Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2023 Ran by 3770 (administrator) on 3770PC (09-08-2023 12:37:48) Running from C:\Users\3770\Desktop\FRST64.exe Loaded Profiles: 3770 Platform: Microsoft Windows 10 Pro Version 22H2 19045.2364 (X64) Language: Russian (Russia) -> English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (C:\Program Files\RealVNC\VNC Server\vncserver.exe ->) (RealVNC Ltd -> RealVNC) C:\Program Files\RealVNC\VNC Server\vncagent.exe (C:\Program Files\RealVNC\VNC Server\vncserver.exe ->) (RealVNC Ltd -> RealVNC) C:\Program Files\RealVNC\VNC Server\vncserverui.exe (C:\Users\3770\AppData\Roaming\NCALayer\NCALayer.exe ->) (BELLSOFT -> BellSoft) C:\Users\3770\AppData\Roaming\NCALayer\jre\bin\javaw.exe (cmd.exe ->) (Softdeluxe) [File not signed] C:\Program Files\Free Download Manager\wenativehost.exe (D:\NSCB_101bx64\NSCB.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (explorer.exe ->) () [File not signed] [File is in use] C:\Users\3770\AppData\Roaming\NCALayer\NCALayer.exe (explorer.exe ->) () [File not signed] C:\Program Files\HTGBack\HTGBack.exe (explorer.exe ->) () [File not signed] D:\NSCB_101bx64\NSCB.exe (explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\3770\AppData\Local\FluxSoftware\Flux\flux.exe (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (explorer.exe ->) (Notepad++ -> Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (explorer.exe ->) (RealVNC Ltd -> RealVNC) C:\Program Files\RealVNC\VNC Viewer\vncviewer.exe (explorer.exe ->) (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIPRE.EXE (explorer.exe ->) (Softdeluxe) [File not signed] C:\Program Files\Free Download Manager\fdm.exe (explorer.exe ->) (The qBittorrent Project) [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <14> (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe (services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (services.exe ->) (RealVNC Ltd -> RealVNC) C:\Program Files\RealVNC\VNC Server\vncserver.exe (services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe (services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Softdeluxe) [File not signed] C:\Program Files\Free Download Manager\helperservice.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2265096 2023-05-09] (voidtools -> voidtools) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [13810512 2023-07-24] (SteelSeries ApS -> SteelSeries ApS) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1073144 2021-09-25] (Heidi Computers Ltd -> The Eraser Project) HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:cortana;privacy-automaticfiledownloads;privacy-feedback HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION HKLM\Software\Policies\...\system: [EnableActivityFeed] 0 HKLM\Software\Policies\...\system: [PublishUserActivities] 0 HKLM\Software\Policies\...\system: [UploadUserActivities] 0 HKLM\Software\Policies\...\system: [EnableSmartScreen] 0 HKU\S-1-5-19\...\RunOnce: [SystemUsesLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 (No File) <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [AppsUseLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 0 (No File) <==== ATTENTION HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKU\S-1-5-20\...\RunOnce: [SystemUsesLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 (No File) <==== ATTENTION HKU\S-1-5-20\...\RunOnce: [AppsUseLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 0 (No File) <==== ATTENTION HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKU\S-1-5-21-3950870073-693449730-955634714-1002\...\Run: [Free Download Manager] => C:\Program Files\Free Download Manager\fdm.exe [6179840 2023-03-13] (Softdeluxe) [File not signed] HKU\S-1-5-21-3950870073-693449730-955634714-1002\...