Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2023 Ran by 3770 (administrator) on 3770I7 (08-08-2023 12:51:03) Running from C:\Users\3770\Downloads\FRST64.exe Loaded Profiles: 3770 Platform: Microsoft Windows 10 Pro Version 22H2 19045.2364 (X64) Language: Russian (Russia) -> English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (BELLSOFT -> BellSoft) C:\Users\3770\AppData\Roaming\NCALayer\jre\bin\javaw.exe (C:\Program Files\RealVNC\VNC Server\vncserver.exe ->) (RealVNC Ltd -> RealVNC) C:\Program Files\RealVNC\VNC Server\vncagent.exe (C:\Program Files\RealVNC\VNC Server\vncserver.exe ->) (RealVNC Ltd -> RealVNC) C:\Program Files\RealVNC\VNC Server\vncserverui.exe (explorer.exe ->) (Notepad++ -> Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9> (services.exe ->) () [Access Denied] C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (RealVNC Ltd -> RealVNC) C:\Program Files\RealVNC\VNC Server\vncserver.exe (services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Softdeluxe) [File not signed] C:\Program Files\Free Download Manager\helperservice.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2265096 2023-05-09] (voidtools -> voidtools) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [13810512 2023-07-24] (SteelSeries ApS -> SteelSeries ApS) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1073144 2021-09-25] (Heidi Computers Ltd -> The Eraser Project) HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:cortana;privacy-automaticfiledownloads;privacy-feedback HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION HKLM\Software\Policies\...\system: [EnableActivityFeed] 0 HKLM\Software\Policies\...\system: [PublishUserActivities] 0 HKLM\Software\Policies\...\system: [UploadUserActivities] 0 HKLM\Software\Policies\...\system: [EnableSmartScreen] 0 HKU\S-1-5-19\...\RunOnce: [SystemUsesLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 (No File) <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [AppsUseLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 0 (No File) <==== ATTENTION HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKU\S-1-5-20\...\RunOnce: [SystemUsesLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 (No File) <==== ATTENTION HKU\S-1-5-20\...\RunOnce: [AppsUseLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 0 (No File) <==== ATTENTION HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKU\S-1-5-21-3950870073-693449730-955634714-1002\...\Run: [Free Download Manager] => C:\Program Files\Free Download Manager\fdm.exe [6179840 2023-03-13] (Softdeluxe) [File not signed] HKU\S-1-5-21-3950870073-693449730-955634714-1002\...\Run: [f.lux] => C:\Users\3770\AppData\Local\FluxSoftware\Flux\flux.exe [1525880 2023-05-19] (F.lux Software LLC -> f.lux Software LLC) HKU\S-1-5-21-3950870073-693449730-955634714-1002\...\Run: [qBittorrent] => C:\Program Files\qBittorrent\qbittorrent.exe [29919744 2023-06-18] (The qBittorrent Project) [File not signed] HKU\S-1-5-21-3950870073-693449730-955634714-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIPRE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-3950870073-693449730-955634714-1002\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [4374376 2023-07-29] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-3950870073-693449730-955634714-1002\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKU\S-1-5-21-3950870073-693449730-955634714-1002\...\Policies\Explorer: [TaskbarNoThumbnail] 1 HKU\S-1-5-18\...\RunOnce: [SystemUsesLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 (No File) <==== ATTENTION HKU\S-1-5-18\...\RunOnce: [AppsUseLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 0 (No File) <==== ATTENTION HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKLM\...