Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2026
Ran by peter (administrator) on CHO (Micro-Star International Co., Ltd. GS65 Stealth Thin 8RF) (24-02-2026 03:01:03)
Running from C:\Users\peter\Desktop\FRST64.exe
Loaded Profiles: peter
Platform: Microsoft Windows 10 Home Version 22H2 19045.6466 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ) (Malwarebytes Inc Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe (drivers\RivetNetworks\Killer\KSPSService.exe ) (Intel Corporation Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\KSPS.exe (DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe ) (Intel Corporation Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe (explorer.exe ) (Microsoft Corporation Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11> (Intel(R) Rapid Storage Technology Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(services.exe) () [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe (services.exe ) () [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(services.exe) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe (services.exe ) (Google LLC Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\145.0.7632.25\remoting_host.exe <2> (services.exe ) (Intel Corporation Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe (services.exe ) (Intel Corporation Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe (services.exe ) (Intel Corporation Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe (services.exe ) (Intel Corporation Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe (services.exe ) (Intel Corporation Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe (services.exe ) (Intel Corporation Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe (services.exe ) (Intel Corporation Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe (services.exe ) (Intel Corporation Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\KSPSService.exe (services.exe ) (Intel(R) Rapid Storage Technology Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (services.exe ) (Malwarebytes Inc Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ) (Microsoft Corporation Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ) (Micro-Star International CO., LTD. ) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe (services.exe ) (Micro-Star International CO., LTD. Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe (services.exe ) (Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\SCM\MSIService.exe
(services.exe) (NVIDIA Corporation NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe) (NVIDIA Corporation NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_7b850875618e1cb3\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe) (PORTRAIT DISPLAYS, INC. Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(services.exe) (Realtek Semiconductor Corp. Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2a44e4b4c6ebcd5d\RtkAudUService64.exe <2>
(services.exe) (SteelSeries France SASU Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe) (Synaptics Incorporated Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(SteelSeries France SASU A-Volute) C:\Users\peter\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (svchost.exe ) (21E1B422-257A-44A2-9C8F-379165856473 ) C:\Program Files\WindowsApps\A-Volute.Nahimic_1.10.9.0_x64__w2gh52qy24etm\Nahimic3.exe (svchost.exe ) (Microsoft Windows Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ) (Microsoft Windows Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (svchost.exe ) (Microsoft Windows Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ) (Microsoft Windows Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (svchost.exe ) (Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
