Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93122 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Checking for malicious software with updated HijackThis

Started by Keethroolz , Yesterday, 05:58 PM
HijackThis log

  • Please log in to reply
No replies to this topic

#1 Keethroolz

Keethroolz

    New Member

  • New Member
  • Pip
  • 1 posts

Posted Yesterday, 05:58 PM

Hello there,

 

I'm confident that someone installed something malicious on my PC. To be absolutely sure that my concerns are dealt with, I found an open source updated version of HijackThis. I'll post the log below my message. If anyone has some time to spare and wouldn't mind helping me out, I would really appreciate your input.

 

Thank you for your time.

 

Logfile of HiJackThis+ build 2025-01-16 Beta v.3.4.0.17

Platform:  x64 Windows 11 (Home), 10.0.26100.4061 (ReleaseId: 2009, 24H2), Service Pack: 0
Time:      17.05.2025 - 16:53 (UTC-07:00)
Language:  OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Memory:    1.11 GiB Free / 7. Loading RAM (85 %), CPU (5 %)
Disk C:    104.09 GiB Free / 458 (SSD, GPT)
Elevated:  Yes
Ran by:    oxfer    (group: Administrators; type: Microsoft) on LAPTOP-6A7R5PHQ, FirstRun: no

Chrome:  136.0.7103.114
Firefox: 138.0.1.127
Internet Explorer: 11.0.26100.1882
Default: "C:\Program Files\LibreWolf\librewolf.exe" -osint -url "%1" (LibreWolf)

Boot mode: Normal (Secure Boot: On)

Running processes:
Number | Path
   1  C:\HiJackThis_test\HiJackThis.exe
   3  C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe
   1  C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
   1  C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
   1  C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
   1  C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe
   1  C:\Program Files (x86)\ASUSTeK COMPUTER INC\RefreshRateService\RefreshRateService.exe
   1  C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
   1  C:\Program Files (x86)\Common Files\Steam\steamservice.exe
   1  C:\Program Files (x86)\LightingService\LightingService.exe
   7  C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
   6  C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe
   6  C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.76\msedgewebview2.exe
   1  C:\Program Files (x86)\Origin\OriginWebHelperService.exe
   7  C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
   1  C:\Program Files (x86)\Steam\steam.exe
   1  C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\VizzedRgrServiceLoader.exe
   1  C:\Program Files\AdiIRC\AdiIRC.exe
   1  C:\Program Files\ASUS\AacAmbientHal\AacAmbientLighting.exe
   1  C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe
   1  C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.UserSessionHelper.exe
   1  C:\Program Files\ASUS\ASUS HID Control Service\AsHidCtrlService.exe
   1  C:\Program Files\ASUS\GlideX\GlideXNear\GlideXNearService.exe
   1  C:\Program Files\ASUS\GlideX\GlideXRemote\GlideXRemoteService.exe
   1  C:\Program Files\ASUS\GlideX\GlideXService.exe
   1  C:\Program Files\ASUS\GlideX\GlideXServiceExt.exe
   1  C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
   1  C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe
   1  C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
   1  C:\Program Files\LibreOffice\program\soffice.bin
   1  C:\Program Files\LibreOffice\program\soffice.exe
  23  C:\Program Files\LibreWolf\librewolf.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
   2  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   1  C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe
   1  C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa\iCloud\APSDaemon.exe
   1  C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
   1  C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
   1  C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe
   1  C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
   1  C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.152.0_x64__nzyj5cx40ttqa\iCloud\secd.exe
   1  C:\Program Files\WindowsApps\AppleInc.iTunes_12137.1.3025.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
   1  C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.6.8.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
   1  C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2503.16.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
   1  C:\Program Files\WindowsApps\Microsoft.YourPhone_1.25032.84.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
   1  C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.25031.10021.0_x64__8wekyb3d8bbwe\Video.UI.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.10401.30.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25032.52.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
   1  C:\Program Files\WindowsApps\MSTeams_25094.310.3616.953_x64__8wekyb3d8bbwe\ms-teams.exe
   5  C:\Users\oxfer\AppData\Local\0install.net\implementations\sha256new_NX54BP3MSRHNDMB5N5YOFJZWO5QE5I5W7JTPGB4XC7MEJNSXCC3A\CefSharp.BrowserSubprocess.exe
   1  C:\Users\oxfer\AppData\Local\0install.net\implementations\sha256new_WYZULWVLCKQPEO3OLAHZ2BWFAXA4MZEOZ6GCYO7G4SA2VG5KJYPA\DeepL.exe
   6  C:\Users\oxfer\AppData\Local\Discord\app-1.0.9191\Discord.exe
   1  C:\Users\oxfer\AppData\Local\Microsoft\OneDrive\25.075.0420.0002\FileCoAuth.exe
   1  C:\Users\oxfer\AppData\Local\Microsoft\OneDrive\OneDrive.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\ImmersiveControlPanel\SystemSettings.exe
   1  C:\Windows\System32\AggregatorHost.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   1  C:\Windows\System32\ASUSACCI\ArmouryCrateControlInterface.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   2  C:\Windows\System32\dasHost.exe
   1  C:\Windows\System32\drivers\SessionService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_e109b959e17d8c0b\AsusPTPService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\AsusAppService\AsusAppService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSOptimization\AsusOptimization.exe
   1  C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSOptimization\AsusOptimizationStartupTask.exe
   1  C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSOptimization\AsusOSD.exe
   1  C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSSoftwareManager\AsusSoftwareManager.exe
   1  C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe
   1  C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSSwitch\AsusSwitch.exe
   1  C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSSystemAnalysis\AsusSystemAnalysis.exe
   1  C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
   1  C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_0e3297fd23464e1a\DAX3API.exe
   2  C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_306c93e62d28e6e4\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_6c1db4160fc7f113\Intel_PIE_Service.exe
   1  C:\Windows\System32\DriverStore\FileRepositoryͩ670.inf_amd64_e110f3ff362d0146\B368779\atieclxx.exe
   1  C:\Windows\System32\DriverStore\FileRepositoryͩ670.inf_amd64_e110f3ff362d0146\B368779\atiesrxx.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\oobe\UserOOBEBroker.exe
   3  C:\Windows\System32\RtkAudUService64.exe
  11  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\ShellHost.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  86  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wbem\WmiApSrv.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wlanext.exe
   1  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