\Print\Monitors\EPSON L805 Series 64MonitorBE: C:\Windows\system32\E_YLMBPRE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\115.0.5790.171\Installer\chrmstp.exe [2023-08-08] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install Startup: C:\Users\3770\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HTGBack.exe - Shortcut.lnk [2023-05-21] ShortcutTarget: HTGBack.exe - Shortcut.lnk -> C:\Program Files\HTGBack\HTGBack.exe () [File not signed] Startup: C:\Users\3770\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NCALayer.lnk [2023-06-23] ShortcutTarget: NCALayer.lnk -> C:\Users\3770\AppData\Roaming\NCALayer\NCALayer.exe () [File not signed] [File is in use] <==== ATTENTION GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1ACF472D-0D74-4E08-A8C6-664728039852} - System32\Tasks\AdobeAAMUpdater-1.0-3770I7-3770 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {7EB9020E-CD56-4187-B312-BB3000D2953A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5141704 2022-12-25] (Microsoft Windows -> Microsoft Corporation) Task: {63B4223C-CEF5-4B9D-A6F4-2C261F7BD833} - System32\Tasks\EPSON L805 Series Update {DEA05CC1-7680-4516-BE15-1231C44E865F} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPRE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) Task: {2A99A670-A8DD-4C37-ADC4-3D2843CA0CF1} - System32\Tasks\FreeDownloadManagerHelperService => C:\Program Files\Free Download Manager\helperservice.exe [129536 2023-03-13] (Softdeluxe) [File not signed] Task: {31BA1EF9-B19D-44DA-A7DA-A1919482AEEF} - System32\Tasks\GoogleUpdateTaskMachineCore{58032292-BB05-47EE-A135-40FF908569D0} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-08-08] (Google LLC -> Google LLC) Task: {1C9C4058-7F6B-4F42-902F-5056566E5F9A} - System32\Tasks\GoogleUpdateTaskMachineUA{06E90D11-849D-4DEF-B37E-F3B16E77F18D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-08-08] (Google LLC -> Google LLC) Task: {ADB63EFB-328A-4A16-9165-20D576630C26} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-05-12] () [File not signed] Task: {BDC4DA37-0F33-4C49-8EBF-3E3B59CEB1D3} - System32\Tasks\KMSAuto => C:\Windows\KMSAutoS\KMSAutox64.exe [5363064 2022-10-18] (WZTeam -> ) [File not signed] Task: {A709A707-ED76-4CD2-B166-DCB654CDFC62} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2023-03-30] (Microsoft Corporation -> Microsoft Corporation) Task: {2BC52837-6332-4919-9322-139C467FE411} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2023-03-30] (Microsoft Corporation -> Microsoft Corporation) Task: {1C1AB1AF-C07F-4F20-90F0-6FBA981FE4DF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141280 2023-05-16] (Microsoft Corporation -> Microsoft Corporation) Task: {0DAD5923-E289-4613-9941-BBF3A6FB0B19} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141280 2023-05-16] (Microsoft Corporation -> Microsoft Corporation) Task: {58CED741-058F-484C-9529-E0B180073238} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} Task: {9E0AF36C-631E-400D-B317-849D00121B1A} - System32\Tasks\Microsoft\Windows\WindowsBackup\CashClean => C:\Programdata\ReaItekHD\taskhostw.exe (No File) <==== ATTENTION Task: {E5DC9A99-3782-4D1A-969C-AAA0D0FA823A} - System32\Tasks\Microsoft\Windows\WindowsBackup\OnlogonCheck => C:\Programdata\ReaItekHD\taskhostw.exe (No File) <==== ATTENTION Task: {8E66612F-43D4-4AC1-BC01-9AAE978A8F54} - System32\Tasks\Microsoft\Windows\Wininet\1Hor => C:\Programdata\Microsoft\bntbr\Game.exe [53940238 2023-05-23] () [File not signed] <==== ATTENTION Task: {40E50701-BFA0-41A2-A024-BEE1E177F6E2} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-08-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {D536919C-1B3E-40EA-A43F-3B7637DCDB01} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-05] (Mozilla Corporation -> Mozilla Foundation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\EPSON L805 Series Update {DEA05CC1-7680-4516-BE15-1231C44E865F}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPRE.EXE:/EXE:{DEA05CC1-7680-4516-BE15-1231C44E865F} /F:UpdateWORKGROUP\3770I7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{6c2f9645-95f7-479b-bb0f-2eb4c739c117}: [NameServer] 8.8.4.4,192.168.100.1 Tcpip\..