(svchost.exe) (SteelSeries France SASU Nahimic) C:\Windows\System32\NahimicSvc64.exe
(svchost.exe) (SteelSeries France SASU Nahimic) C:\Windows\SysWOW64\NahimicSvc32.exe
(Synaptics Incorporated Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe (SynTPEnhService.exe ) (Synaptics Incorporated Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2018-02-13] (Intel(R) Rapid Storage Technology Intel Corporation)
HKLM...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2a44e4b4c6ebcd5d\RtkAudUService64.exe [3070416 2025-07-02] (Realtek Semiconductor Corp. Realtek Semiconductor) HKLM...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [302360 2017-11-14] (Micro-Star International CO., LTD. ) [File not signed]
HKLM...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [5870416 2017-11-29] (PORTRAIT DISPLAYS, INC. Portrait Displays, Inc.) HKLM...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [4147608 2026-02-12] (Riot Games, Inc. Riot Games, Inc.)
HKLM-x32...\Run: [Genshin Impact_Launcher] => [X]
HKLM-x32...\Run: [Honkai Impact 3rd_Launcher] => [X]
HKLM-x32...\Run: [Genshin Impact_launcher__1_1] => [X]
HKLM-x32...\Run: [Honkai Impact 3rd_launcher__1_1] => [X]
HKLM-x32...\Run: [Star Rail_launcher_hoyoverse_PC_1_1] => [X]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3770983433-3408265141-2813071809-1001...\Run: [Spotify] => C:\Users\peter\AppData\Roaming\Spotify\Spotify.exe [25726696 2022-04-07] (Spotify AB Spotify Ltd) HKU\S-1-5-21-3770983433-3408265141-2813071809-1001...\Run: [Norton Download Manager{NS22150088-SHPD-FSD5140133}] => C:\Users\Public\Downloads\Norton{NS22150088-SHPD-FSD5140133}\FSDUI_Custom.exe /m /SHOWONECLICK /WIN10_UPGRADE "C:\Users\peter\AppData\Local\Temp{B2A1B8FA-8342-4F39-9F49-203F0906919E}\Upgrade.exe" (No File) <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] C:\Program Files (x86)\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2026-01-30] (Google LLC Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] C:\Program Files (x86)\Google\Chrome\Application\145.0.7632.109\Installer\chrmstp.exe [2026-02-19] (Google LLC Google LLC) Startup: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\watchhost.lnk [2026-02-22] <==== ATTENTION
ShortcutTarget: watchhost.lnk E:\Fitegirlpackgamesinstallationsetup\TEKKEN 8\tekkenupdatev2.08.3parts\data.temp\Vs1NM5aYV.exe (No File) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother iPSMonitor.lnk [2024-10-14]
ShortcutTarget: Brother iPSMonitor.lnk C:\Program Files (x86)\Brother\iPrint&Scan\IPSMONITOR\iPSMonitor.exe (iPSMonitor) [File not signed] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FxSound.lnk [2025-09-06]
ShortcutTarget: FxSound.lnk C:\Program Files\FxSound LLC\FxSound\FxSound.exe (FxSound, LLC FxSound LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {AA439D7D-AC13-40DC-AAE1-22C0975A0B38} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon Center\DragonCenter_Updater.exe DragonCenter
Task: {BCCADD4F-EB46-453D-9F48-F77783057ED3} - System32\Tasks\FxSound\Update => C:\Program Files\FxSound LLC\FxSound\updater.exe [1675152 2025-06-28] (FxSound, LLC FxSound LLC) Task: {D4447783-4126-4CEC-9C71-3A83CB9D044D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem144.0.7547.0{14C5909C-8285-4F44-B40B-904196900A83} => C:\Program Files (x86)\Google\GoogleUpdater\144.0.7547.0\updater.exe [7056536 2025-11-26] (Google LLC Google LLC)