O2 - HKLM\..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (sign: 'Canon Inc.')
O2-32 - HKLM\..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (sign: 'Canon Inc.')
O3 - HKLM\..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (sign: 'Canon Inc.')
O3-32 - HKLM\..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (sign: 'Canon Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\136.0.7103.114\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [BingWallpaperApp] = C:\Users\oxfer\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe (sign: 'Microsoft')
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_99FF9C106EC08E3F0C8CFF5D8B9EE264] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (sign: 'Microsoft')
O4 - HKCU\..\Run: [OneDrive] = C:\Users\oxfer\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (sign: 'Microsoft')
O4 - HKCU\..\Run: [Opera GX Browser Assistant] = C:\Users\oxfer\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe (sign: 'Opera Software AS')
O4 - HKCU\..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (sign: 'Valve Corp.')
O4 - HKCU\..\StartupApproved\Run: [Comrade.exe] = C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (not signed - IGN Entertainment Inc. - 9F62182A51D5E395D28AE40E9C1C5255DE6046EE)
O4 - HKCU\..\StartupApproved\Run: [EA Core] = C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent (not signed - Electronic Arts - 4672CCDFC4BCA99BF96E8D5EAC4D0AAC9C129FAA)
O4 - HKCU\..\StartupApproved\Run: [EADM] = C:\Program Files (x86)\Origin\Origin.exe -AutoStart (sign: 'Electronic Arts, Inc.')
O4 - HKCU\..\StartupApproved\Run: [Grammarly] = C:\Users\oxfer\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe (sign: 'Grammarly, Inc.')
O4 - HKCU\..\StartupApproved\Run: [Gyazo] = C:\Program Files (x86)\Gyazo\GyStation.exe (sign: 'Helpfeel Inc')
O4 - HKLM\..\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] = C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.76\Installer\setup.exe --msedgewebview --delete-old-versions --system-level --verbose-logging --on-logon (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run: [Focusrite Notifier] = C:\Program Files\Focusriteusb\Focusrite Notifier.exe (not signed - Focusrite Audio Engineering, Ltd. - 40FB0F7C5204BA46D459573EBBA8463C8A2410F0)
O4 - HKLM\..\StartupApproved\Run32: [APSDaemon] = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (sign: 'Apple Inc.')
O4 - HKLM\..\StartupApproved\Run32: [CanonQuickMenu] = C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon (sign: 'Canon Inc.')
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Network service') (sign: 'Microsoft')
O4 - Startup: C:\Users\oxfer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeepL auto-start.lnk    ->    C:\Users\oxfer\AppData\Roaming\0install.net\desktop-integration\stubs\1eae01f3cdb5ff0ecf683b15a60a1489573c1188cb34abc205fcf7a924b4e54d\auto-start.exe (not signed - no company - 906276C30928C90D9416C1D8BBA3721ACB959010)
O4-32 - HKLM\..\Run: [VizzedRgrPluginServiceLoader] = C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\VizzedRgrServiceLoader.exe (not signed - no company - A9031E9FFDBB0EC071E48DDE2254B08243AAD197)
O4-32 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (sign: 'Wondershare Technology Co.,Ltd')
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\E&xport to Microsoft Excel: (default) = C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (file missing)
O15 - Trusted Zone: *.vvv.vizzed.com
O17 - DHCP DNS 1: 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{fcc1af4d-26fe-4e49-b23e-b5db5bb55459}: [NameServer] = 198.51.100.1
O18 - HKLM\Software\Classes\Protocols\Filter\application/octet-stream: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-complus: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-msdownload: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O22 - Tasks: (damaged) AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSSystemAnalysis\AsusSystemAnalysis.exe -j0 (user missing) (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-3168078731-2877793738-1788617900-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical - {613FBA38-A3DF-4AB8-9674-5604984A299A},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical - {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Flighting\FeatureConfig\BootstrapUsageDataReporting - {D759C938-B375-41CB-A2A2-E6D866A767F4} - C:\Windows\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Servicing\OOBEFodSetup - C:\WINDOWS\system32\OOBEFodSetup.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\SharedPC\Account Cleanup - {7750564D-D61C-4557-8A9D-7DF56BDCFF96} - C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (file missing)
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (file missing)