\Run: [f.lux] => C:\Users\3770\AppData\Local\FluxSoftware\Flux\flux.exe [1525880 2023-05-19] (F.lux Software LLC -> f.lux Software LLC) HKU\S-1-5-21-3950870073-693449730-955634714-1002\...\Run: [qBittorrent] => C:\Program Files\qBittorrent\qbittorrent.exe [29919744 2023-06-18] (The qBittorrent Project) [File not signed] HKU\S-1-5-21-3950870073-693449730-955634714-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIPRE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-3950870073-693449730-955634714-1002\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [4374376 2023-07-29] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-3950870073-693449730-955634714-1002\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKU\S-1-5-21-3950870073-693449730-955634714-1002\...\Policies\Explorer: [TaskbarNoThumbnail] 1 HKU\S-1-5-18\...\RunOnce: [SystemUsesLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 (No File) <==== ATTENTION HKU\S-1-5-18\...\RunOnce: [AppsUseLightTheme] => REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 0 (No File) <==== ATTENTION HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKLM\...\Print\Monitors\EPSON L805 Series 64MonitorBE: C:\Windows\system32\E_YLMBPRE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\115.0.5790.171\Installer\chrmstp.exe [2023-08-08] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install Startup: C:\Users\3770\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HTGBack.exe - Shortcut.lnk [2023-05-21] ShortcutTarget: HTGBack.exe - Shortcut.lnk -> C:\Program Files\HTGBack\HTGBack.exe () [File not signed] Startup: C:\Users\3770\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NCALayer.lnk [2023-06-23] ShortcutTarget: NCALayer.lnk -> C:\Users\3770\AppData\Roaming\NCALayer\NCALayer.exe () [File not signed] [File is in use] <==== ATTENTION GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1ACF472D-0D74-4E08-A8C6-664728039852} - System32\Tasks\AdobeAAMUpdater-1.0-3770I7-3770 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {7EB9020E-CD56-4187-B312-BB3000D2953A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5141704 2022-12-25] (Microsoft Windows -> Microsoft Corporation) Task: {63B4223C-CEF5-4B9D-A6F4-2C261F7BD833} - System32\Tasks\EPSON L805 Series Update {DEA05CC1-7680-4516-BE15-1231C44E865F} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPRE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) Task: {2A99A670-A8DD-4C37-ADC4-3D2843CA0CF1} - System32\Tasks\FreeDownloadManagerHelperService => C:\Program Files\Free Download Manager\helperservice.exe [129536 2023-03-13] (Softdeluxe) [File not signed] Task: {31BA1EF9-B19D-44DA-A7DA-A1919482AEEF} - System32\Tasks\GoogleUpdateTaskMachineCore{58032292-BB05-47EE-A135-40FF908569D0} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-08-08] (Google LLC -> Google LLC) Task: {1C9C4058-7F6B-4F42-902F-5056566E5F9A} - System32\Tasks\GoogleUpdateTaskMachineUA{06E90D11-849D-4DEF-B37E-F3B16E77F18D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-08-08] (Google LLC -> Google LLC) Task: {ADB63EFB-328A-4A16-9165-20D576630C26} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-05-12] () [File not signed] Task: {A709A707-ED76-4CD2-B166-DCB654CDFC62} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2023-03-30] (Microsoft Corporation -> Microsoft Corporation) Task: {2BC52837-6332-4919-9322-139C467FE411} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2023-03-30] (Microsoft Corporation -> Microsoft Corporation) Task: {1C1AB1AF-C07F-4F20-90F0-6FBA981FE4DF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141280 2023-05-16] (Microsoft Corporation -> Microsoft Corporation) Task: {0DAD5923-E289-4613-9941-BBF3A6FB0B19} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141280 2023-05-16] (Microsoft Corporation -> Microsoft Corporation) Task: {58CED741-058F-484C-9529-E0B180073238} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} Task: {40E50701-BFA0-41A2-A024-BEE1E177F6E2} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-08-09] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {D536919C-1B3E-40EA-A43F-3B7637DCDB01} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-09] (Mozilla Corporation -> Mozilla Foundation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\EPSON L805 Series Update {DEA05CC1-7680-4516-BE15-1231C44E865F}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPRE.EXE:/EXE:{DEA05CC1-7680-4516-BE15-1231C44E865F} /F:UpdateWORKGROUP\3770I7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{6c2f9645-95f7-479b-bb0f-2eb4c739c117}: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{9faa7ea2-2a74-48f5-8434-a6fde559f2ac}: [NameServer] 192.168.100.1,8.8.8.8 FireFox: ======== FF DefaultProfile: nahd6ha2.default FF ProfilePath: C:\Users\3770\AppData\Roaming\Mozilla\Firefox\Profiles\enaf93d8.default-release [2023-08-09] FF Extension: (Auto Refresh Page - Автообновление страницы) - C:\Users\3770\AppData\Roaming\Mozilla\Firefox\Profiles\enaf93d8.default-release\Extensions\{da35dad8-f912-4c74-8f64-c4e6e6d62610}.xpi [2023-07-22] FF ProfilePath: C:\Users\3770\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2023-07-18] FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxps://www.google.com/ FF SearchPlugin: C:\Users\3770\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-20233418.xml [2023-07-18] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-12-25] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-12-25] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2023-08-03] () [File not signed] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems) Chrome: ======= CHR Profile: C:\Users\3770\AppData\Local\Google\Chrome\User Data\Default [2023-08-09] CHR DownloadDir: C:\temp CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Extension: (Easy Auto Refresh) - C:\Users\3770\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2023-08-08] CHR Extension: (Free Download Manager) - C:\Users\3770\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2023-08-08] CHR Extension: (h264ify) - C:\Users\3770\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2023-08-08] CHR Extension: (uBlock Origin) - C:\Users\3770\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-08-08] CHR Extension: (РуТрекер - официальный плагин (доступ и пр.)) - C:\Users\3770\AppData\Local\Google\Chrome\User Data\Default\Extensions\fddjpichkajmnkjhcmpbbjdmmcodnkej [2023-08-08] CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\3770\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2023-08-08] CHR Extension: (Screenshot YouTube) - C:\Users\3770\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjoijpfmdhbjkkgnmahganhoinjjpohk [2023-08-08] CHR Extension: (Доступ к Рутрекеру) - C:\Users\3770\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbdmhpkmonokeldelekgfefldfboblbj [2023-08-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\3770\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-08-08] CHR Extension: (Grammar Checker & Paraphraser – LanguageTool) - C:\Users\3770\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldceeleldhonbafppcapldpdifcinji [2023-08-08] CHR HKU\S-1-5-21-3950870073-693449730-955634714-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gndelhfhcfbdhndfpcinebijfcjpmpec] Yandex: ======= YAN Profile: C:\Users\3770\AppData\Local\Yandex\YandexBrowser\User Data\Default [2023-07-18] YAN DownloadDir: C:\temp ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Everything; C:\Program Files\Everything\Everything.exe [2265096 2023-05-09] (voidtools -> voidtools) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2022-12-25] (Microsoft Windows Publisher -> Microsoft