Task: {BEBE1C48-ACF2-44A6-90B9-75465B77BC7B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW Intel Corporation) Task: {C600932F-D9CF-4CCA-87EC-6A1674931A61} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW Intel Corporation)
Task: {6DDE3A83-95F8-40B6-99BC-349A263F065E} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW Intel Corporation) Task: {07436D64-38CE-4C99-9B99-52517017833B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2302184 2018-02-27] (Intel(R) Client Connectivity Division SW Intel Corporation) C:\Program Files (x86)\Intel\Thunderbolt Software\ConditionalServiceStart Task: {DDAB5A0D-4C73-452B-B972-411FA522572E} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows Microsoft Corporation) C:\Program Files (x86)\Intel\Thunderbolt Software\start ThunderboltService Task: {517ACE94-22FF-40A4-AD9F-E2216D563CF9} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [6255104 2020-05-06] (Micro-Star International Co., Ltd.) [File not signed]
Task: {FB654E5C-34DF-40F0-9632-7DA604C04C9A} - System32\Tasks\MSISCMTsk => C:\Program Files (x86)\MSI\MSI Remind Manager\MSISCMTsk.exe [344184 2020-02-13] (Micro-Star International CO., LTD. Application)
Task: {28B0A3C5-C730-4567-B107-0E19630915FE} - System32\Tasks\NahimicSvc32Run => C:\WINDOWS\SysWOW64\NahimicSvc32.exe [1118128 2024-06-21] (SteelSeries France SASU Nahimic) Task: {00AC1AF3-56BF-492B-9F6F-3B64D6049D2A} - System32\Tasks\NahimicSvc64Run => C:\WINDOWS\system32\NahimicSvc64.exe [1438128 2024-06-21] (SteelSeries France SASU Nahimic)
Task: {98C4C956-A4F4-4458-896E-27119420047B} - System32\Tasks\NahimicTask32 => C:\Windows\System32..\SysWOW64\NahimicSvc32.exe [1118128 0] (SteelSeries France SASU Nahimic) Task: {EBCDA33A-A9E6-4706-8C3D-9020C420806C} - System32\Tasks\NahimicTask64 => C:\Windows\System32.\NahimicSvc64.exe [1438128 0] (SteelSeries France SASU Nahimic)
Task: {E88DDED8-7142-4F7F-851A-0B624FB168AE} - System32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA App.exe [3324528 2025-10-15] (NVIDIA Corporation NVIDIA Corporation) Task: {7F224861-49A2-40D2-859E-13C42057C682} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA Corporation NVIDIA Corporation)
Task: {2B8ACB48-7DAA-4B60-BD35-ED810A7D42B1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA Corporation NVIDIA Corporation) Task: {1CB223A7-22DD-42FB-B1BC-582298D2B220} - System32\Tasks\RNIdle Task => C:\Windows\System32\drivers\RivetNetworks\Killer\RNIdleTask.exe [31640 2024-05-14] (Intel Corporation -> )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip..\Interfaces{315e584d-ba31-4b96-8e22-9d3a81733d4c}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip..\Interfaces{315e584d-ba31-4b96-8e22-9d3a81733d4c}: [DhcpDomain] hsd1.ca.comcast.net
Tcpip..\Interfaces{454b3ebf-310a-48b3-857b-63fe7b1208f7}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip..\Interfaces{454b3ebf-310a-48b3-857b-63fe7b1208f7}: [DhcpDomain] hsd1.ca.comcast.net
Tcpip..\Interfaces{454b3ebf-310a-48b3-857b-63fe7b1208f7}\34F6D63616374723E243: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip..\Interfaces{454b3ebf-310a-48b3-857b-63fe7b1208f7}\34F6D63616374723E243: [DhcpDomain] hsd1.ca.comcast.net
Tcpip..\Interfaces{454b3ebf-310a-48b3-857b-63fe7b1208f7}\856696E6964797130313D223E243: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip..\Interfaces{454b3ebf-310a-48b3-857b-63fe7b1208f7}\856696E6964797130313D223E243: [DhcpDomain] hsd1.ca.comcast.net
Tcpip..\Interfaces{454b3ebf-310a-48b3-857b-63fe7b1208f7}\856696E6964797130313D253: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip..\Interfaces{454b3ebf-310a-48b3-857b-63fe7b1208f7}\856696E6964797130313D253: [DhcpDomain] hsd1.ca.comcast.net

