009-07-14 00:08 - 000032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2021-10-08 16:24 - 2014-07-08 15:40 - 000000000 ____D C:\ProgramData\Apple
2021-10-08 03:55 - 2015-01-14 14:34 - 000000000 ____D C:\Users\Carlos Luna\Downloads\Zips
2021-10-03 02:51 - 2014-05-07 05:49 - 000000000 ____D C:\Users\Carlos Luna\AppData\LocalLow\Temp

==================== Files in the root of some directories ========

2014-10-07 03:30 - 2016-03-28 23:20 - 000000132 _____ () C:\Users\Carlos Luna\AppData\Roaming\Prefs. de formato OpenEXR de Adobe CS6
2014-08-07 03:52 - 2021-10-30 17:55 - 000000132 _____ () C:\Users\Carlos Luna\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2016-02-15 18:17 - 2017-09-18 11:15 - 002447075 _____ () C:\Users\Carlos Luna\AppData\Roaming\PS13_panel.log
2020-06-26 00:10 - 2020-06-26 00:10 - 000000045 _____ () C:\Users\Carlos Luna\AppData\Roaming\WB.CFG
2016-08-03 21:50 - 2017-09-17 09:56 - 000001456 _____ () C:\Users\Carlos Luna\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2021-01-10 12:03 - 2021-01-10 12:04 - 000000774 _____ () C:\Users\Carlos Luna\AppData\Local\install_info.txt
2015-08-07 11:17 - 2015-08-07 11:17 - 013545694 _____ () C:\Users\Carlos Luna\AppData\Local\package.nw.new
2018-08-31 01:09 - 2018-12-29 02:20 - 000000600 _____ () C:\Users\Carlos Luna\AppData\Local\PUTTY.RND
2015-04-19 18:58 - 2021-11-01 13:10 - 000007630 _____ () C:\Users\Carlos Luna\AppData\Local\Resmon.ResmonCfg
2019-10-18 02:55 - 2020-07-25 01:51 - 000000077 _____ () C:\Users\Carlos Luna\AppData\Local\update_progress.txt
2019-12-06 23:13 - 2019-12-06 23:13 - 000017408 _____ () C:\Users\Carlos Luna\AppData\Local\WebpageIcons.db
2018-06-21 16:19 - 2018-06-21 16:19 - 000000000 _____ () C:\Users\Carlos Luna\AppData\Local\{A194310A-E09D-4DA5-9E3E-1171E9EEAB3E}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[Carlosh]