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WaaSMedic\DeferredWork - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},DeferralWork - C:\WINDOWS\System32\WaaSMedicSvc.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WaaSMedic\MaintenanceWork - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},MaintenanceWork - C:\WINDOWS\System32\WaaSMedicSvc.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WindowsAI\Recall\InitialConfiguration - {709FD5EF-7296-4154-BD3A-E9830FCFA60A} - C:\WINDOWS\system32\ShellConfigTask.dll (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\sc.exe start InventorySvc (sign: '')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser Exp - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun express (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\WINDOWS\system32\sdbinst.exe -mm (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Sustainability\SustainabilityTelemetry - {6EE41D75-D091-4FB7-9AD5-018760DD25D4} - C:\WINDOWS\system32\EcoScoreTask.dll (sign: 'Microsoft')
O22 - Tasks: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: \Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task (sign: 'Apple Inc.')
O22 - Tasks: \ASUS\AcPowerNotification - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\Armoury Crate Service Task_CountDown - C:\ProgramData\ASUS\FestsEffect\data\CountDown\CountDown.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ArmourySocketServer - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ASUSUpdateTaskMachineCore - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /c (sign: 'ASUSTeK Computer Inc.')
O22 - Tasks: \ASUS\ASUSUpdateTaskMachineUA - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /ua /installsource scheduler (sign: 'ASUSTeK Computer Inc.')
O22 - Tasks: \ASUS\Framework Service - C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe --delay (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\P508PowerAgent_sdk - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (file missing)
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem138.0.7156.0{09554D46-A43A-4446-B787-62D8EA48B1D7} - C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \HP\HP Print Scan Doctor\Printer Health Monitor - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks: \HP\HP Print Scan Doctor\Printer Health Monitor Logon - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 - {84F0FAE1-C27B-4F6F-807B-28CF6F96287D},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 - {429BC048-379E-45E0-80E4-EB1977941B5C},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\AccountHealth\RecoverabilityToastTask - {B7F5B442-EBF8-46CD-9F0B-D8E45ED43492},-flow showtoast -checkup recoverability - C:\WINDOWS\system32\AccountHealth.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Diagnosis\UnexpectedCodepath - C:\WINDOWS\system32\UCConfigTask.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Flighting\FeatureConfig\ReconcileConfigs - {15F5ECE1-4550-4A92-8E26-984FD1DA54FA} - C:\WINDOWS\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Flighting\FeatureConfig\UsageDataReceiver - {D4C0420F-76BD-4F66-A91F-918A93ABEBEB} - C:\Windows\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Input\RemoteMouseSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},RemoteMouseSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Input\RemotePenSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},RemotePenSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Input\RemoteTouchpadSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},RemoteTouchpadSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Location\Notifications - C:\WINDOWS\System32\LocationNotificationWindows.exe (file missing)
O22 - Tasks: \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - C:\WINDOWS\System32\MbaeParserTask.exe (file missing)
O22 - Tasks: \Microsoft\Windows\Network Connectivity Status Indicator\NcsiIdentifyUserProxies - {706B965A-8308-4CD4-9900-87C2D79C121B} - C:\Windows\System32\netprofm.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\PerformanceTrace\RequestTrace - {9EFEB182-2EE3-4AF9-AFFA-521410D110D1} - C:\WINDOWS\system32\PerformanceTraceHandler.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\ReFsDedupSvc\Initialization - {DCFF735B-64F7-45F3-B39C-6C66BBE2120F} - C:\WINDOWS\System32\ReFsDedupSvc.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Sustainability\PowerGridForecastTask - {251E5B1F-E370-4E12-B5BD-B7AD2A8EE810} - C:\WINDOWS\system32\PowerGridForecastTask.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\TPM\Tpm-PreAttestationHealthCheck - {5014B7C8-934E-4262-9816-887FA745A6C4},TpmPreAttestationHealthCheck - C:\WINDOWS\system32\TpmTasks.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - C:\WINDOWS\system32\MusNotification.exe Display (file missing)
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\UIEOrchestrator - C:\WINDOWS\system32\UIEOrchestrator.exe /SendHeartbeat (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (file missing)