Edge:

Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2026-02-24]
Edge Extension: (Google Docs Offline) - C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2026-02-24]
Edge Extension: (Edge relevant text changes) - C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2026-02-24]

Chrome:

CHR DefaultProfile: Profile 3
CHR Profile: C:\Users\peter\AppData\Local\Google\Chrome\User Data\Guest Profile [2026-02-24]
CHR Profile: C:\Users\peter\AppData\Local\Google\Chrome\User Data\Profile 3 [2026-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2026-02-22]
CHR Profile: C:\Users\peter\AppData\Local\Google\Chrome\User Data\System Profile [2026-02-24]
CHR HKLM...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [3386064 2026-02-14] (Blizzard Entertainment, Inc. Blizzard Entertainment)
R2 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [500736 2024-05-31] (Brother Industries, Ltd.) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\145.0.7632.25\remoting_host.exe [74392 2026-01-27] (Google LLC Google LLC) S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [20446368 2026-02-21] (Electronic Arts, Inc. Electronic Arts)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [959216 2025-12-24] (EasyAntiCheat Oy Epic Games, Inc.) S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-02-10] (Epic Games Inc. Epic Games, Inc.)
S3 KAPSService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KAPSService.exe [78240 2024-05-14] (Intel Corporation Intel® Corporation) R2 Killer Analytics Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2354584 2024-05-14] (Intel Corporation Intel)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2629936 2024-05-14] (Intel Corporation Intel) S2 Killer Provider Data Helper Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerProviderDataHelperService.exe [1088304 2024-05-14] (Intel Corporation Intel)
R2 KillerSmartphoneSleepService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KSPSService.exe [77616 2024-05-14] (Intel Corporation Rivet Networks, LLC.) S3 KNDBWM; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [78128 2024-05-14] (Intel Corporation Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [11287744 2026-02-23] (Malwarebytes Inc Malwarebytes) S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2026-02-23] (Malwarebytes Inc. Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpDefenderCoreService.exe [2067464 2026-02-10] (Microsoft Windows Publisher Microsoft Corporation) R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2017-11-14] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe [47568 2018-10-29] (Micro-Star International CO., LTD. Micro-Star International Co., Ltd.)
R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [192848 2017-11-29] (PORTRAIT DISPLAYS, INC. Portrait Displays, Inc.) R2 NahimicService; C:\WINDOWS\System32\NahimicService.exe [1910704 2024-06-21] (SteelSeries France SASU Nahimic)
S3 NGS; C:\WINDOWS\NGService.exe [2994248 2018-10-16] (NEXON Korea Corporation. NEXON Korea Corporation) R2 Sendevsvc; C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe [302888 2019-01-30] (Micro-Star International CO., LTD. ) [File not signed]
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [11776 2024-08-19] () [File not signed]
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [55806032 2026-02-12] (Riot Games, Inc. Riot Games, Inc.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\NisSrv.exe [4435096 2026-02-10] (Microsoft Windows Publisher Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MsMpEng.exe [290744 2026-02-10] (Microsoft Windows Publisher Microsoft Corporation) R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [18944 2024-08-19] () [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_7b850875618e1cb3\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_7b850875618e1cb3\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACE-BASE; C:\WINDOWS\system32\drivers\ACE-BASE.sys [3218536 2025-09-17] (Microsoft Windows Hardware Compatibility Publisher ANTICHEATEXPERT.COM)
S3 ACE-GAME; C:\WINDOWS\system32\drivers\ACE-GAME.sys [772640 2022-03-14] (HIGH MORALE DEVELOPMENTS LIMITED ANTICHEATEXPERT.COM)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [76800 2019-12-07] (Microsoft Corporation) [File not signed]
S3 EQU8_HELPER_19; C:\WINDOWS\system32\DRIVERS\EQU8_HELPER_19.sys [38032 2021-06-09] (Int3 Software AB )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [159296 2026-02-23] (Microsoft Windows Hardware Compatibility Publisher Malwarebytes) R3 FXVAD; C:\WINDOWS\system32\drivers\fxvad.sys [326656 2024-12-24] (Microsoft Windows Hardware Compatibility Publisher Windows (R) Win 7 DDK provider)