And this one is the Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2021
Ran by Carlos Luna (01-11-2021 15:36:03)
Running from C:\Users\Carlos Luna\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X64) (2009-01-01 05:23:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2305226654-651215044-733858041-500 - Administrator - Disabled)
Carlos Luna (S-1-5-21-2305226654-651215044-733858041-1000 - Administrator - Enabled) => C:\Users\Carlos Luna
Guest (S-1-5-21-2305226654-651215044-733858041-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2305226654-651215044-733858041-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 3.9.6 - Mirillis)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.465 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.171 - Adobe)
Autodesk Maya 2015 SP2 (HKLM\...\Autodesk Maya 2015 SP2) (Version: 15.2.1633.0 - Autodesk)
Autodesk Maya 2016 SP1 (HKLM\...\Autodesk Maya 2016 SP1) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP2 (HKLM\...\Autodesk Maya 2016 SP2) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP3 (HKLM\...\Autodesk Maya 2016 SP3) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP3P02 (HKLM\...\Autodesk Maya 2016 SP3P02) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP4 (HKLM\...\Autodesk Maya 2016 SP4) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP4P04 (HKLM\...\Autodesk Maya 2016 SP4P04) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP4P05 (HKLM\...\Autodesk Maya 2016 SP4P05) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP5 (HKLM\...\Autodesk Maya 2016 SP5) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP5P06 (HKLM\...\Autodesk Maya 2016 SP5P06) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP5P07 (HKLM\...\Autodesk Maya 2016 SP5P07) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP5P08 (HKLM\...\Autodesk Maya 2016 SP5P08) (Version: 16.6.2775.0 - Autodesk) Hidden
Autodesk Maya 2016 SP6 (HKLM\...\Autodesk Maya 2016 SP6) (Version: 16.6.2775.0 - Autodesk)
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.3.70.1004 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Corel Update Manager (HKLM\...\{9E1EE683-0C7B-46E7-83EC-1F5A1D8F2296}) (Version: 2.9.389 - Corel corporation) Hidden
CorelDRAW Graphics Suite 2017 - IPM (x64) (HKLM\...\{904B10A6-0D9C-4645-9C61-504FA92B9220}) (Version: 19.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - IPM Content (x64) (HKLM\...\{54F024CB-16AF-4CC0-9BC2-D2507E7C6C01}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - Writing Tools (x64) (HKLM\...\{E38357D4-1B80-400F-A6D7-B4D5DD83D979}) (Version: 19.1 - Corel Corporation) Hidden
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
CrystalDiskInfo 7.6.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.6.1 - Crystal Dew World)
Discord (HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{8CAF0391-512D-485C-B141-39D89E7EDCA8}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.12.1.0 - miHoYo Co.,Ltd)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{557D160E-2085-4D38-BDA3-1D5D3F74A3A4}) (Version: 6.0.4 - Intel Corporation)
Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 4.8 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.8.106.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Research Mesh Virtual WIFI (HKLM-x32\...\{034A32D5-699E-4AED-A2EB-2CCB6E7F37F1}) (Version: 1.0.000 - Microsoft Research)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
NVIDIA Graphics Driver 451.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 451.67 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.34 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Opera GX Stable 80.0.4170.61 (HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\Opera GX 80.0.4170.61) (Version: 80.0.4170.61 - Opera Software)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Project64 version 3.0.1.5664 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 3.0.1.5664 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.7 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
UE4 Prerequisites (x86) (HKLM-x32\...\{6EAAE1C0-6000-45FA-B46D-D206144925BF}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x86) (HKLM-x32\...\{f1203e43-4ddb-4280-974e-73f14d793dbd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
WO Mic Client (HKLM-x32\...\WOMic) (Version: - )
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2305226654-651215044-733858041-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305226654-651215044-733858041-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305226654-651215044-733858041-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305226654-651215044-733858041-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305226654-651215044-733858041-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305226654-651215044-733858041-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6718864 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4220304 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2004-12-26] () [File not signed]
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [AutopanoShell.ShellContextMenu] -> {4B4F4C4F-5220-4798-ABF3-EC03F7C8A498} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2004-12-26] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2020-07-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2004-12-26] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\system32\ficvdec_x64.dll [652288 2013-05-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2009-01-01 01:06 - 2021-11-01 11:00 - 000034448 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2021-05-01 02:09 - 2013-04-26 10:24 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 000173568 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\imageformats\qjpeg4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 001807360 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtCLucene4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 003276288 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtCore4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 012168192 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtGui4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 000750080 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtHelp4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 001085952 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtNetwork4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 000841728 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtOpenGL4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 001990144 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtScript4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 000897024 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtSql4.dll
2014-02-27 17:43 - 2014-02-27 17:43 - 000539136 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Logitech Gaming Software\QtXml4.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Carlos Luna\Cookies:9uiptag9KhjXpJROea9BnnRVF [1826]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dump_3D569C04.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ms3D569C04App => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dump_3D569C04.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ms3D569C04App => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2305226654-651215044-733858041-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp//latam.msn.com/?ocid=iehp
HKU\S-1-5-21-2305226654-651215044-733858041-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//www.google.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2305226654-651215044-733858041-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-2305226654-651215044-733858041-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll [2021-10-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-10-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-2305226654-651215044-733858041-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp//fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.

IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2305226654-651215044-733858041-1000\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-10-18 22:12 - 2021-10-18 22:12 - 000000833 ____R C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-2305226654-651215044-733858041-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Carlos Luna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.48.225.146 - 200.48.225.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: ACTION_SVC => 3
MSCONFIG\Services: AdAppMgrSvc => 2
MSCONFIG\Services: Foundry License Server => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RLM => 2
MSCONFIG\Services: Rockstar Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: vgc => 3
MSCONFIG\Services: WTabletServiceCon => 2