\Interfaces\{9faa7ea2-2a74-48f5-8434-a6fde559f2ac}: [NameServer] 192.168.100.1,8.8.8.8 FireFox: ======== FF DefaultProfile: nahd6ha2.default FF ProfilePath: C:\Users\3770\AppData\Roaming\Mozilla\Firefox\Profiles\enaf93d8.default-release [2023-08-07] FF Extension: (Auto Refresh Page - Автообновление страницы) - C:\Users\3770\AppData\Roaming\Mozilla\Firefox\Profiles\enaf93d8.default-release\Extensions\{da35dad8-f912-4c74-8f64-c4e6e6d62610}.xpi [2023-07-22] FF ProfilePath: C:\Users\3770\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2023-07-18] FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxps://www.google.com/ FF SearchPlugin: C:\Users\3770\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-20233418.xml [2023-07-18] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-12-25] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-12-25] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2023-08-03] () [File not signed] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems) Chrome: ======= CHR Profile: C:\Users\3770\AppData\Local\Google\Chrome\User Data\Default [2023-08-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\3770\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-08-08] CHR HKU\S-1-5-21-3950870073-693449730-955634714-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gndelhfhcfbdhndfpcinebijfcjpmpec] Yandex: ======= YAN Profile: C:\Users\3770\AppData\Local\Yandex\YandexBrowser\User Data\Default [2023-07-18] YAN DownloadDir: C:\temp ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKLM\SYSTEM\CurrentControlSet\Services\458E99EA397E9914 <==== ATTENTION (Rootkit!) S2 Everything; C:\Program Files\Everything\Everything.exe [2265096 2023-05-09] (voidtools -> voidtools) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2022-12-25] (Microsoft Windows Publisher -> Microsoft Corporation) S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-10-04] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-10-04] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe [37712 2023-07-24] (SteelSeries ApS -> ) R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [7319808 2023-04-03] (RealVNC Ltd -> RealVNC) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S2 ClickToRunSvc; "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service [X] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe <==== ATTENTION (Access Denied) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 libusbK; C:\Windows\System32\drivers\libusbK.sys [47928 2023-05-17] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-08-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [199640 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77752 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181984 2023-08-08] (Malwarebytes Inc. -> Malwarebytes) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> ) R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [43472 2023-03-27] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS) S3 sshid; C:\Windows\System32\drivers\sshid.sys [44456 2023-03-13] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 SteelSeries_Sonar_VAD; C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_da15ab44a6216a8e\SteelSeries-Sonar-VAD.sys [95440 2023-03-18] (SteelSeries ApS -> Windows (R) Win 7 DDK provider) R1 UimBus; C:\Windows\System32\drivers\uimbus.sys [108856 2017-04-11] (Paragon Software GmbH -> Paragon Software GmbH) R1 Uim_DEVIM; C:\Windows\System32\drivers\uimdevim.sys [44848 2017-04-11] (Paragon Software GmbH -> Paragon Software GmbH) S0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2021-11-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation) U4 dcpsvc; no ImagePath U4 DiagTrack; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-08-08 16:59 - 2023-08-08 18:06 - 000000000 ____D C:\DrWeb