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\UUS Failover Task - C:\WINDOWS\System32\MLEngineStub.exe HandleUusFailoverEvaluationSignalFromWnf (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration - {0BE6820D-B667-4CB6-931B-C153A77DA895} - C:\WINDOWS\system32\ShellConfigTask.dll (sign: 'Microsoft')
O22 - Tasks: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks: \Mozilla\Firefox Background Update S-1-5-21-3168078731-2877793738-1788617900-1001 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks: Apple Diagnostics - C:\Users\oxfer\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe (not signed - no company - error getting hash)
O22 - Tasks: ASUS Optimization 36D18D69AFC3 - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSOptimization\AsusHotkey.exe -CancelShutdown (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: ASUS Promotion - C:\Program Files\ASUS\ASUS Promotion\ASUS Promotion.exe -bytask (sign: 'ASUSTeK Computer Inc.')
O22 - Tasks: ASUS Update Checker 2.0 - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSSoftwareManager\AsusUpdateChecker.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSSystemAnalysis\AsusSystemAnalysis.exe -j0 (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: GameTurbo - C:\Program Files (x86)\ASUS\GameFirst\GameTurbo.exe /min /autostart (sign: 'Jotun Technology Inc.')
O22 - Tasks: GyazoUpdateTaskMachine - C:\Program Files (x86)\Gyazo\GyazoUpdate.exe (sign: 'Helpfeel Inc')
O22 - Tasks: GyazoUpdateTaskMachineDaily - C:\Program Files (x86)\Gyazo\GyazoUpdate.exe (sign: 'Helpfeel Inc')
O22 - Tasks: HPCustParticipation HP LaserJet MFP M28-M31 - C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\HPCustPartic.exe /UA 20.5 (sign: 'Hewlett Packard')
O22 - Tasks: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (file missing)
O22 - Tasks: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (file missing)
O22 - Tasks: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (file missing)
O22 - Tasks: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log (sign: 'NVIDIA Corporation')
O22 - Tasks: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-3168078731-2877793738-1788617900-1001 - C:\Users\oxfer\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O22 - Tasks: OneDrive Startup Task-S-1-5-21-3168078731-2877793738-1788617900-1001 - C:\Users\oxfer\AppData\Local\Microsoft\OneDrive\25.075.0420.0002\OneDriveLauncher.exe /startInstances (sign: 'Microsoft')
O22 - Tasks: Opera GX scheduled assistant Autoupdate 1646548857 - C:\Users\oxfer\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\oxfer\AppData\Local\Programs\Opera GX\assistant" $(Arg0) (file missing)
O22 - Tasks: Opera GX scheduled Autoupdate 1645088477 - C:\Users\oxfer\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: RtkAudUService64_BG - C:\WINDOWS\System32\RtkAudUService64.exe -background (sign: 'Realtek Semiconductor Corp.')
O22 - Tasks: USER_ESRV_SVC_QUEENCREEK - C:\WINDOWS\System32\Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" (sign: 'Microsoft')
O22 - Tasks: ZoomUpdateTaskUser-S-1-5-21-3168078731-2877793738-1788617900-1001 - C:\Users\oxfer\AppData\Roaming\Zoom\bin\Zoom.exe --action=UpdateSchedule (sign: 'Zoom Video Communications, Inc.')
O22 - Tasks_Migrated: (disabled) \Agent Activation Runtime\S-1-5-21-3168078731-2877793738-1788617900-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical - {613FBA38-A3DF-4AB8-9674-5604984A299A},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical - {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Flighting\FeatureConfig\BootstrapUsageDataReporting - {D759C938-B375-41CB-A2A2-E6D866A767F4} - C:\Windows\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\WaaSMedic\DeferredWork - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},DeferralWork - C:\WINDOWS\System32\WaaSMedicSvc.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\WaaSMedic\MaintenanceWork - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},MaintenanceWork - C:\WINDOWS\System32\WaaSMedicSvc.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_05f0e8a0cc7f395e\ASUSSystemAnalysis\AsusSystemAnalysis.exe -j0 (file missing)
O22 - Tasks_Migrated: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks_Migrated: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks_Migrated: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks_Migrated: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks_Migrated: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaWallpaperAppDetect (sign: 'Microsoft')
O22 - Tasks_Migrated: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\WINDOWS\system32\sdbinst.exe -mm (sign: 'Microsoft')
O22 - Tasks_Migrated: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks_Migrated: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks_Migrated: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks_Migrated: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks_Migrated: \Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task (sign: 'Apple Inc.')