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{26BF10EE-1D79-4107-B72C-C9B0B6530348}] => (Allow) C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\80.0.4170.48\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{5CB41C60-5184-4DE4-97E7-47A8CE3C61C2}C:\program files (x86)\womic\womicclient.exe] => (Allow) C:\program files (x86)\womic\womicclient.exe () [File not signed]
FirewallRules: [UDP Query User{C4B58CE0-9B62-4529-B69B-189EF82CB167}C:\program files (x86)\womic\womicclient.exe] => (Allow) C:\program files (x86)\womic\womicclient.exe () [File not signed]
FirewallRules: [TCP Query User{53066240-262C-4D89-AD40-374FC9C37118}C:\users\carlos luna\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\carlos luna\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{4FE1146C-6B94-4A3F-B3B9-03B3D4234638}C:\users\carlos luna\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\carlos luna\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{DFCFD19C-91C2-40C7-946E-3EE01B712C2E}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{6A80C201-3B27-4588-98EE-E01BBA7533C3}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{36077DE1-8476-401E-8EA6-52CBF9065A7D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D025ADD2-4276-4691-B046-73FA0D984488}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{586D1D22-7153-4987-97D8-B77472B9AF71}C:\program files\epic games\amongus\among us.exe] => (Allow) C:\program files\epic games\amongus\among us.exe () [File not signed]
FirewallRules: [UDP Query User{CC6FE1C3-7381-4122-8B0F-95493109FF5E}C:\program files\epic games\amongus\among us.exe] => (Allow) C:\program files\epic games\amongus\among us.exe () [File not signed]
FirewallRules: [{3BDD0093-9E93-4FDA-938C-6F8CC931654F}] => (Allow) C:\Users\Carlos Luna\AppData\Local\Programs\Opera GX\80.0.4170.61\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{5CBDF2E0-CB20-4AE0-9BA2-CE78F6BDF0AE}C:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) C:\program files\genshin impact\genshin impact game\genshinimpact.exe (miHoYo Co.,Ltd. -> )
FirewallRules: [UDP Query User{985CB71C-5064-4898-8B6F-1A4B83F251E0}C:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) C:\program files\genshin impact\genshin impact game\genshinimpact.exe (miHoYo Co.,Ltd. -> )
FirewallRules: [{9BCB1DAC-4A40-44C1-BA83-D5E1CF1DD096}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RISK Global Domination\RISK.exe () [File not signed]
FirewallRules: [{2D9C3240-87F7-414B-A498-1A6238A99B0D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RISK Global Domination\RISK.exe () [File not signed]
FirewallRules: [TCP Query User{01F7E6D7-6831-4E02-AC98-14FC7C0AC9C8}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe () [File not signed]
FirewallRules: [UDP Query User{53A32A65-3F71-4320-9C6C-D832023AA22C}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{0E255199-C3C4-4F02-88FD-FC94100871C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Action Taimanin\ActionTaimanin.exe () [File not signed]
FirewallRules: [{FD9C28AB-F010-407B-B017-0D6B689E01CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Action Taimanin\ActionTaimanin.exe () [File not signed]

==================== Restore Points =========================

30-10-2021 16:44:02 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: BlueStacks Hypervisor
Description: BlueStacks Hypervisor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BlueStacksDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: BigNox Service
Description: BigNox Service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: YSDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: AMSDK Driver
Description: AMSDK Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: amsdk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ehdrv
Description: ehdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ehdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: epfw
Description: epfw
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: epfw
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: epfwwfp
Description: epfwwfp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: epfwwfp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/31/2021 04:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HD-Player.exe, version: 5.3.70.1004, time stamp: 0x614976f6
Faulting module name: Qt5Core.dll, version: 5.15.4.0, time stamp: 0x608bce4d
Exception code: 0xc0000005
Fault offset: 0x00000000001d606b
Faulting process id: 0xa60
Faulting application start time: 0x01d7ce8c1125a165
Faulting application path: C:\Program Files\BlueStacks_nxt\HD-Player.exe
Faulting module path: C:\Program Files\BlueStacks_nxt\Qt5Core.dll
Report Id: 3c2b7ce1-3a93-11ec-83d3-d850e63c46b2

Error: (10/23/2021 09:29:35 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT AUTHORITY)
Description: Application or service 'Epic Online Services local application.' could not be shut down.

Error: (10/23/2021 08:11:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HD-Player.exe, version: 5.3.70.1004, time stamp: 0x614976f6
Faulting module name: HD-Player.exe, version: 5.3.70.1004, time stamp: 0x614976f6
Exception code: 0xc0000005
Fault offset: 0x0000000000031409
Faulting process id: 0x874
Faulting application start time: 0x01d7c86b27659c15
Faulting application path: C:\Program Files\BlueStacks_nxt\HD-Player.exe
Faulting module path: C:\Program Files\BlueStacks_nxt\HD-Player.exe
Report Id: 4be535b1-3467-11ec-b7f3-d850e63c46b2

Error: (10/19/2021 06:16:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AntiMalware.exe, version: 3.2.28.0, time stamp: 0x60633416
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb7f5
Exception code: 0xe0434352
Fault offset: 0x0000c5af
Faulting process id: 0x1260
Faulting application start time: 0x01d7c4dab20fd0e2
Faulting application path: C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: f139c231-30cd-11ec-ac98-d850e63c46b2

Error: (10/19/2021 06:16:01 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AntiMalware.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
at Zemana.AntiMalware.UI.Program.Main(System.String[])