Quarantine 2023-08-08 16:59 - 2023-08-08 10:52 - 097517568 _____ C:\Windows\system32\config\SOFTWARE.dw_backup 2023-08-08 15:30 - 2023-08-08 15:41 - 000000000 ____D C:\Users\3770\Doctor Web 2023-08-08 15:23 - 2023-08-08 15:51 - 000000000 __SHD C:\Program Files (x86)\IObit 2023-08-08 15:23 - 2023-08-08 15:51 - 000000000 __SHD C:\AdwCleaner 2023-08-08 15:23 - 2023-08-08 15:44 - 000000000 ___HD C:\Program Files\RDP Wrapper 2023-08-08 15:23 - 2023-08-08 15:42 - 000000000 __SHD C:\ProgramData\Windows Tasks Service 2023-08-08 15:23 - 2023-08-08 15:23 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Users\3770\Downloads\AV_block_remover 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Users\3770\Downloads\AutoLogger 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Users\3770\Desktop\AV_block_remover 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Users\3770\Desktop\AutoLogger 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\WavePad 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\RobotDemo 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\PuzzleMedia 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\princeton-produce 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\Norton 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\McAfee 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\MB3Install 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\Kaspersky Lab Setup Files 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\Kaspersky Lab 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\grizzly 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\FingerPrint 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\Evernote 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\ESET 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\Doctor Web 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\BookManager 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\AVAST Software 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\360safe 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\Transmission 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\SUPERAntiSpyware 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\SpyHunter 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\RogueKiller 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\Ravantivirus 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\Rainmeter 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\Process Lasso 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\Process Hacker 2 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\Loaris Trojan Remover 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\Kaspersky Lab 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\HitmanPro 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\ESET 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\EnigmaSoft 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\Enigma Software Group 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\DrWeb 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\COMODO 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\Common Files\McAfee 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\Common Files\Doctor Web 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\Common Files\AV 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\Cezurity 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\ByteFence 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\Bitdefender Agent 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\AVG 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files\AVAST Software 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files (x86)\Transmission 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files (x86)\SpyHunter 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files (x86)\SpeedFan 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files (x86)\Panda Security 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files (x86)\Moo0 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files (x86)\Microsoft JDX 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files (x86)\Kaspersky Lab 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files (x86)\GRIZZLY Antivirus 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files (x86)\Cezurity 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files (x86)\AVG 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files (x86)\AVAST Software 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\Program Files (x86)\360 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\KVRT2020_Data 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\KVRT_Data 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 ____D C:\Windows\speechstracing 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 ____D C:\Users\3770\AppData\Roaming\RMS_settings 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 ____D C:\ProgramData\Avira 2023-08-08 15:23 - 2023-08-08 12:51 - 000000000 ____D C:\FRST 2023-08-08 15:23 - 2023-08-08 12:20 - 000000000 __SHD C:\ProgramData\Malwarebytes 2023-08-08 15:23 - 2023-08-08 12:20 - 000000000 __SHD C:\Program Files\Malwarebytes 2023-08-08 15:22 - 2023-08-08 18:06 - 000000000 __SHD C:\ProgramData\WindowsTask 2023-08-08 15:22 - 2023-08-08 18:06 - 000000000 __SHD C:\ProgramData\Setup 2023-08-08 15:22 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\Install 2023-08-08 15:22 - 2023-08-08 15:22 - 000000000 __SHD C:\ProgramData\RunDLL 2023-08-08 15:22 - 2023-08-08 15:22 - 000000000 ____D C:\ProgramData\System32 2023-08-08 15:22 - 2023-08-08 11:11 - 000000000 __SHD C:\ProgramData\ReaItekHD 2023-08-08 12:51 - 2023-08-08 12:51 - 000019680 _____ C:\Users\3770\Downloads\FRST.txt 2023-08-08 12:50 - 2023-08-08 12:50 - 002384896 _____ (Farbar) C:\Users\3770\Downloads\FRST64.exe 2023-08-08 12:41 - 2023-08-08 12:41 - 000000000 ____D C:\Program Files\AutoLogger 2023-08-08 12:37 - 2023-08-08 12:40 - 018264231 _____ C:\Users\3770\Downloads\AutoLogger.zip 2023-08-08 12:34 - 2023-08-08 12:42 - 000000428 _____ C:\Users\3770\Downloads\oszone.txt 2023-08-08 12:30 - 2023-08-08 12:30 - 010112832 _____ C:\Users\3770\Downloads\avz4.zip 2023-08-08 12:30 - 2023-08-08 12:30 - 000000000 ____D C:\Users\3770\Downloads\avz4 2023-08-08 12:23 - 2023-08-08 12:23 - 008791352 _____ (Malwarebytes) C:\Users\3770\Downloads\adwcleaner.exe 2023-08-08 12:21 - 2023-08-08 12:30 - 000000000 ____D C:\Users\3770\AppData\LocalLow\IGDump 2023-08-08 12:21 - 2023-08-08 12:21 - 000181984 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2023-08-08 12:21 - 2023-08-08 12:21 - 000002039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2023-08-08 12:21 - 2023-08-08 12:21 - 000002027 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2023-08-08 12:20 - 2023-08-08 12:20 - 002649072 _____ (Malwarebytes) C:\Users\3770\Downloads\MBSetup-076886.076886-consumer.exe 2023-08-08 12:19 - 2023-08-08 12:19 - 000003080 _____ C:\Users\3770\Desktop\Rkill.txt 2023-08-08 12:19 - 2023-08-08 12:19 - 000000000 ____D C:\Users\3770\Desktop\rkill 2023-08-08 12:17 - 2023-08-08 12:17 - 000002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-08-08 12:17 - 2023-08-08 12:17 - 000002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2023-08-08 12:17 - 2023-08-08 12:17 - 000000000 ____D C:\Program Files\Google 2023-08-08 12:16 - 2023-08-08 12:16 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{06E90D11-849D-4DEF-B37E-F3B16E77F18D} 2023-08-08 12:16 - 2023-08-08 12:16 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{58032292-BB05-47EE-A135-40FF908569D0} 2023-08-08 11:05 - 2023-08-08 11:05 - 000388608 _____ (Trend Micro Inc.) C:\Users\3770\Downloads\HijackThis.exe 2023-08-06 23:31 - 2023-08-06 23:32 - 000000000 ____D C:\Users\3770\Documents\PS Vita 2023-08-06 23:31 - 2023-08-06 