O22 - Tasks_Migrated: \ASUS\AcPowerNotification - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks_Migrated: \ASUS\Armoury Crate Service Task_CountDown - C:\ProgramData\ASUS\FestsEffect\data\CountDown\CountDown.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks_Migrated: \ASUS\ArmourySocketServer - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks_Migrated: \ASUS\ASUSUpdateTaskMachineCore - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /c (sign: 'ASUSTeK Computer Inc.')
O22 - Tasks_Migrated: \ASUS\ASUSUpdateTaskMachineUA - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /ua /installsource scheduler (sign: 'ASUSTeK Computer Inc.')
O22 - Tasks_Migrated: \ASUS\Framework Service - C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks_Migrated: \ASUS\P508PowerAgent_sdk - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (file missing)
O22 - Tasks_Migrated: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{28EA0FED-ACC5-4AD5-82D2-86C3C136CE4B} - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --wake --system (file missing)
O22 - Tasks_Migrated: \HP\HP Print Scan Doctor\Printer Health Monitor - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks_Migrated: \HP\HP Print Scan Doctor\Printer Health Monitor Logon - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks_Migrated: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 - {84F0FAE1-C27B-4F6F-807B-28CF6F96287D},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 - {429BC048-379E-45E0-80E4-EB1977941B5C},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: \Microsoft\Windows\Location\Notifications - C:\WINDOWS\System32\LocationNotificationWindows.exe (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - C:\WINDOWS\System32\MbaeParserTask.exe (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\NetTrace\GatherNetworkInfo - C:\WINDOWS\system32\gatherNetworkInfo.vbs (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\WINDOWS\system32\SecureBootEncodeUEFI.exe (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask - {8702A841-D5CA-47C3-812D-9CEDC304C200} - (no file)
O22 - Tasks_Migrated: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks_Migrated: \Mozilla\Firefox Background Update S-1-5-21-3168078731-2877793738-1788617900-1001 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks_Migrated: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks_Migrated: Apple Diagnostics - C:\Users\oxfer\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe (not signed - no company - error getting hash)
O22 - Tasks_Migrated: ASUS Promotion - C:\Program Files\ASUS\ASUS Promotion\ASUS Promotion.exe -bytask (sign: 'ASUSTeK Computer Inc.')
O22 - Tasks_Migrated: ASUS Update Checker 2.0 - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_05f0e8a0cc7f395e\ASUSSoftwareManager\AsusUpdateChecker.exe (file missing)
O22 - Tasks_Migrated: GameTurbo - C:\Program Files (x86)\ASUS\GameFirst\GameTurbo.exe /min /autostart (sign: 'Jotun Technology Inc.')
O22 - Tasks_Migrated: GyazoUpdateTaskMachine - C:\Program Files (x86)\Gyazo\GyazoUpdate.exe (sign: 'Helpfeel Inc')
O22 - Tasks_Migrated: GyazoUpdateTaskMachineDaily - C:\Program Files (x86)\Gyazo\GyazoUpdate.exe (sign: 'Helpfeel Inc')
O22 - Tasks_Migrated: HPCustParticipation HP LaserJet MFP M28-M31 - C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\HPCustPartic.exe /UA 20.5 (sign: 'Hewlett Packard')
O22 - Tasks_Migrated: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (file missing)
O22 - Tasks_Migrated: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (file missing)
O22 - Tasks_Migrated: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (file missing)
O22 - Tasks_Migrated: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log (sign: 'NVIDIA Corporation')
O22 - Tasks_Migrated: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (sign: 'NVIDIA Corporation')
O22 - Tasks_Migrated: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler (sign: 'NVIDIA Corporation')
O22 - Tasks_Migrated: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks_Migrated: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks_Migrated: OneDrive Reporting Task-S-1-5-21-3168078731-2877793738-1788617900-1001 - C:\Users\oxfer\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O22 - Tasks_Migrated: Opera GX scheduled assistant Autoupdate 1646548857 - C:\Users\oxfer\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\oxfer\AppData\Local\Programs\Opera GX\assistant" $(Arg0) (file missing)
O22 - Tasks_Migrated: RtkAudUService64_BG - C:\WINDOWS\System32\RtkAudUService64.exe -background (sign: 'Realtek Semiconductor Corp.')