S3 HoYoProtect; C:\WINDOWS\system32\HoYoKProtect.sys [3925168 2025-11-26] (Microsoft Windows Hardware Compatibility Publisher miHoYo) R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [248624 2024-05-14] (Intel Corporation Rivet Networks, LLC.)
S3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [82352 2026-02-10] (Microsoft Windows Microsoft Corporation) S3 ksophon_x64; C:\WINDOWS\system32\drivers\ksophon_x64.sys [9966728 2022-08-12] (PROXIMA BETA PTE. LIMITED PROXIMA BETE)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234600 2026-02-23] (Microsoft Windows Hardware Compatibility Publisher Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2026-02-23] (Microsoft Windows Early Launch Anti-malware Publisher Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\Drivers\farflt.sys [212584 2026-02-23] (Microsoft Windows Hardware Compatibility Publisher Malwarebytes) R3 MBAMProtection; C:\WINDOWS\System32\Drivers\mbam.sys [80984 2026-02-24] (Microsoft Windows Hardware Compatibility Publisher Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [245864 2026-02-23] (Microsoft Windows Hardware Compatibility Publisher Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [190096 2026-02-24] (Malwarebytes Inc Malwarebytes)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85616 2021-08-13] (A-Volute Windows (R) Win 7 DDK provider) S3 ssbthid; C:\WINDOWS\System32\drivers\ssbthid.sys [43824 2017-12-15] (SteelSeries ApS )
R3 ssps2; C:\WINDOWS\System32\drivers\ssps2.sys [41104 2019-08-27] (SteelSeries ApS ) R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. ) S3 UniFairy; C:\WINDOWS\system32\UniFairy.sys [828144 2022-02-20] (Tencent Technology(Shenzhen) Company Limited )
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [43580536 2026-02-12] (Riot Games, Inc. Riot Games, Inc.) R3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2019-04-05] (Microsoft Windows Hardware Compatibility Publisher Benjamin Höglinger-Stelzer)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [21888 2026-02-10] (Microsoft Windows Early Launch Anti-malware Publisher Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [635272 2026-02-10] (Microsoft Windows Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [102832 2026-02-10] (Microsoft Windows Microsoft Corporation) R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [18688 2018-07-19] (WDKTestCert heavenluo,131620253795976757 )
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-01-26] (Wellbia.com Co., Ltd. Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2026-02-24 02:29 - 2026-02-24 02:29 - 000190096 _ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2026-02-24 02:26 - 2026-02-24 02:27 - 000043999 C:\Users\peter\Desktop\Fixlog.txt
2026-02-23 16:50 - 2026-02-23 16:52 - 000086555 C:\Users\peter\Desktop\Addition.txt
2026-02-23 16:49 - 2026-02-24 03:01 - 000025211 _ C:\Users\peter\Desktop\FRST.txt
2026-02-23 16:49 - 2026-02-24 03:01 - 000000000 __D C:\FRST
2026-02-23 16:47 - 2026-02-23 16:48 - 002445312 _ (Farbar) C:\Users\peter\Desktop\FRST64.exe
2026-02-23 05:29 - 2026-02-23 05:29 - 000000818 C:\Users\peter\Desktop\Malwarebytes Website Blocked Report 2026-02-22 173648.txt
2026-02-22 17:33 - 2026-02-24 02:44 - 000000000 D C:\Users\peter\AppData\Local\Malwarebytes
2026-02-22 17:33 - 2026-02-22 17:33 - 000002100 __ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2026-02-22 17:32 - 2026-02-22 17:32 - 000000000 _D C:\ProgramData\Malwarebytes
2026-02-22 17:32 - 2026-02-22 17:32 - 000000000 _D C:\Program Files\Malwarebytes
2026-02-22 16:17 - 2026-02-22 16:17 - 000000214 _ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2026-02-22 16:02 - 2026-02-22 16:46 - 000000000 D C:\WINDOWS\pss
2026-02-22 06:17 - 2026-02-22 06:17 - 000002443 _ C:\Users\peter\Desktop\Peter - Chrome.lnk
2026-02-22 05:55 - 2026-02-22 05:55 - 000000000 __D C:\Users\peter\Downloads\fb
2026-02-22 05:42 - 2026-02-22 08:02 - 000000000 _D C:\EEK
2026-02-22 05:42 - 2026-02-22 05:43 - 000000000 D C:\ProgramData\Emsisoft
2026-02-21 21:59 - 2026-02-22 01:57 - 000000000 ____D C:\Users\peter\AppData\Roaming\Temp
2026-02-21 21:59 - 2026-02-22 01:57 - 000000000 ____D C:\Users\peter\AppData\LocalLow\Temp
2026-02-21 05:19 - 2026-02-21 05:20 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2026-02-21 02:31 - 2026-02-21 02:31 - 000000705 __ C:\Users\Public\Desktop\TEKKEN 8.lnk
2026-02-21 00:13 - 2026-02-21 00:13 - 000004928 _ C:\WINDOWS\system32\Drivers\etc\hosts.rollback
2026-02-21 00:13 - 2017-09-29 05:44 - 000000824 C:\WINDOWS\system32\Drivers\etc\hosts.backup
2026-02-14 00:30 - 2026-02-14 00:30 - 000768770 C:\Users\peter\Downloads\yugioh5dssub.torrent
2026-01-29 01:01 - 2026-01-29 01:01 - 000000000 _D C:\Users\peter\AppData\Local\SparkingZERO
2026-01-28 01:41 - 2026-01-28 01:41 - 000000223 C:\Users\peter\Desktop\DRAGON BALL Sparking! ZERO.url