23:31 - 000000000 ____D C:\Users\3770\Documents\PSV Updates 2023-08-06 23:31 - 2023-08-06 23:31 - 000000000 ____D C:\Users\3770\Documents\PSV Packages 2023-08-06 23:31 - 2023-08-06 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qcma 2023-08-06 23:31 - 2023-08-06 23:31 - 000000000 ____D C:\Program Files\Qcma 2023-08-06 23:31 - 2016-09-08 22:18 - 000099128 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusbK.dll 2023-08-06 23:31 - 2016-09-08 22:18 - 000084280 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusbK.dll 2023-08-03 19:34 - 2023-08-03 19:34 - 000000000 ____D C:\ProgramData\boost_interprocess 2023-08-03 13:58 - 2023-08-03 13:58 - 000000000 ____D C:\Users\3770\AppData\Roaming\Netscape 2023-08-03 13:58 - 2023-08-03 13:58 - 000000000 ____D C:\Program Files (x86)\Photodex Presenter 2023-08-03 13:57 - 2023-08-03 13:57 - 000000000 ____D C:\Program Files (x86)\Photodex 2023-08-03 13:56 - 2023-08-03 13:58 - 000000000 ____D C:\ProgramData\Photodex 2023-08-03 13:56 - 2023-08-03 13:56 - 000000000 ____D C:\Users\3770\AppData\Roaming\Photodex 2023-08-03 13:55 - 2023-08-03 13:56 - 000000000 ____D C:\Users\3770\Documents\Bandicam 2023-08-03 13:55 - 2023-08-03 13:55 - 000000000 ____D C:\Users\3770\AppData\Roaming\Bandicam Company 2023-08-03 13:54 - 2023-08-03 13:58 - 000000000 ____D C:\Program Files (x86)\Bandicam 2023-08-03 13:54 - 2023-08-03 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam 2023-08-03 13:54 - 2023-08-03 13:54 - 000000000 ____D C:\Program Files (x86)\BandiMPEG1 2023-07-25 18:34 - 2023-07-25 19:22 - 000000000 ____D C:\Users\3770\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2023-07-25 18:34 - 2023-07-25 18:34 - 000000000 ____D C:\Users\3770\AppData\LocalLow\Abama Entertainment 2023-07-25 18:32 - 2023-07-25 18:33 - 000000000 ____D C:\Users\3770\AppData\Local\Steam 2023-07-25 18:32 - 2023-07-25 18:32 - 000000739 _____ C:\Users\Public\Desktop\Steam.lnk 2023-07-25 18:32 - 2023-07-25 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2023-07-25 11:59 - 2023-07-25 11:59 - 000000279 _____ C:\Users\3770\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk 2023-07-22 19:52 - 2023-08-08 15:44 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-07-22 19:52 - 2023-08-08 15:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-07-22 19:52 - 2023-08-07 01:40 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-07-22 19:52 - 2023-08-05 12:43 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-07-22 19:52 - 2023-07-22 19:52 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk 2023-07-22 19:52 - 2023-07-22 19:52 - 000000999 _____ C:\Users\3770\Desktop\Firefox.lnk 2023-07-22 19:52 - 2023-07-22 19:52 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2023-07-20 10:01 - 2023-07-20 10:01 - 000016760 _____ C:\Windows\system32\SppExtComObjHook.dll 2023-07-18 13:34 - 2023-08-03 13:58 - 000000000 ____D C:\Users\3770\AppData\Roaming\Mozilla 2023-07-18 13:34 - 2023-07-18 13:35 - 000000000 ____D C:\Users\3770\AppData\Roaming\Yandex 2023-07-18 13:34 - 2023-07-18 13:34 - 000000000 ____D C:\Users\3770\AppData\Roaming\Opera Software 2023-07-18 13:34 - 2023-07-18 13:34 - 000000000 ____D C:\Users\3770\AppData\Local\Yandex 2023-07-18 13:34 - 2023-07-18 13:34 - 000000000 ____D C:\Users\3770\AppData\Local\Mozilla 2023-07-18 13:34 - 2023-07-18 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDjView 2023-07-18 13:34 - 2023-07-18 13:34 - 000000000 ____D C:\Program Files\WinDjView 2023-07-16 15:45 - 2023-07-16 15:45 - 000003584 _____ C:\Users\3770\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2023-07-16 14:05 - 2023-07-16 14:14 - 000000000 ____D C:\Users\3770\AppData\Local\eMule 2023-07-16 14:05 - 2023-07-16 14:05 - 000000000 ____D C:\Users\3770\Downloads\eMule 2023-07-16 14:05 - 2023-07-16 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule 2023-07-16 14:05 - 2023-07-16 14:05 - 000000000 ____D C:\ProgramData\eMule 