O22 - Tasks_Migrated: UltraAV service start timeout handler - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command "$serviceName = 'UltraAV Service 12.4.0'\x0D\x0A$service = Get-Service -Name $serviceName\x0D\x0Aif ($service -eq $null)\x0D\x0A{\x0D\x0A    return\x0D\x0A}\x0D\x0Aif ($service.StartType -ne [System.ServiceProcess.ServiceStartMode]::Automatic)\x0D\x0A{\x0D\x0A    return\x0D\x0A}\x0D\x0Aif ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Stopped)\x0D\x0A{\x0D\x0A    $service.WaitForStatus([System.ServiceProcess.ServiceControllerStatus]::Stopped, [System.TimeSpan]::FromMinutes(5))\x0D\x0A}\x0D\x0AStart-Service -Name $serviceName" (sign: 'Microsoft')
O22 - Tasks_Migrated: USER_ESRV_SVC_QUEENCREEK - C:\WINDOWS\System32\Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" (sign: 'Microsoft')
O22 - Tasks_Migrated: ZoomUpdateTaskUser-S-1-5-21-3168078731-2877793738-1788617900-1001 - C:\Users\oxfer\AppData\Roaming\Zoom\bin\Zoom.exe --action=UpdateSchedule (sign: 'Zoom Video Communications, Inc.')
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepositoryͩ670.inf_amd64_e110f3ff362d0146\B368779\atiesrxx.exe (sign: 'Advanced Micro Devices, Inc.')
O23 - Service R2: Armoury Crate Control Interface - (ArmouryCrateControlInterface) - C:\WINDOWS\System32\ASUSACCI\ArmouryCrateControlInterface.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ARMOURY CRATE Service - (ArmouryCrateService) - C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS App Service - (AsusAppService) - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\AsusAppService\AsusAppService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS AURA SYNC lighting service - (LightingService) - C:\Program Files (x86)\LightingService\LightingService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS HID Control Service - (AsHidCtrlService) - C:\Program Files\ASUS\ASUS HID Control Service\AsHidCtrlService.exe (sign: 'ASUSTeK Computer Inc.')
O23 - Service R2: ASUS Optimization - (ASUSOptimization) - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSOptimization\AsusOptimization.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS Software Manager - (ASUSSoftwareManager) - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSSoftwareManager\AsusSoftwareManager.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS Switch - (ASUSSwitch) - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSSwitch\AsusSwitch.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS System Analysis - (ASUSSystemAnalysis) - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSSystemAnalysis\AsusSystemAnalysis.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS System Diagnosis - (ASUSSystemDiagnosis) - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: AsusCertService - C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: AsusPTPService - C:\WINDOWS\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_e109b959e17d8c0b\AsusPTPService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: Canon Inkjet Printer/Scanner/Fax Extended Survey Program - (IJPLMSVC) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (sign: 'Canon Inc.')
O23 - Service R2: Dolby DAX API Service - (DolbyDAXAPI) - C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_0e3297fd23464e1a\DAX3API.exe (sign: 'Dolby Laboratories, Inc.')
O23 - Service R2: Energy Server Service queencreek - (ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start" (sign: 'Intel Corporation')
O23 - Service R2: Focusrite Control Server - C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe service (not signed - Focusrite Audio Engineering Ltd. - 838D338976078B652676C803E85EC72C54660AE5)
O23 - Service R2: GameSDK Service - C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: GlideX Near Service - (GlideXNearService) - C:\Program Files\ASUS\GlideX\GlideXNear\GlideXNearService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: GlideX Remote Service - (GlideXRemoteService) - C:\Program Files\ASUS\GlideX\GlideXRemote\GlideXRemoteService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: GlideX Service - (GlideXService) - C:\Program Files\ASUS\GlideX\GlideXService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: GlideX Service Extension - (GlideXServiceExt) - C:\Program Files\ASUS\GlideX\GlideXServiceExt.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: HP Print Scan Doctor Service - (HPPrintScanDoctorService) - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (sign: 'HP Inc.')
O23 - Service R2: Intel® System Usage Report Service SystemUsageReportSvc_QUEENCREEK - (SystemUsageReportSvc_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe (sign: 'Intel Corporation')
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (sign: 'Malwarebytes Inc') (+safe mode)
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_306c93e62d28e6e4\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_306c93e62d28e6e4\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert (sign: 'NVIDIA Corporation')