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2026-02-24 02:55 - 2020-09-29 16:11 - 000000000 _D C:\WINDOWS\system32\SleepStudy
2026-02-24 02:55 - 2019-12-07 01:14 - 000000000 _D C:\ProgramData\regid.1991-06.com.microsoft
2026-02-24 02:49 - 2022-06-20 16:26 - 000000000 _D C:\ProgramData\Common
2026-02-24 02:36 - 2020-09-29 16:23 - 000840812 C:\WINDOWS\system32\PerfStringBackup.INI
2026-02-24 02:36 - 2019-12-07 01:13 - 000000000 _D C:\WINDOWS\INF
2026-02-24 02:34 - 2021-12-17 00:09 - 000000000 D C:\WINDOWS\SystemTemp
2026-02-24 02:31 - 2021-11-07 02:10 - 000000001 __ C:\WINDOWS\vgkbootstatus.dat
2026-02-24 02:29 - 2021-05-24 13:25 - 000003108 _ C:\WINDOWS\system32\Tasks\NahimicTask32
2026-02-24 02:29 - 2021-05-24 13:25 - 000003088 C:\WINDOWS\system32\Tasks\NahimicTask64
2026-02-24 02:29 - 2020-09-29 16:20 - 000000006 _H C:\WINDOWS\Tasks\SA.DAT
2026-02-24 02:29 - 2020-09-29 16:11 - 000008192 SH C:\DumpStack.log.tmp
2026-02-24 02:29 - 2018-09-09 14:24 - 000000000 _SHD C:\Users\peter\IntelGraphicsProfiles
2026-02-24 02:29 - 2018-03-18 16:42 - 000000000 D C:\ProgramData\NVIDIA
2026-02-24 02:29 - 2018-03-18 16:40 - 000000000 _D C:\Intel
2026-02-24 02:28 - 2019-12-07 01:03 - 001572864 C:\WINDOWS\system32\config\BBI
2026-02-23 16:56 - 2018-09-09 20:35 - 000000000 _D C:\Users\peter\AppData\Local\D3DSCache
2026-02-22 17:33 - 2019-12-07 01:14 - 000000000 HD C:\WINDOWS\ELAMBKUP
2026-02-22 15:39 - 2020-08-17 01:53 - 000002445 _ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2026-02-22 15:39 - 2020-08-17 01:53 - 000002283 C:\Users\Public\Desktop\Microsoft Edge.lnk
2026-02-22 07:10 - 2019-12-07 01:14 - 000000000 HD C:\Program Files\WindowsApps
2026-02-22 07:10 - 2019-12-07 01:14 - 000000000 _D C:\WINDOWS\AppReadiness
2026-02-22 06:59 - 2022-01-10 15:57 - 000000000 _D C:\Program Files\Cheat Engine 7.3
2026-02-22 06:18 - 2022-02-15 16:49 - 000000000 _D C:\Users\peter\AppData\Roaming\discord
2026-02-22 06:05 - 2024-07-04 03:32 - 000001553 C:\Users\peter\Desktop\Zenless Zone Zero.lnk
2026-02-22 06:05 - 2024-06-04 03:11 - 000001557 _ C:\Users\peter\Desktop\Genshin Impact.lnk
2026-02-22 06:05 - 2023-10-16 15:01 - 000001561 C:\Users\peter\Desktop\Honkai Star Rail.lnk
2026-02-22 06:05 - 2021-12-02 16:46 - 000001553 C:\Users\peter\Desktop\Honkai Impact 3rd.lnk
2026-02-22 06:05 - 2018-09-10 15:54 - 000000000 _D C:\Users\peter\AppData\Local\Steam
2026-02-22 06:05 - 2018-09-10 15:54 - 000000000 _D C:\Program Files (x86)\Steam
2026-02-22 06:00 - 2024-03-03 10:17 - 000000000 _D C:\Users\peter\AppData\Roaming\riot-client-ux
2026-02-22 05:59 - 2026-01-22 04:57 - 000000000 _D C:\Users\peter\AppData\Roaming\Riot Client
2026-02-22 05:59 - 2018-09-10 22:38 - 000000000 _D C:\ProgramData\Riot Games
2026-02-22 05:23 - 2022-02-15 16:49 - 000000000 _D C:\Users\peter\AppData\Local\Discord
2026-02-22 05:12 - 2018-09-09 14:24 - 000000000 _D C:\Users\peter\AppData\Local\Packages
2026-02-22 01:47 - 2025-01-28 21:31 - 000000000 _D C:\Program Files\Riot Vanguard
2026-02-22 01:41 - 2020-09-29 16:15 - 000000000 _D C:\Users\peter
