Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-08-2022 ([color=red]ATTENTION: ====> FRST version is 79 days old and could be outdated[/color]) Ran by FYGHSRBS (administrator) on DESKTOP-AIN1539 (. .) (22-10-2022 12:27:29) Running from C:\Users\FYGHSRBS\Desktop Loaded Profiles: FYGHSRBS Platform: Microsoft Windows 10 Pro Version 21H2 19044.1288 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe (C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ->) (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero Platinum\Nero BackItUp\BackItUp.exe (Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Transfer\Transfer.exe (services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Nero BackItUp] => C:\Program Files (x86)\Nero\Nero Platinum\Nero BackItUp\BackItUp.exe [1156376 2020-01-17] (Nero AG -> Nero AG) HKLM-x32\...\Run: [DriveSpan] => C:\Program Files (x86)\Nero\Transfer\Transfer.exe [138520 2019-06-24] (Nero AG -> Nero AG) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml (No File) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1E8EF3FF-C5B7-40AB-9544-8009FC7C0AED} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [7071000 2019-11-10] (Nero AG -> Nero AG) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{90400b2e-b35f-469c-b65d-4fb11391725e}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{da4b3e1f-35ce-48f1-8a1b-4f5014fb9423}: [DhcpNameServer] 192.168.2.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\FYGHSRBS\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-13] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-08-05] (Malwarebytes Inc. -> Malwarebytes) S2 NeroBackItUpBackgroundService2020; C:\Program Files (x86)\Nero\Nero Platinum\Nero BackItUp\NBService.exe [287000 2020-01-17] (Nero AG -> Nero AG) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5414976 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> ) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-08-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-08-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 RTL8023x64; C:\Windows\System32\drivers\Rtnic64.sys [51712 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-10-22 12:26 - 2022-10-22 12:28 - 000000000 ____D C:\FRST 2022-10-13 04:17 - 2022-10-13 10:41 - 000000000 ____D C:\KVRT_Data 2022-10-13 04:17 - 2022-10-13 04:17 - 000478392 ____N (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\63E38244.sys 2022-10-13 04:17 - 2022-10-13 04:17 - 000085600 ____N (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\34502534.sys 2022-10-09 14:40 - 2022-10-09 14:40 - 000004418 _____ C:\Windows\system32\PerfStringBackup.TMP 2022-10-09 14:37 - 2022-10-09 14:43 - 000000000 ____D C:\Users\FYGHSRBS\AppData\Local\CrashDumps 2022-10-09 14:35 - 2022-10-09 14:36 - 000276664 _____ C:\Windows\system32\FNTCACHE.DAT 2022-10-09 14:35 - 2022-10-09 14:35 - 000000000 _____ C:\Windows\ativpsrm.bin 2022-10-09 13:26 - 2022-10-09 13:26 - 000000000 ____D C:\Windows\system32\fa-IR 2022-10-09 09:30 - 2022-10-13 10:41 - 000000000 ____D C:\Users\FYGHSRBS\Desktop\KVRT_Data 2022-10-09 08:49 - 2022-10-09 07:22 - 183535872 _____ (Kaspersky Lab ZAO) C:\Users\FYGHSRBS\Desktop\KVRT_FULL(1).exe 2022-10-09 08:46 - 2022-10-09 08:47 - 000000000 ____D C:\Users\FYGHSRBS\Desktop\Download 2022-10-06 16:17 - 2022-10-06 16:22 - 000000000 ____D C:\Users\FYGHSRBS\AppData\Roaming\ZHP 2022-10-06 16:17 - 2022-10-06 16:17 - 000000868 _____ C:\Users\FYGHSRBS\Desktop\ZHPDiag.lnk 2022-10-06 16:17 - 2022-10-06 16:17 - 000000000 ____D C:\Users\FYGHSRBS\AppData\Local\ZHP 2022-10-06 16:17 - 2022-10-06 14:27 - 003310792 _____ (Nicolas Coolman) C:\Users\FYGHSRBS\Desktop\ZHPDiag3.exe 2022-10-04 22:34 - 2022-10-04 22:34 - 000000000 ____D C:\Users\FYGHSRBS\Desktop\PDF2JPG-Converter 2022-10-04 21:14 - 2022-10-04 21:14 - 000001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk 2022-10-04 21:14 - 2022-10-04 21:14 - 000001046 _____ C:\Users\Public\Desktop\VueScan x64.lnk 2022-10-04 21:14 - 2022-10-04 21:14 - 000000000 ____D C:\Windows\twain_64 ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-10-22 12:28 - 2022-08-05 20:26 - 000006082 _____ C:\Users\FYGHSRBS\Desktop\FRST.txt 2022-10-14 06:37 - 2019-12-07 10:54 - 000000000 ____D C:\Windows\system32\SleepStudy 2022-10-13 10:41 - 2022-08-05 12:48 - 000000000 ____D C:\Users\FYGHSRBS\Desktop\Nr 2022-10-09 14:51 - 2019-12-07 10:57 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-10-09 14:51 - 2019-12-07 10:57 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2022-10-09 14:47 - 2019-12-07 12:33 - 000000000 ____D C:\Windows\CbsTemp 2022-10-09 14:40 - 2019-12-07 12:43 - 000000000 ____D C:\Windows\INF 2022-10-09 14:38 - 2019-12-07 12:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-10-09 14:35 - 2019-12-07 10:56 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2022-10-09 14:35 - 2019-12-07 10:54 - 000008192 ___SH C:\DumpStack.log.tmp 2022-10-09 09:34 - 2019-12-07 12:33 - 000032768 _____ C:\Windows\system32\config\ELAM 2022-10-06 15:34 - 2019-12-07 12:44 - 000000000 ____D C:\Windows\LiveKernelReports 2022-10-04 21:14 - 2022-08-06 20:12 - 000000000 ____D C:\Program Files\VueScan 2022-10-04 19:43 - 2022-08-06 20:04 - 003473784 _____ (Alexander Roshal) C:\Users\FYGHSRBS\Desktop\winrar-x64-611.exe 2022-10-04 18:31 - 2022-08-06 20:05 - 013417834 _____ C:\Users\FYGHSRBS\Desktop\VueScan.Pro.v9.7.91.x64_p30download.com.rar 2022-10-03 13:39 - 2022-08-05 14:00 - 298190568 _____ (Malwarebytes) C:\Users\FYGHSRBS\Desktop\mb4-setup-consumer-4.5.11.202-1.0.1716-1.0.57206.exe 2022-10-03 11:45 - 2022-08-05 12:32 - 002631672 _____ (Malwarebytes) C:\Users\FYGHSRBS\Desktop\MBSetup-CD4352BD-37335.37335.exe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================