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -ert (sign: 'NVIDIA Corporation')
O23 - Service R2: Origin Web Helper Service - C:\Program Files (x86)\Origin\OriginWebHelperService.exe (sign: 'Electronic Arts, Inc.')
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\WINDOWS\System32\RtkAudUService64.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R2: RefreshRateService - C:\Program Files (x86)\ASUSTeK COMPUTER INC\RefreshRateService\RefreshRateService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ROG Live Service - C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: Session Detection - (SessionSvc) - C:\WINDOWS\System32\drivers\SessionService.exe (sign: 'Microsoft')
O23 - Service R3: Intel® PROSet/Wireless Service - (PIEServiceNew) - C:\WINDOWS\System32\DriverStore\FileRepository\piecomponent.inf_amd64_6c1db4160fc7f113\Intel_PIE_Service.exe (sign: 'Intel Corporation')
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Service S2: ASUS Update Service (asus) - (asus) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /svc (sign: 'ASUSTeK Computer Inc.')
O23 - Service S2: Google Updater Internal Service (GoogleUpdaterInternalService138.0.7156.0) - (GoogleUpdaterInternalService138.0.7156.0) - C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S2: Google Updater Service (GoogleUpdaterService138.0.7156.0) - (GoogleUpdaterService138.0.7156.0) - C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S3: ASUS Update Service (asusm) - (asusm) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /medsvc (sign: 'ASUSTeK Computer Inc.')
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe (sign: 'EasyAntiCheat Oy')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\136.0.7103.114\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: InstallDriver Table Manager - (IDriverT) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (not signed - Macrovision Corporation - 342CCCAB8379B3F019787055C867689653C2B792)
O23 - Service S3: LibreOffice Maintenance Service - (LibreOfficeMaintenance) - C:\Program Files\LibreOffice\program\update_service.exe (sign: 'The Document Foundation')
O23 - Service S3: MBVpnTunnelService - C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe (sign: 'Malwarebytes Inc.')
O23 - Service S3: Microsoft Defender Core Service - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (sign: 'Mozilla Corporation')
O23 - Service S3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service (sign: 'NVIDIA Corporation')
O23 - Service S3: Origin Client Service - C:\Program Files (x86)\Origin\OriginClientService.exe (sign: 'Electronic Arts, Inc.')
O23 - Service S3: Printer Extensions and Notifications - (PrintNotify) - C:\WINDOWS\system32\svchost.exe -k print; "ServiceDll" = C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (not signed - Microsoft Corporation - A809504FA38F53680C85F6CECF54B60D5D0CDBBA)
O23 - Service S3: Twitch Service - (TwitchService) - C:\Program Files\Common Files\Twitch\TwitchService.exe (sign: 'Twitch Interactive, Inc.')
O23 - Service S3: User Energy Server Service queencreek - (USER_ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--run_as_user_process"  (sign: 'Intel Corporation')
O23 - Driver R0: AMD PSP Service - (amdpsp) - C:\WINDOWS\System32\drivers\amdpsp.sys (sign: 'Advanced Micro Devices, Inc.')
O23 - Driver R1: Asusgio3 - C:\WINDOWS\system32\drivers\AsIO3.sys (sign: 'ASUSTeK COMPUTER INC.')
O23 - Driver R1: ATKWMIACPI Driver - (ATKWMIACPIIO) - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSOptimization\AsusWmiAcpi.sys (sign: 'ASUSTeK COMPUTER INC.')
O23 - Driver R1: gnf - C:\WINDOWS\system32\drivers\gnf.sys (+safe mode) (sign: 'WDKTestCert JOE,132161285353388853', but untrusted root: 'WDKTestCert JOE,132161285353388853' with fingerprint: 6876239516ED5A5724E4B50D58E6055A1CDF3B3C)
O23 - Driver R1: Malwarebytes Anti-Exploit - (ESProtectionDriver) - C:\WINDOWS\system32\drivers\mbae64.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R2: MBAMChameleon - (mbamchameleon) - C:\WINDOWS\System32\Drivers\MbamChameleon.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: ___ Intel® Wireless Adapter Driver for Windows 10 - 64 Bit - (Netwtw10) - C:\WINDOWS\System32\drivers\Netwtw10.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: AMD Function Driver for HD Audio Service - (AtiHDAudioService) - C:\WINDOWS\system32\drivers\AtihdWT6.sys (sign: 'Microsoft' - Advanced Micro Devices)
O23 - Driver R3: AMD GPIO Client Driver - (amdgpio2) - C:\WINDOWS\System32\drivers\amdgpio2.sys (sign: 'Advanced Micro Devices INC.')
O23 - Driver R3: AMD I2C Controller Service - (amdi2c) - C:\WINDOWS\System32\drivers\amdi2c.sys (+safe mode) (sign: 'Advanced Micro Devices INC.')
O23 - Driver R3: amdkmdag - C:\WINDOWS\System32\DriverStore\FileRepositoryͩ670.inf_amd64_e110f3ff362d0146\B368779\amdkmdag.sys (sign: 'Advanced Micro Devices, Inc.')