2023-07-16 14:05 - 2023-07-16 14:05 - 000000000 ____D C:\Program Files (x86)\eMule 2023-07-15 11:51 - 2023-07-15 11:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Attribute Changer 2023-07-15 11:51 - 2023-07-15 11:51 - 000000000 ____D C:\Program Files\Attribute Changer 2023-07-12 11:54 - 2023-07-12 11:54 - 000000000 ____D C:\Users\3770\Documents\orcsoft 2023-07-12 09:57 - 2023-07-12 09:57 - 000000000 ____D C:\Users\3770\AppData\Local\Eraser 6 ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-08-08 16:42 - 2023-05-17 00:19 - 000000540 __RSH C:\ProgramData\ntuser.pol 2023-08-08 16:06 - 2023-05-15 19:36 - 000000000 ____D C:\Users\3770\AppData\Local\RealVNC 2023-08-08 15:51 - 2019-12-07 15:14 - 000000000 ____D C:\Windows\AppReadiness 2023-08-08 15:23 - 2019-12-07 15:14 - 000000000 ____D C:\Program Files\Common Files\System 2023-08-08 14:58 - 2022-12-25 09:40 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-08-08 12:49 - 2023-06-15 12:24 - 000000000 ____D C:\temp 2023-08-08 12:36 - 2019-12-07 15:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-08-08 12:27 - 2022-12-25 10:37 - 000000000 ____D C:\Users\3770\AppData\Local\VirtualStore 2023-08-08 12:24 - 2023-05-15 20:09 - 000000000 ____D C:\ProgramData\RealVNC-Service 2023-08-08 12:22 - 2023-05-15 17:27 - 000000000 ____D C:\Users\3770\AppData\Roaming\qBittorrent 2023-08-08 12:22 - 2023-05-15 17:17 - 000000000 ____D C:\Program Files (x86)\Google 2023-08-08 12:22 - 2022-09-08 09:15 - 000000000 ____D C:\Windows\SystemTemp 2023-08-08 12:21 - 2019-12-07 15:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2023-08-08 12:17 - 2023-05-15 17:17 - 000000000 ____D C:\Users\3770\AppData\Local\Google 2023-08-08 12:13 - 2022-12-25 09:48 - 001663222 _____ C:\Windows\system32\PerfStringBackup.INI 2023-08-08 12:13 - 2019-12-07 20:34 - 000733856 _____ C:\Windows\system32\perfh019.dat 2023-08-08 12:13 - 2019-12-07 20:34 - 000143868 _____ C:\Windows\system32\perfc019.dat 2023-08-08 12:13 - 2019-12-07 15:13 - 000000000 ____D C:\Windows\INF 2023-08-08 12:06 - 2023-05-15 17:20 - 000000000 __SHD C:\Users\3770\IntelGraphicsProfiles 2023-08-08 12:06 - 2022-12-25 10:37 - 000000000 ____D C:\Users\3770 2023-08-08 12:06 - 2022-12-25 09:40 - 000008192 ___SH C:\DumpStack.log.tmp 2023-08-08 12:06 - 2022-12-25 09:40 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-08-08 11:13 - 2023-05-15 22:33 - 000000000 ____D C:\Users\3770\AppData\Local\Everything 2023-08-08 11:13 - 2023-05-15 19:49 - 000000000 ____D C:\Users\3770\AppData\Roaming\Everything 2023-08-08 11:13 - 2019-12-07 15:03 - 000131072 _____ C:\Windows\system32\config\BBI 2023-08-08 02:00 - 2023-05-15 20:54 - 000000000 ____D C:\Users\3770\AppData\Local\Adobe 2023-08-06 23:34 - 2023-05-19 20:29 - 000000000 ____D C:\Users\3770\AppData\Local\CrashDumps 2023-08-06 16:06 - 2023-05-16 22:01 - 000000000 ____D C:\Users\3770\AppData\Roaming\Electron 2023-08-06 16:06 - 2023-05-16 22:01 - 000000000 ____D C:\Program Files\Switch-Library-Manager-1.5.3-Windows 2023-08-06 16:03 - 2023-05-16 21:52 - 000000000 ____D C:\Users\3770\switch-library-manager 2023-08-03 18:54 - 2023-05-30 19:57 - 000000000 ____D C:\Users\3770\AppData\Roaming\steelseries-gg-client 2023-08-03 14:40 - 2023-05-16 17:45 - 000000000 ____D C:\Users\3770\AppData\Roaming\foobar2000-v2 2023-07-30 10:32 - 2023-05-18 13:22 - 000000883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk 2023-07-30 10:32 - 2023-05-15 20:32 - 000000000 ____D C:\Users\3770\AppData\Roaming\Notepad++ 2023-07-30 10:01 - 2022-12-25 10:35 - 000000000 ____D C:\Windows\KMSAutoS 2023-07-29 17:37 - 2019-12-07 15:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-07-28 10:03 - 2023-05-19 20:13 - 000000000 ____D C:\Program Files\4nxci-v4.03_GUI 2023-07-24 14:25 - 2023-06-23 08:57 - 000000000 ____D C:\Users\3770\AppData\Roaming\NCALayer 2023-07-17 11:12 - 2022-12-25 10:37 - 000000000 ___SD C:\Users\3770\AppData\Roaming\Microsoft\Protect 