2026-02-21 21:58 - 2018-09-09 14:25 - 000000000 _D C:\Users\peter\AppData\Local\CrashDumps
2026-02-21 05:49 - 2021-05-31 02:32 - 000000000 _D C:\Users\peter\AppData\Local\visualboyadvance-m
2026-02-21 02:14 - 2023-07-25 16:13 - 000000000 _D C:\Users\peter\AppData\Roaming\EasyAntiCheat
2026-02-20 21:52 - 2023-02-14 17:33 - 000000000 _D C:\ProgramData\EA Desktop
2026-02-20 21:47 - 2024-06-07 19:33 - 000000000 _D C:\Users\peter\AppData\Roaming\qBittorrent
2026-02-19 15:01 - 2018-09-09 14:25 - 000000000 RD C:\Users\peter\OneDrive
2026-02-18 23:32 - 2024-09-19 14:19 - 000000000 _D C:\ProgramData\Packer
2026-02-18 21:35 - 2018-09-10 15:48 - 000002254 _ C:\Users\peter\Desktop\Discord.lnk
2026-02-18 20:46 - 2018-09-09 17:07 - 000002308 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2026-02-18 20:46 - 2018-09-09 17:07 - 000002267 C:\Users\Public\Desktop\Google Chrome.lnk
2026-02-17 21:35 - 2025-01-28 21:33 - 134222904 _ C:\WINDOWS\392667600.dat
2026-02-17 02:24 - 2021-11-11 00:16 - 000000000 __D C:\Users\peter\AppData\Local\Blizzard Entertainment
2026-02-16 23:29 - 2023-03-15 19:00 - 000000000 _D C:\ProgramData\Nahimic
2026-02-16 15:19 - 2025-01-21 02:40 - 000003576 C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-3770983433-3408265141-2813071809-1001
2026-02-16 15:19 - 2021-12-12 23:33 - 000003592 _ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3770983433-3408265141-2813071809-1001
2026-02-16 15:19 - 2020-09-29 16:20 - 000003356 C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3770983433-3408265141-2813071809-1001
2026-02-16 15:19 - 2020-09-29 16:15 - 000002390 C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2026-02-14 01:56 - 2021-11-11 00:18 - 000000000 _D C:\Users\peter\AppData\Local\Battle.net
2026-02-14 01:55 - 2022-03-20 12:32 - 000000000 D C:\ProgramData\Battle.net_components
2026-02-12 15:19 - 2020-09-29 16:20 - 000003534 __ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2026-02-12 15:19 - 2020-09-29 16:20 - 000003408 _ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2026-02-11 07:59 - 2018-09-09 15:23 - 000000000 __D C:\WINDOWS\system32\MRT
2026-02-11 07:57 - 2018-09-09 15:22 - 221154392 _C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2026-02-10 15:16 - 2018-09-09 18:47 - 000000000 _D C:\WINDOWS\system32\Drivers\wd
2026-02-05 15:19 - 2018-03-18 16:46 - 000000000 _D C:\ProgramData\A-Volute
2026-02-02 15:17 - 2018-09-09 17:06 - 000000000 _D C:\Program Files (x86)\Google

==================== Files in the root of some directories ========

2024-06-20 20:06 - 2024-12-14 23:28 - 000000000 _ () C:\ProgramData\ace-drc.dat
2020-08-15 01:31 - 2022-06-14 23:19 - 000007611 () C:\Users\peter\AppData\Local\Resmon.ResmonCfg
2024-10-14 03:12 - 2024-10-14 03:12 - 000000000 __ () C:\Users\peter\AppData\Local\settingData.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Warning

LINK

You are about to visit a link which has been flagged with the above content warnings. Do you wish to continue?

Cancel
Edit
Raw PDF PNG WebP JPG

Pub: 24 Feb 2026 11:05 UTC

Views: 3

new· what· how· langs· contacts· login