O23 - Driver R3: AMDRyzenMasterDriver Service - (AMDRyzenMasterDriverV16) - C:\WINDOWS\System32\drivers\AMDRyzenMasterDriver.sys (sign: 'Advanced Micro Devices INC.')
O23 - Driver R3: ASUS Precision Touch Service - (AsusPTPDrv) - C:\WINDOWS\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_e109b959e17d8c0b\AsusPTPFilter.sys (sign: 'ASUSTeK COMPUTER INC.')
O23 - Driver R3: ASUS Wireless Radio Control - (HIDSwitch) - C:\WINDOWS\System32\drivers\AsRadioControl.sys (sign: 'ASUSTeK COMPUTER INC.')
O23 - Driver R3: AsusSAIO - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_f57c48cf404ebc46\ASUSSystemAnalysis\AsusSAIO.sys (sign: 'ASUSTeK COMPUTER INC.')
O23 - Driver R3: Audio Coprocessr Driver for DSP - (amdacpbus) - C:\WINDOWS\System32\DriverStore\FileRepository\amdacpbus.inf_amd64_0ffea48a6727a34d\amdacpbus.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AuraApp TAP-Windows Adapter V9 - (aatap) - C:\WINDOWS\System32\drivers\aatap.sys (+safe mode) (sign: 'Microsoft' - Aura)
O23 - Driver R3: Intel® Wireless Bluetooth® - (ibtusb) - C:\WINDOWS\System32\DriverStore\FileRepository\ibtusb.inf_amd64_c0021b86f8056de3\ibtusb.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: MBAMFarflt - C:\WINDOWS\System32\Drivers\farflt11.sys (sign: 'Malwarebytes Inc')
O23 - Driver R3: MBAMProtection - C:\WINDOWS\System32\Drivers\mbam.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMSwissArmy - C:\WINDOWS\System32\Drivers\mbamswissarmy.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMWebProtection - C:\WINDOWS\system32\DRIVERS\mwac.sys (sign: 'Malwarebytes Inc')
O23 - Driver R3: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - (nvvad_WaveExtensible) - C:\WINDOWS\system32\drivers\nvvad64v.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: nvlddmkm - C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_306c93e62d28e6e4\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NvModuleTracker - C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NVVHCI Enumerator Service - (nvvhci) - C:\WINDOWS\System32\drivers\nvvhci.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\WINDOWS\system32\drivers\nvhda64v.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Software Root - (FocusritePCIeSwRoot) - C:\WINDOWS\System32\drivers\FocusritePCIeSwRoot.sys (sign: 'Focusrite Audio Engineering Ltd.')
O23 - Driver R3: Usb Software Root - (FocusriteusbSwRoot) - C:\WINDOWS\System32\drivers\FocusriteusbSwRoot.sys (sign: 'Microsoft' - Focusrite Audio Engineering Ltd.)
O23 - Driver S3: @oem9.inf,%DeviceDescription%;UltraVpn TAP-Windows Adapter V9 - (uvtap) - C:\WINDOWS\System32\drivers\uvtap.sys (file missing) (+safe mode)
O23 - Driver S3: Apple KMDF Filter Driver - (AppleKmdfFilter) - C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys (sign: 'Apple Inc.')
O23 - Driver S3: Apple Lower Filter Driver - (AppleLowerFilter) - C:\WINDOWS\System32\drivers\AppleLowerFilter.sys (sign: 'Apple Inc.')
O23 - Driver S3: Apple Mobile Device Ethernet Service - (Netaapl) - C:\WINDOWS\System32\drivers\netaapl64.sys (+safe mode) (sign: 'Microsoft' - Apple Inc.)
O23 - Driver S3: Focusrite Usb - (Focusriteusb) - C:\WINDOWS\System32\drivers\Focusriteusb.sys (sign: 'Microsoft' - Focusrite Audio Engineering Ltd.)
O23 - Driver S3: Focusrite Usb Audio - (Focusriteusb_AUDIO) - C:\WINDOWS\system32\drivers\FocusriteusbAudio.sys (sign: 'Microsoft' - Focusrite Audio Engineering Ltd.)
O23 - Driver S3: Intel® Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: Wintun - (wintun) - C:\WINDOWS\System32\drivers\wintun.sys (sign: 'Microsoft' - WireGuard LLC)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'aatap'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'Netaapl'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'Netwtw10'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'uvtap'
O26 - Office Addin: HKCU\..\PowerPivotExcelClientAddIn.NativeEntry.1 - (Microsoft Power Pivot for Excel) -> (no file)
O26 - Office Addin: HKLM\..\Apple.DAV.Addin - (iCloud Outlook Add-in) -> C:\ProgramData\Apple Inc\iCloud\Outlook\APLZOD6432.dll (sign: 'Apple Inc.')
O26-32 - Office Addin: HKLM\..\Apple.DAV.Addin - (iCloud Outlook Add-in) -> C:\ProgramData\Apple Inc\iCloud\Outlook\APLZOD32.dll (sign: 'Apple Inc.')



Debug information:

- 17.05.2025 16:53:26 - modFile.OpenW - #0 LastDllError = 1920 (The file cannot be accessed by the system.) Cannot open file: C:\Users\oxfer\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe
- 17.05.2025 16:53:34 - modFile.OpenW - #0 LastDllError = 1920 (The file cannot be accessed by the system.) Cannot open file: C:\Users\oxfer\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe

--
End of file - Time spent: 30.9 sec. - 121380 bytes, CRC32: FFFFFFFF. Sign: 쪴쵼


Edited by Keethroolz, Yesterday, 05:59 PM.

    Advertisements

Register to Remove

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·