2023-07-15 11:02 - 2023-05-24 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge 2023-07-15 11:02 - 2023-05-24 18:22 - 000000000 ____D C:\Program Files (x86)\WinMerge 2023-07-10 15:35 - 2023-07-06 13:21 - 000000000 ____D C:\Users\3770\AppData\Roaming\lss ==================== Files in the root of some directories ======== 2022-12-25 09:48 - 2022-12-25 10:13 - 000001793 _____ () C:\ProgramData\ChrEdgeFkOff.vbs 2022-12-25 09:48 - 2021-08-05 12:44 - 000480656 _____ (Microsoft Corporation) C:\ProgramData\ie_to_edge_stub.exe 2023-05-18 16:36 - 2023-05-18 16:36 - 000000024 _____ () C:\Users\3770\AppData\Roaming\epm_user.ini 2023-05-16 08:53 - 2023-05-16 08:53 - 000000050 _____ () C:\Users\3770\AppData\Local\Adobe Save for Web 13.0 Prefs 2023-07-16 15:45 - 2023-07-16 15:45 - 000003584 _____ () C:\Users\3770\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2023-05-15 20:20 - 2023-05-15 20:20 - 000007649 _____ () C:\Users\3770\AppData\Local\Resmon.ResmonCfg ==================== FLock ============================== 2023-08-08 15:23 C:\Program Files\AVAST Software 2023-08-08 15:23 C:\Program Files\AVG 2023-08-08 15:23 C:\Program Files\Bitdefender Agent 2023-08-08 15:23 C:\Program Files\ByteFence 2023-08-08 15:23 C:\Program Files\Cezurity 2023-08-08 15:23 C:\Program Files\COMODO 2023-08-08 15:23 C:\Program Files\DrWeb 2023-08-08 15:23 C:\Program Files\Enigma Software Group 2023-08-08 15:23 C:\Program Files\EnigmaSoft 2023-08-08 15:23 C:\Program Files\ESET 2023-08-08 15:23 C:\Program Files\HitmanPro 2023-08-08 15:23 C:\Program Files\Kaspersky Lab 2023-08-08 15:23 C:\Program Files\Loaris Trojan Remover 2023-08-08 12:20 C:\Program Files\Malwarebytes 2023-08-08 15:23 C:\Program Files\Process Hacker 2 2023-08-08 15:23 C:\Program Files\Process Lasso 2023-08-08 15:23 C:\Program Files\Rainmeter 2023-08-08 15:23 C:\Program Files\Ravantivirus 2023-08-08 15:23 C:\Program Files\RogueKiller 2023-08-08 15:23 C:\Program Files\SpyHunter 2023-08-08 15:23 C:\Program Files\SUPERAntiSpyware 2023-08-08 15:23 C:\Program Files\Transmission 2023-08-08 15:23 C:\Program Files (x86)\360 2023-08-08 15:23 C:\Program Files (x86)\AVAST Software 2023-08-08 15:23 C:\Program Files (x86)\AVG 2023-08-08 15:23 C:\Program Files (x86)\Cezurity 2023-08-08 15:23 C:\Program Files (x86)\GRIZZLY Antivirus 2023-08-08 15:23 C:\Program Files (x86)\Kaspersky Lab 2023-08-08 15:23 C:\Program Files (x86)\Microsoft JDX 2023-08-08 15:23 C:\Program Files (x86)\Moo0 2023-08-08 15:23 C:\Program Files (x86)\Panda Security 2023-08-08 15:23 C:\Program Files (x86)\SpeedFan 2023-08-08 15:23 C:\Program Files (x86)\SpyHunter 2023-08-08 15:23 C:\Program Files (x86)\Transmission 2023-08-08 15:23 C:\Program Files\Common Files\AV 2023-08-08 15:23 C:\Program Files\Common Files\Doctor Web 2023-08-08 15:23 C:\Program Files\Common Files\McAfee 2023-08-08 15:23 C:\Users\3770\Desktop\AutoLogger 2023-08-08 15:23 C:\Users\3770\Desktop\AV_block_remover 2023-08-08 15:23 C:\Users\3770\Downloads\AutoLogger 2023-08-08 15:23 C:\Users\3770\Downloads\AV_block_remover 2023-08-08 15:23 C:\ProgramData\360safe 2023-08-08 15:23 C:\ProgramData\AVAST Software 2023-08-08 15:23 C:\ProgramData\Avira 2023-08-08 15:23 C:\ProgramData\BookManager 2023-08-08 15:23 C:\ProgramData\Doctor Web 2023-08-08 15:23 C:\ProgramData\ESET 2023-08-08 15:23 C:\ProgramData\Evernote 2023-08-08 15:23 C:\ProgramData\FingerPrint 2023-08-08 15:23 C:\ProgramData\grizzly 2023-08-08 15:23 C:\ProgramData\Kaspersky Lab 2023-08-08 15:23 C:\ProgramData\Kaspersky Lab Setup Files 2023-08-08 15:23 C:\ProgramData\McAfee 2023-08-08 15:23 C:\ProgramData\Norton 2023-08-08 15:23 C:\ProgramData\princeton-produce 2023-08-08 15:23 C:\ProgramData\PuzzleMedia 2023-08-08 15:23 C:\ProgramData\RobotDemo 2023-08-08 15:23 C:\ProgramData\WavePad ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION ==================== End of FRST.txt ========================