Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2023 Ran by Y (administrator) on DESKTOP-DLK0IBS (Microsoft Corporation Surface Laptop 3) (10-08-2023 20:47:00) Running from C:\Users\Y\Downloads\FRST64.exe Loaded Profiles: Y Platform: Microsoft Windows 10 IoT Enterprise LTSC Version 21H2 19044.3324 (X64) Language: English (United States) -> English (United Kingdom) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxEMN.exe (explorer.exe ->) (Adobe Inc. -> Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\Y\AppData\Local\FluxSoftware\Flux\flux.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8> (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxCUIServiceN.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d73f88d32ddb95d3\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_943ac983dea9b81b\AS\IAS\IntelAudioService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\hdxsstm2.inf_amd64_f74568513a3bb299\RtkAudUService64.exe <2> (svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\IGCC.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3266_none_7e25389a7c7bcadb\TiWorker.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\hdxsstm2.inf_amd64_f74568513a3bb299\RtkAudUService64.exe [835680 2021-10-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" (No File) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5641776 2020-09-24] (Adobe Inc. -> Adobe Systems Inc.) [File not signed] HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (No File) HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\78.0.1.0\GoogleDriveFS.exe --startup_mode (No File) HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\78.0.1.0\GoogleDriveFS.exe --startup_mode (No File) HKU\S-1-5-21-3892982326-4222054075-3637702396-1001\...\Run: [MicrosoftEdgeAutoLaunch_B76A61AD2DE98C7B33E2ED98AB8444E1] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4088256 2023-08-06] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3892982326-4222054075-3637702396-1001\...\Run: [f.lux] => C:\Users\Y\AppData\Local\FluxSoftware\Flux\flux.exe [1525880 2023-05-18] (F.lux Software LLC -> f.lux Software LLC) HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\78.0.1.0\GoogleDriveFS.exe --startup_mode (No File) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65488 2020-09-12] (Adobe Inc. -> Adobe Systems Inc) HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install HKLM\Software\Microsoft\Active Setup\Installed Components: [{C57B257B-3D92-4AC0-8FE8-7D6FF81AEF73}] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {406120A1-EF45-40DD-9DFC-5A301273626C} - System32\Tasks\Activation-Renewal => C:\ProgramData\Activation-Renewal\Activation_task.cmd [15319 2023-07-10] () [File not signed] -> Task Task: {A79DD81B-7E67-4B19-A237-FAF5BDA0F932} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-3892982326-4222054075-3637702396-1001 => C:\Users\Y\AppData\Local\Programs\Messenger\MessengerHelper.exe --lassie (No File) Task: {BFE83536-C097-41C2-8A7C-A4BBE46F7E6D} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-3892982326-4222054075-3637702396-1001 => C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1920.8.125.0_x64__8xx8rvfyw5nnt\app\MessengerHelper.exe [2172664 2023-08-06] (6E08453F-9BA7-4311-999C-D22FBA2FB1B8 -> Meta Platforms, Inc.) Task: {A214C16D-1AC0-47FE-A6C0-71B613122BAF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {E4BA2892-B0D6-41F4-A91F-11EAF317946E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {CF76A07B-E4BA-4D9E-95BF-3056514B9583} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158656 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {E01A9533-2F26-43CE-BCBF-F50355F5A7DD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158656 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {83814EC5-3098-4B4E-A670-6BF14B8A0033} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {B8C9CFD2-4E9F-4C06-8732-E1F2D408D4A8} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4394600 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {20B6D578-2A4A-4ED7-928B-98A3358F8DD3} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc Task: {20B6D578-2A4A-4ED7-928B-98A3358F8DD3} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun Task: {20B6D578-2A4A-4ED7-928B-98A3358F8DD3} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData Task: {DBF345CF-1C5B-436C-8144-9A24D503A429} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DFAE7570-62DC-414C-BFE6-11F06A641742} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {ACE5C10E-9FD8-48AE-8723-6FFE7BEF368E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7B71C272-8B7C-4928-8F98-853617698B80} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DBC2CEBA-2809-467D-A9E7-EA0EC401AF4E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-05] (Mozilla Corporation -> Mozilla Foundation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 31.11.173.2 89.228.4.126 Tcpip\..\Interfaces\{ad90914e-4a08-4c95-9ca2-69112f2a1cca}: [DhcpNameServer] 31.11.173.2 89.228.4.126 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Y\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-10] Edge Extension: (Edge relevant text changes) - C:\Users\Y\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-09] Edge Extension: (uBlock Origin) - C:\Users\Y\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-07-20] FireFox: ======== FF DefaultProfile: xanx6wkv.default FF ProfilePath: C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\1p8jney0.default-esr-1690938675929 [2023-08-10] FF Extension: (Language: English (GB)) - C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\1p8jney0.default-esr-1690938675929\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2023-08-07] FF ProfilePath: C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\xanx6wkv.default [2023-06-19] FF ProfilePath: C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\s562sbcc.default-release [2023-07-18] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-09-11] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-09-12] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR HKU\S-1-5-21-3892982326-4222054075-3637702396-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2021-02-01] (Adobe Inc. -> Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11867104 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_943ac983dea9b81b\\AS\\IAS\\IntelAudioService.exe [402488 ] (Intel Corporation -> Intel) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402200 2023-08-10] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe [3104488 2023-08-10] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe [133576 2023-08-10] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] R3 MpKsl8b070bb2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{59060BEA-ED06-4E54-BDD2-AB71EBEC6DBD}\MpKslDrv.sys [222464 2023-08-10] (Microsoft Windows -> Microsoft Corporation) U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [80296 2023-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com) R3 SurfaceSerialHubDriver; C:\Windows\System32\DriverStore\FileRepository\surfaceserialhubdriver.inf_amd64_f531483c52451822\SurfaceSerialHubDriver.sys [366056 2021-03-05] (Microsoft Corporation -> Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55704 2023-08-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [572656 2023-08-10] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [104688 2023-08-10] (Microsoft Windows -> Microsoft Corporation) S3 zttap300; C:\Windows\System32\drivers\zttap300.sys [31744 2020-11-24] (Microsoft Windows Hardware Compatibility Publisher -> ZeroTier Networks LLC) U4 npcap_wifi; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-08-10 20:47 - 2023-08-10 20:47 - 000016817 _____ C:\Users\Y\Downloads\FRST.txt 2023-08-10 20:46 - 2023-08-10 20:47 - 000000000 ____D C:\FRST 2023-08-10 18:42 - 2023-08-10 18:42 - 000000000 ____D C:\Program Files\WebP Codec 2023-08-10 18:42 - 2023-08-10 18:42 - 000000000 ____D C:\Program Files (x86)\WebP Codec 2023-08-10 18:38 - 2023-08-10 18:38 - 000000000 ____D C:\Users\Y\AppData\Local\fontconfig 2023-08-10 18:37 - 2023-08-10 18:37 - 000000000 ____D C:\Users\Y\.dbus-keyrings 2023-08-10 18:17 - 2023-08-10 18:17 - 002384896 _____ (Farbar) C:\Users\Y\Downloads\FRST64.exe 2023-08-10 16:26 - 2023-08-10 16:28 - 000000000 ____D