Corporation) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-10-04] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-10-04] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe [37712 2023-07-24] (SteelSeries ApS -> ) R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [7319808 2023-04-03] (RealVNC Ltd -> RealVNC) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S2 ClickToRunSvc; "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 libusbK; C:\Windows\System32\drivers\libusbK.sys [47928 2023-05-17] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> ) R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [43472 2023-03-27] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS) S3 sshid; C:\Windows\System32\drivers\sshid.sys [44456 2023-03-13] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 SteelSeries_Sonar_VAD; C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_da15ab44a6216a8e\SteelSeries-Sonar-VAD.sys [95440 2023-03-18] (SteelSeries ApS -> Windows (R) Win 7 DDK provider) R1 UimBus; C:\Windows\System32\drivers\uimbus.sys [108856 2017-04-11] (Paragon Software GmbH -> Paragon Software GmbH) R1 Uim_DEVIM; C:\Windows\System32\drivers\uimdevim.sys [44848 2017-04-11] (Paragon Software GmbH -> Paragon Software GmbH) S0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2021-11-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation) U4 dcpsvc; no ImagePath U4 DiagTrack; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-08-09 12:37 - 2023-08-09 12:38 - 000021099 _____ C:\Users\3770\Desktop\FRST.txt 2023-08-09 12:37 - 2023-08-09 12:37 - 002384896 _____ (Farbar) C:\Users\3770\Desktop\FRST64.exe 2023-08-08 23:52 - 2023-08-09 00:05 - 000000000 ____D C:\Program Files\FileZilla Server 2023-08-08 23:52 - 2023-08-09 00:04 - 000000000 ____D C:\Users\3770\AppData\Local\filezilla-server-gui 2023-08-08 22:53 - 2023-08-08 23:00 - 000139537 _____ C:\Users\Public\Desktop\mbst-clean-results.txt 2023-08-08 22:52 - 2023-08-08 22:52 - 002384896 _____ (Farbar) C:\Users\3770\Downloads\FRSTEnglish.exe 2023-08-08 22:23 - 2023-08-08 22:23 - 000000000 ____D C:\Users\3770\AppData\Local\lallouslab 2023-08-08 22:22 - 2023-08-08 22:22 - 000000000 ____D C:\Program Files\ResetPermission 2023-08-08 22:14 - 2023-08-08 22:14 - 000000000 ____D C:\Users\3770\AppData\LocalLow\IGDump 2023-08-08 20:54 - 2023-08-08 20:54 - 003035303 _____ C:\Users\3770\Downloads\DBI.607.ru.zip 2023-08-08 20:36 - 2023-08-08 20:36 - 295318104 _____ C:\Users\3770\Downloads\drweb-cureit.exe 2023-08-08 16:59 - 2023-08-08 18:06 - 000000000 ____D C:\DrWeb Quarantine 2023-08-08 16:59 - 2023-08-08 10:52 - 097517568 _____ C:\Windows\system32\config\SOFTWARE.dw_backup 2023-08-08 15:30 - 2023-08-08 15:41 - 000000000 ____D C:\Users\3770\Doctor Web 2023-08-08 15:23 - 2023-08-09 12:37 - 000000000 ____D C:\FRST 2023-08-08 15:23 - 2023-08-08 22:54 - 000000000 ____D C:\Program Files\Malwarebytes 2023-08-08 15:23 - 2023-08-08 21:21 - 000000000 ____D C:\KVRT2020_Data 2023-08-08 15:23 - 2023-08-08 15:51 - 000000000 ____D C:\AdwCleaner 2023-08-08 15:23 - 2023-08-08 15:23 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2023-08-08 15:23 - 2023-08-08 15:23 - 000000000 __SHD C:\ProgramData\princeton-produce 2023-08-08 13:55 - 2023-08-08 13:55 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2023-08-08 13:11 - 2023-08-08 13:11 - 105413808 _____ (AO Kaspersky Lab) C:\Users\3770\Downloads\kas.exe 2023-08-08 13:08 - 2023-08-08 13:08 - 000000000 ____D C:\Users\3770\Downloads\CollectionLog-2023.08.08-12.44 2023-08-08 13:08 - 2023-08-08 12:44 - 000072968 _____ C:\Users\3770\Downloads\CollectionLog-2023.08.08-12.44.zip 2023-08-08 12:58 - 2023-08-08 13:01 - 000000000 ____D C:\Users\3770\Downloads\SecurityCheck 2023-08-08 12:58 - 2023-08-08 12:58 - 000485989 _____ C:\Users\3770\Downloads\SecurityCheck.zip 2023-08-08 12:57 - 2023-08-08 