Error: (10/19/2021 06:01:08 AM) (Source: AntiMalware) (EventID: 0) (User: )
Description: Application has encountered a problem and needs to be closed. Please contact the adminstrator with the following information:

System.ComponentModel.Win32Exception (0x80004005): Error creating window handle.
at System.Windows.Forms.NativeWindow.CreateHandle(CreateParams cp)
at System.Windows.Forms.Control.CreateHandle()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.ControlCollection.Add(Control value)
at Zemana.AntiMalware.UI.Services.ScanPanelController.<>c__DisplayClass12_0.<AddScanFailedPanel>b__0(Panel pnl) in Z:\Projects\Zemana AntiMalware Staging\Zemana.AntiMalware.UI\Services\ScanPanelController.cs:line 73Error creating window handle.

Stack Trace:
at System.Windows.Forms.NativeWindow.CreateHandle(CreateParams cp)
at System.Windows.Forms.Control.CreateHandle()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.ControlCollection.Add(Control value)
at Zemana.AntiMalware.UI.Services.ScanPanelController.<>c__DisplayClass12_0.<AddScanFailedPanel>b__0(Panel pnl) in Z:\Projects\Zemana AntiMalware Staging\Zemana.AntiMalware.UI\Services\ScanPanelController.cs:line 73

Error: (10/19/2021 05:17:10 AM) (Source: MsiInstaller) (EventID: 1013) (User: 1989AH)
Description: Product: SuspendedBypass -- <<29017>>

Error: (10/19/2021 05:16:39 AM) (Source: MsiInstaller) (EventID: 11704) (User: 1989AH)
Description: Product: SuspendedBypass -- Error 1704. <<1704>>


System errors:
=============
Error: (11/01/2021 03:40:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (11/01/2021 11:00:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ehdrv
epfw
YSDrv

Error: (11/01/2021 11:00:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Hypervisor service failed to start due to the following error:
The system cannot find the path specified.

Error: (11/01/2021 04:59:03 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (11/01/2021 02:48:33 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (11/01/2021 02:48:33 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (11/01/2021 02:48:32 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (11/01/2021 02:48:31 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.


Windows Defender:
================
Date: 2016-05-08 05:04:37.251
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2016-02-03 02:42:01.148
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/SupTab&threatid=214126
Name:BrowserModifier:Win32/SupTab
Severity:High
Category:Browser Modifier
Path Found:file:C:\Program Files (x86)\TData\DuiLib.dll;file:C:\Program Files (x86)\TData\MCfig.ini;file:C:\Program Files (x86)\TData\msvcp110.dll;file:C:\Program Files (x86)\TData\msvcr110.dll;file:C:\Program Files (x86)\TData\Raydld.exe;file:C:\Program Files (x86)\TData\skin\About.xml;file:C:\Program Files (x86)\TData\skin\about_banner.png;file:C:\Program Files (x86)\TData\skin\animate_history.png;file:C:\Program Files (x86)\TData\skin\animate_portal.png;file:C:\Program Files (x86)\TData\skin\animate_recent.png;file:C:\Program Files (x86)\TData\skin\big_button_down.png;file:C:\Program Files (x86)\TData\skin\bk_shadow.png;file:C:\Program Files (x86)\TData\skin\bottom_toolbar_bk.png;file:C:\Program Files (x86)\TData\skin\brower_back.png;file:C:\Program Files (x86)\TData\skin\brower_refresh.png;file:C:\Program Files (x86)\TData\skin\btn.png;file:C:\Program Files (x86)\TData\skin\btn_browser_dir.png;file:C:\Program Files (x86)\TData\skin\ck_box.png;file:C:\Program Files (x86)\TData\skin\ck_check.png;file:C:\Program Files
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:

Date: 2016-02-03 02:11:35.241
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
BrowserModifier:Win32/SupTab threat description - Microsoft Security Intelligence
Name:BrowserModifier:Win32/SupTab
Severity:High
Category:Browser Modifier
Path Found:file:C:\Program Files (x86)\TData\DuiLib.dll;file:C:\Program Files (x86)\TData\MCfig.ini;file:C:\Program Files (x86)\TData\msvcp110.dll;file:C:\Program Files (x86)\TData\msvcr110.dll;file:C:\Program Files (x86)\TData\Raydld.exe;file:C:\Program Files (x86)\TData\skin\About.xml;file:C:\Program Files (x86)\TData\skin\about_banner.png;file:C:\Program Files (x86)\TData\skin\animate_history.png;file:C:\Program Files (x86)\TData\skin\animate_portal.png;file:C:\Program Files (x86)\TData\skin\animate_recent.png;file:C:\Program Files (x86)\TData\skin\big_button_down.png;file:C:\Program Files (x86)\TData\skin\bk_shadow.png;file:C:\Program Files (x86)\TData\skin\bottom_toolbar_bk.png;file:C:\Program Files (x86)\TData\skin\brower_back.png;file:C:\Program Files (x86)\TData\skin\brower_refresh.png;file:C:\Program Files (x86)\TData\skin\btn.png;file:C:\Program Files (x86)\TData\skin\btn_browser_dir.png;file:C:\Program Files (x86)\TData\skin\ck_box.png;file:C:\Program Files (x86)\TData\skin\ck_check.png;file:C:\Program Files
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2016-02-03 02:10:32.255
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
BrowserModifier:Win32/SupTab threat description - Microsoft Security Intelligence
Name:BrowserModifier:Win32/SupTab
Severity:High
Category:Browser Modifier
Path Found:file:C:\Program Files (x86)\TData\TData.exe;processid:3380,ProcessStart:130989568244561237
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2016-02-03 00:26:57.463
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
BrowserModifier:Win32/SupTab threat description - Microsoft Security Intelligence
Name:BrowserModifier:Win32/SupTab
Severity:High
Category:Browser Modifier
Path Found:file:C:\Program Files (x86)\TData\DuiLib.dll;file:C:\Program Files (x86)\TData\MCfig.ini;file:C:\Program Files (x86)\TData\msvcp110.dll;file:C:\Program Files (x86)\TData\msvcr110.dll;file:C:\Program Files (x86)\TData\Raydld.exe;file:C:\Program Files (x86)\TData\skin\About.xml;file:C:\Program Files (x86)\TData\skin\about_banner.png;file:C:\Program Files (x86)\TData\skin\animate_history.png;file:C:\Program Files (x86)\TData\skin\animate_portal.png;file:C:\Program Files (x86)\TData\skin\animate_recent.png;file:C:\Program Files (x86)\TData\skin\big_button_down.png;file:C:\Program Files (x86)\TData\skin\bk_shadow.png;file:C:\Program Files (x86)\TData\skin\bottom_toolbar_bk.png;file:C:\Program Files (x86)\TData\skin\brower_back.png;file:C:\Program Files (x86)\TData\skin\brower_refresh.png;file:C:\Program Files (x86)\TData\skin\btn.png;file:C:\Program Files (x86)\TData\skin\btn_browser_dir.png;file:C:\Program Files (x86)\TData\skin\ck_box.png;file:C:\Program Files (x86)\TData\skin\ck_check.png;file:C:\Program Files
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:C:\Windows\System32\svchost.exe

Date: 2015-09-16 13:10:27.854
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

==================== Memory info ===========================

BIOS: American Megatrends Inc. 2003 10/15/2014
Motherboard: ASUSTeK COMPUTER INC. H87-PLUS
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 40%
Total physical RAM: 8130.46 MB
Available physical RAM: 4868.57 MB
Total Virtual: 16259.06 MB
Available Virtual: 10842.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:458.18 GB) NTFS
Drive h: (CarlosLuna) (Fixed) (Total:465.76 GB) (Free:253.9 GB) NTFS

\\?\Volume{6f327824-d7c3-11dd-893f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 319F4949)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 844382C4)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 

[DR M]

Hi, Carlosh.

Let's move on.

1. Uninstall programs

1.1. Adobe Flash Player

Adobe Flash Player is no longer supported and being installed in your computer consists a security risk.

1.2. Java

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads. UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Note: If you really want Java, please install the latest version at the end of the cleaning procedure.

1.3. CPUID CPU-Z 1.71.1

No publisher is detected for this program and it seems suspicious.


To uninstall those programs:

• Press the Windows Key + R.
• Type appwiz.cpl in the Run box and click OK.
• The Add/Remove Programs list will open. Locate the following programs on the list:

Adobe Flash Player 32 ActiveX
Adobe Flash Player 32 NPAPI
Adobe Flash Player 32 PPAPI
Java 8 Update 311
CPUID CPU-Z 1.71.1

• Select the above programs, one by one, and click Uninstall.
• Restart the computer at the end of the procedure.

2. Completely uninstall Eset

Follow the instructions here to download the Eset Uninstaller and completely remove any remnants from your computer.


3. Fresh FRST logs

Please provide fresh FRST logs after you uninstall the above programs. Please make sure, before click on the Scan button, to check the the 90 Days Files option, under the section of the Optional Scans.