C:\Users\Y\AppData\Roaming\Microsoft\Paint 2023-08-10 16:04 - 2023-08-10 16:04 - 000000000 ___HD C:\$WinREAgent 2023-08-07 16:50 - 2023-08-07 16:50 - 000000000 ____D C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Equalizer APO 1.2.1 2023-08-07 16:50 - 2023-08-07 16:50 - 000000000 ____D C:\Program Files\EqualizerAPO 2023-08-05 19:30 - 2023-08-07 18:34 - 000000000 ____D C:\Program Files\Mozilla Thunderbird 2023-08-05 19:22 - 2023-08-07 18:34 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-08-03 01:28 - 2023-08-03 01:28 - 000000000 ____D C:\Users\Y\AppData\Local\session-desktop-updater 2023-08-02 03:11 - 2023-08-06 02:55 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-08-02 03:11 - 2023-08-02 03:11 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk 2023-08-02 03:11 - 2023-08-02 03:11 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2023-08-02 02:53 - 2023-08-10 18:44 - 000000000 ____D C:\Intel 2023-07-23 21:21 - 2023-07-23 21:21 - 000000000 ____D C:\Users\Y\AppData\Roaming\iterate_GmbH 2023-07-23 20:52 - 2023-07-23 20:52 - 000002690 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck.lnk 2023-07-23 20:52 - 2023-07-23 20:52 - 000000000 ____D C:\Users\Y\AppData\Roaming\Cyberduck 2023-07-23 20:52 - 2023-07-23 20:52 - 000000000 ____D C:\Program Files\Cyberduck 2023-07-23 20:38 - 2023-07-23 20:38 - 000000000 ____D C:\Users\Y\.ssh 2023-07-22 17:50 - 2023-07-22 18:57 - 000000000 ____D C:\Users\Y\Documents\Mapy 2023-07-22 17:32 - 2023-07-22 17:32 - 000000000 ____D C:\Program Files\paint.net 2023-07-22 17:31 - 2023-07-22 17:34 - 000000000 ____D C:\Users\Y\AppData\Local\paint.net 2023-07-22 12:35 - 2023-07-22 12:35 - 000001761 _____ C:\Users\Y\Desktop\Foundry Virtual Tabletop - Shortcut.lnk 2023-07-21 21:31 - 2023-08-06 15:56 - 000000000 ____D C:\Users\Y\AppData\Roaming\Foundry Virtual Tabletop 2023-07-21 21:31 - 2023-08-06 15:55 - 000000000 ____D C:\Users\Y\AppData\Local\FoundryVTT 2023-07-21 21:31 - 2023-07-21 21:31 - 000002250 _____ C:\Users\Public\Desktop\Foundry Virtual Tabletop.lnk 2023-07-21 21:31 - 2023-07-21 21:31 - 000000000 ____D C:\Users\Y\AppData\Local\foundryvtt-updater 2023-07-21 20:47 - 2023-07-21 21:31 - 000000000 ____D C:\Program Files\Foundry Virtual Tabletop 2023-07-18 23:23 - 2023-07-18 23:23 - 002510596 _____ C:\Users\Y\Documents\Gaiman Neil - Amerykanscy Bogowie.pdf 2023-07-18 23:19 - 2023-07-18 23:19 - 000000000 ____D C:\Users\Y\AppData\Roaming\Microsoft\QuickStyles 2023-07-18 20:55 - 2023-07-18 20:55 - 000000000 ____D C:\ProgramData\SurfaceExperienceService 2023-07-12 21:35 - 2023-08-10 17:42 - 000000000 ____D C:\Users\Y\AppData\Roaming\Bitwarden 2023-07-12 21:35 - 2023-07-18 16:32 - 000000000 ____D C:\Users\Y\AppData\Local\bitwarden-updater 2023-07-12 21:35 - 2023-07-12 21:35 - 000002385 _____ C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitwarden.lnk 2023-07-12 21:35 - 2023-07-12 21:35 - 000002377 _____ C:\Users\Y\Desktop\Bitwarden.lnk ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-08-10 20:35 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF 2023-08-10 20:32 - 2023-04-30 15:04 - 000000000 ____D C:\Users\Y\AppData\Roaming\Signal 2023-08-10 20:24 - 2023-04-30 12:28 - 000000000 ____D C:\Users\Y 2023-08-10 20:16 - 2023-06-01 15:38 - 000000000 ____D C:\Users\Y\AppData\Roaming\Microsoft\MMC 2023-08-10 20:16 - 2023-04-30 15:05 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-08-10 20:01 - 2023-04-30 12:24 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-08-10 20:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2023-08-10 18:53 - 2023-04-30 12:30 - 000840982 _____ C:\Windows\system32\PerfStringBackup.INI 2023-08-10 18:45 - 2023-04-30 12:35 - 000000000 __SHD C:\Users\Y\IntelGraphicsProfiles 2023-08-10 18:45 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-08-10 18:44 - 2023-04-30 15:31 - 000000000 ____D C:\Users\Y\AppData\Roaming\discord 2023-08-10 18:44 - 2023-04-30 12:24 - 000008192 ___SH C:\DumpStack.log.tmp 2023-08-10 18:44 - 2023-04-30 12:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-08-10 18:44 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState 2023-08-10 18:44 - 2019-12-07 11:03 - 000262144 _____ C:\Windows\system32\config\BBI 2023-08-10 18:25 - 2023-04-30 15:31 - 000000000 ____D C:\Users\Y\AppData\Local\Discord 2023-08-10 16:48 - 2023-07-10 13:41 - 000000000 ____D C:\Users\Y\AppData\Local\CrashDumps 2023-08-10 16:42 - 2023-06-24 20:50 - 000000000 ____D C:\Torrenty 2023-08-10 16:37 - 2023-04-30 12:24 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-08-10 16:27 - 2023-04-30 12:24 - 000389456 _____ C:\Windows\system32\FNTCACHE.DAT 2023-08-10 16:26 - 2019-12-07 11:51 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2023-08-10 16:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-08-10 16:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources 2023-08-10 16:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-08-10 16:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup 2023-08-10 16:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz 2023-08-10 16:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser 2023-08-10 16:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr 2023-08-10 16:26 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat 2023-08-10 16:13 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp 2023-08-10 16:10 - 2023-04-30 12:28 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-08-10 16:04 - 2023-04-30 12:34 - 000000000 ____D C:\Windows\system32\MRT 2023-08-10 16:02 - 2023-04-30 12:34 - 175983240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-08-10 15:34 - 2023-04-30 12:51 - 000000000 ____D C:\Windows\SystemTemp 2023-08-09 19:47 - 2023-04-30 15:26 - 000000000 ____D C:\Users\Y\AppData\Roaming\qBittorrent 2023-08-09 15:55 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-08-09 15:55 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness 2023-08-09 14:57 - 2023-04-30 12:24 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-08-09 14:57 - 2023-04-30 12:24 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-08-07 18:34 - 2023-04-30 15:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-08-07 11:50 - 2023-04-30 14:26 - 000000000 ____D C:\Users\Y\AppData\Local\D3DSCache 2023-08-06 02:11 - 2023-04-30 15:04 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk 2023-08-05 19:27 - 2023-04-30 14:42 - 000000000 ____D C:\Users\Y\AppData\Roaming\Microsoft\Word 2023-08-01 19:07 - 2023-04-30 14:38 - 000000000 ____D C:\Program Files\Microsoft Office 2023-08-01 03:37 - 2023-05-30 11:41 - 000000000 ____D C:\Users\Y\Documents\RPG 2023-07-31 14:21 - 2023-05-12 22:56 - 000000000 ____D C:\Users\Y\AppData\Roaming\Microsoft\Document Building Blocks 2023-07-31 12:43 - 2023-04-30 14:49 - 000000000 ____D C:\Users\Y\AppData\Roaming\Microsoft\Excel 2023-07-30 03:06 - 2023-04-30 14:56 - 000000000 ____D C:\Users\Y\AppData\Local\SquirrelTemp 2023-07-27 22:58 - 2023-04-30 16:44 - 000000000 ____D C:\Users\Y\AppData\Roaming\vlc 2023-07-27 11:09 - 2023-04-30 12:35 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2023-07-23 22:02 - 2023-04-30 14:53 - 000000000 ____D C:\ProgramData\Packages 2023-07-23 22:02 - 2023-04-30 12:28 - 000000000 ____D C:\Users\Y\AppData\Local\Packages 2023-07-23 20:55 - 2023-04-30 12:28 - 000000000 ___SD C:\Users\Y\AppData\Roaming\Microsoft\Credentials 2023-07-23 20:52 - 2023-04-30 14:59 - 000000000 ____D C:\ProgramData\Package Cache 2023-07-22 13:56 - 2023-04-30 14:56 - 000000000 ____D C:\Users\Y\AppData\Roaming\Microsoft\Teams 2023-07-17 22:52 - 2023-04-30 15:46 - 000000000 ____D C:\Users\Y\Documents\Studia 2023-07-17 22:50 - 2023-04-30 15:05 - 000000000 ____D C:\Users\Y\AppData\LocalLow\Mozilla 2023-07-16 16:23 - 2023-04-30 12:33 - 000000000 ____D C:\Windows\Firmware 2023-07-12 15:57 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-07-12 15:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2023-07-12 15:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates 2023-07-12 15:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe 2023-07-11 21:31 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports ==================== Files in the root of some directories ======== 2023-04-30 16:01 - 2023-04-30 16:01 - 000000410 _____ () C:\Users\Y\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================