12:57 - 002606880 _____ (Malwarebytes) C:\Users\3770\Downloads\MBSetup.exe 2023-08-08 12:51 - 2023-08-08 12:52 - 000043348 _____ C:\Users\3770\Downloads\Addition.txt 2023-08-08 12:51 - 2023-08-08 12:52 - 000041303 _____ C:\Users\3770\Downloads\FRST.txt 2023-08-08 12:50 - 2023-08-08 12:50 - 002384896 _____ (Farbar) C:\Users\3770\Downloads\FRST64.exe 2023-08-08 12:41 - 2023-08-08 12:41 - 000000000 ____D C:\Program Files\AutoLogger 2023-08-08 12:37 - 2023-08-08 12:40 - 018264231 _____ C:\Users\3770\Downloads\AutoLogger.zip 2023-08-08 12:34 - 2023-08-08 12:42 - 000000428 _____ C:\Users\3770\Downloads\oszone.txt 2023-08-08 12:30 - 2023-08-08 12:30 - 010112832 _____ C:\Users\3770\Downloads\avz4.zip 2023-08-08 12:30 - 2023-08-08 12:30 - 000000000 ____D C:\Users\3770\Downloads\avz4 2023-08-08 12:23 - 2023-08-08 12:23 - 008791352 _____ (Malwarebytes) C:\Users\3770\Downloads\adwcleaner.exe 2023-08-08 12:21 - 2023-08-08 12:58 - 000002039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2023-08-08 12:20 - 2023-08-08 12:20 - 002649072 _____ (Malwarebytes) C:\Users\3770\Downloads\MBSetup-076886.076886-consumer.exe 2023-08-08 12:19 - 2023-08-08 12:19 - 000003080 _____ C:\Users\3770\Desktop\Rkill.txt 2023-08-08 12:17 - 2023-08-08 12:17 - 000002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-08-08 12:17 - 2023-08-08 12:17 - 000002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2023-08-08 12:17 - 2023-08-08 12:17 - 000000000 ____D C:\Program Files\Google 2023-08-08 12:16 - 2023-08-08 12:16 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{06E90D11-849D-4DEF-B37E-F3B16E77F18D} 2023-08-08 12:16 - 2023-08-08 12:16 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{58032292-BB05-47EE-A135-40FF908569D0} 2023-08-08 11:05 - 2023-08-08 11:05 - 000388608 _____ (Trend Micro Inc.) C:\Users\3770\Downloads\HijackThis.exe 2023-08-06 23:31 - 2023-08-06 23:32 - 000000000 ____D C:\Users\3770\Documents\PS Vita 2023-08-06 23:31 - 2023-08-06 23:31 - 000000000 ____D C:\Users\3770\Documents\PSV Updates 2023-08-06 23:31 - 2023-08-06 23:31 - 000000000 ____D C:\Users\3770\Documents\PSV Packages 2023-08-06 23:31 - 2023-08-06 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qcma 2023-08-06 23:31 - 2023-08-06 23:31 - 000000000 ____D C:\Program Files\Qcma 2023-08-06 23:31 - 2016-09-08 22:18 - 000099128 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\libusbK.dll 2023-08-06 23:31 - 2016-09-08 22:18 - 000084280 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusbK.dll 2023-08-03 19:34 - 2023-08-03 19:34 - 000000000 ____D C:\ProgramData\boost_interprocess 2023-08-03 13:58 - 2023-08-03 13:58 - 000000000 ____D C:\Users\3770\AppData\Roaming\Netscape 2023-08-03 13:58 - 2023-08-03 13:58 - 000000000 ____D C:\Program Files (x86)\Photodex Presenter 2023-08-03 13:57 - 2023-08-03 13:57 - 000000000 ____D C:\Program Files (x86)\Photodex 2023-08-03 13:56 - 2023-08-03 13:58 - 000000000 ____D C:\ProgramData\Photodex 2023-08-03 13:56 - 2023-08-03 13:56 - 000000000 ____D C:\Users\3770\AppData\Roaming\Photodex 2023-08-03 13:55 - 2023-08-03 13:56 - 000000000 ____D C:\Users\3770\Documents\Bandicam 2023-08-03 13:55 - 2023-08-03 13:55 - 000000000 ____D C:\Users\3770\AppData\Roaming\Bandicam Company 2023-08-03 13:54 - 2023-08-03 13:58 - 000000000 ____D C:\Program Files (x86)\Bandicam 2023-08-03 13:54 - 2023-08-03 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam 2023-08-03 13:54 - 2023-08-03 13:54 - 000000000 ____D C:\Program Files (x86)\BandiMPEG1 2023-07-25 18:34 - 2023-07-25 19:22 - 000000000 ____D C:\Users\3770\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2023-07-25 18:34 - 2023-07-25 18:34 - 000000000 ____D C:\Users\3770\AppData\LocalLow\Abama Entertainment 2023-07-25 18:32 - 2023-07-25 18:33 - 000000000 ____D C:\Users\3770\AppData\Local\Steam 2023-07-25 18:32 - 2023-07-25 18:32 - 000000739 _____ C:\Users\Public\Desktop\Steam.lnk 2023-07-25 18:32 - 2023-07-25 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2023-07-25 11:59 - 2023-07-25 11:59 - 000000279 _____ C:\Users\3770\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk 2023-07-22 19:52 - 2023-08-09 11:54 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-07-22 19:52 - 2023-08-09 11:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-07-22 19:52 - 2023-08-09 11:16 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-07-22 19:52 - 2023-08-09 11:15 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-07-22 19:52 - 2023-07-22 19:52 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk 2023-07-22 19:52 - 2023-07-22 19:52 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2023-07-20 10:01 - 2023-07-20 10:01 - 000016760 _____ C:\Windows\system32\SppExtComObjHook.dll 2023-07-18 13:34 - 2023-08-03 13:58 - 000000000 ____D C:\Users\3770\AppData\Roaming\Mozilla 2023-07-18 13:34 - 2023-07-18 13:35 - 000000000 ____D C:\Users\3770\AppData\Roaming\Yandex 2023-07-18 13:34 - 2023-07-18 13:34 - 000000000 ____D C:\Users\3770\AppData\Roaming\Opera Software 2023-07-18 13:34 - 2023-07-18 13:34 - 000000000 ____D C:\Users\3770\AppData\Local\Yandex 2023-07-18 13:34 - 2023-07-18 13:34 - 000000000 ____D C:\Users\3770\AppData\Local\Mozilla 2023-07-18 13:34 - 2023-07-18 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDjView 2023-07-18 13:34 - 2023-07-18 13:34 - 000000000 ____D C:\Program Files\WinDjView 2023-07-16 15:45 - 2023-07-16 15:45 - 000003584 _____ C:\Users\3770\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2023-07-16 14:05 - 2023-07-16 14:14 - 000000000 ____D C:\Users\3770\AppData\Local\eMule 2023-07-16 14:05 - 2023-07-16 14:05 - 000000000 ____D C:\Users\3770\Downloads\eMule 2023-07-16 14:05 - 2023-07-16 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule 2023-07-16 14:05 - 2023-07-16 14:05 - 000000000 ____D C:\ProgramData\eMule 2023-07-16 14:05 - 2023-07-16 14:05 - 000000000 ____D C:\Program Files (x86)\eMule 2023-07-15 11:51 - 2023-07-15 11:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Attribute Changer 2023-07-15 11:51 - 2023-07-15 11:51 - 000000000 ____D C:\Program Files\Attribute Changer 2023-07-12 11:54 - 2023-07-12 11:54 - 000000000 ____D C:\Users\3770\Documents\orcsoft 2023-07-12 09:57 - 2023-07-12 09:57 - 000000000 ____D C:\Users\3770\AppData\Local\Eraser 6 ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-08-09 12:37 - 2023-06-15 12:24 - 000000000 ____D C:\temp 2023-08-09 12:37 - 2019-12-07 15:13 - 000000000 ____D C:\Windows\INF 2023-08-09 12:25 - 2023-05-15 17:27 - 000000000 ____D C:\Users\3770\AppData\Roaming\qBittorrent 2023-08-09 12:25 - 2019-12-07 15:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-08-09 12:22 - 2023-05-15 17:17 - 000000000 ____D C:\Program Files (x86)\Google 2023-08-09 12:22 - 2022-09-08 09:15 - 000000000 ____D C:\Windows\SystemTemp 2023-08-09 12:10 - 2023-05-15 19:36 - 000000000 ____D C:\Users\3770\AppData\Local\RealVNC 2023-08-09 12:01 - 2022-12-25 09:48 - 001663222 _____ C:\Windows\system32\PerfStringBackup.INI 2023-08-09 12:01 - 2019-12-07 20:34 - 000733856 _____ C:\Windows\system32\perfh019.dat 2023-08-09 12:01 - 2019-12-07 20:34 - 000143868 _____ C:\Windows\system32\perfc019.dat 2023-08-09 12:00 - 2022-12-25 10:37 - 000000000 ____D C:\Users\3770\AppData\Local\Packages 2023-08-09 12:00 - 2019-12-07 15:14 - 000000000 ____D C:\Windows\AppReadiness 2023-08-09 11:55 - 2023-05-15 20:09 - 000000000 ____D C:\ProgramData\RealVNC-Service 2023-08-09 11:55 - 2023-05-15 17:20 - 000000000 __SHD C:\Users\3770\IntelGraphicsProfiles 2023-08-09 11:54 - 2023-05-15 22:33 - 000000000 ____D C:\Users\3770\AppData\Local\Everything 2023-08-09 11:54 - 2023-05-15 19:49 - 000000000 ____D C:\Users\3770\AppData\Roaming\Everything 2023-08-09 11:54 - 2022-12-25 09:40 - 000008192 ___SH C:\DumpStack.log.tmp 2023-08-09 11:54 - 2022-12-25 09:40 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-08-09 11:54 - 2019-12-07 15:03 - 000131072 _____ C:\Windows\system32\config\BBI 2023-08-09 08:55 - 2022-12-25 09:40 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-08-09 02:00 - 2023-05-15 20:54 - 000000000 ____D C:\Users\3770\AppData\Local\Adobe 2023-08-09 00:17 - 2019-12-07 15:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-08-08 22:13 - 2022-12-25 10:37 - 000000000 ____D C:\Users\3770 2023-08-08 22:06 - 2023-05-17 00:19 - 000000718 __RSH C:\ProgramData\ntuser.pol 2023-08-08 22:05 - 2022-12-25 09:58 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2023-08-08 22:05 - 2022-09-08 09:10 - 000307712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2023-08-08 22:05 - 2022-09-08 09:10 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll 2023-08-08 22:05 - 2019-12-07 15:03 - 000000000 ____D C:\Windows\CbsTemp 2023-08-08 15:23 - 2019-12-07 15:14 - 000000000 ____D C:\Program Files\Common Files\System 2023-08-08 13:25 - 2019-12-07 15:03 - 000008192 _____ C:\Windows\system32\config\ELAM 2023-08-08 13:20 - 2022-12-25 10:35 - 000000000 ____D C:\Windows\KMSAutoS 2023-08-08 12:27 - 2022-12-25 10:37 - 000000000 ____D C:\Users\3770\AppData\Local\VirtualStore 2023-08-08 12:21 - 2019-12-07 15:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2023-08-08 12:17 - 2023-05-15 17:17 - 000000000 ____D C:\Users\3770\AppData\Local\Google 2023-08-06 23:34 - 2023-05-19 20:29 - 000000000 ____D C:\Users\3770\AppData\Local\CrashDumps 2023-08-06 16:06 - 2023-05-16 22:01 - 000000000 ____D C:\Users\3770\AppData\Roaming\Electron 2023-08-06 16:06 - 2023-05-16 22:01 - 000000000 ____D C:\Program Files\Switch-Library-Manager-1.5.3-Windows 2023-08-06 16:03 - 2023-05-16 21:52 - 000000000 ____D C:\Users\3770\switch-library-manager 2023-08-03 18:54 - 2023-05-30 19:57 - 000000000 ____D C:\Users\3770\AppData\Roaming\steelseries-gg-client 2023-08-03 14:40 - 2023-05-16 17:45 - 000000000 ____D C:\Users\3770\AppData\Roaming\foobar2000-v2 2023-07-30 10:32 - 2023-05-18 13:22 - 000000883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk 2023-07-30 10:32 - 2023-05-15 20:32 - 000000000 ____D C:\Users\3770\AppData\Roaming\Notepad++ 2023-07-28 10:03 - 2023-05-19 20:13 - 000000000 ____D C:\Program Files\4nxci-v4.03_GUI 2023-07-24 14:25 - 2023-06-23 08:57 - 000000000 ____D C:\Users\3770\AppData\Roaming\NCALayer 2023-07-17 11:12 - 2022-12-25 10:37 - 000000000 ___SD C:\Users\3770\AppData\Roaming\Microsoft\Protect 2023-07-15 11:02 - 2023-05-24 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge 2023-07-15 11:02 - 2023-05-24 18:22 - 000000000 ____D C:\Program Files (x86)\WinMerge 2023-07-10 15:35 - 2023-07-06 13:21 - 000000000 ____D C:\Users\3770\AppData\Roaming\lss ==================== Files in the root of some directories ======== 2022-12-25 09:48 - 2022-12-25 10:13 - 000001793 _____ () C:\ProgramData\ChrEdgeFkOff.vbs 2022-12-25 09:48 - 2021-08-05 12:44 - 000480656 _____ (Microsoft Corporation) C:\ProgramData\ie_to_edge_stub.exe 2023-05-18 16:36 - 2023-05-18 16:36 - 000000024 _____ () C:\Users\3770\AppData\Roaming\epm_user.ini 2023-05-16 08:53 - 2023-05-16 08:53 - 000000050 _____ () C:\Users\3770\AppData\Local\Adobe Save for Web 13.0 Prefs 2023-07-16 15:45 - 2023-07-16 15:45 - 000003584 _____ () C:\Users\3770\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2023-05-15 20:20 - 2023-05-15 20:20 - 000007649 _____ () C:\Users\3770\AppData\Local\Resmon.ResmonCfg ==================== FLock ============================== 2023-08-08 15:23 C:\ProgramData\princeton-produce ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION ==================== End of FRST.txt ========================