Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2023 02 Ran by sztos (administrator) on DESKTOP-R3LGUBQ (Microsoft Corporation Surface Laptop 3) (07-11-2023 19:08:26) Running from C:\Users\sztos\Downloads\FRST64.exe Loaded Profiles: sztos Platform: Microsoft Windows 10 Education Version 22H2 19045.3570 (X64) Language: English (United Kingdom) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\119.0.2151.44\identity_helper.exe (DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxEMN.exe (explorer.exe ->) (Adobe Inc. -> Adobe Systems Inc.) [File not signed] C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe (explorer.exe ->) (Spotify AB -> Spotify Ltd) C:\Users\sztos\AppData\Roaming\Spotify\Spotify.exe <6> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8> (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxCUIServiceN.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d73f88d32ddb95d3\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_943ac983dea9b81b\AS\IAS\IntelAudioService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23100.116.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\hdxsstm2.inf_amd64_f74568513a3bb299\RtkAudUService64.exe (svchost.exe ->) (Henry++) [File not signed] C:\Program Files\simplewall\simplewall.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\hdxsstm2.inf_amd64_f74568513a3bb299\RtkAudUService64.exe [835680 2021-10-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [6607584 2022-03-07] (Adobe Inc. -> Adobe Systems Inc.) [File not signed] HKLM\...\Run: [] => [X] HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-1113700261-1597838685-1862523002-1001\...\Run: [MicrosoftEdgeAutoLaunch_75330334F1F7BB3B891329147CD2C773] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891768 2023-11-02] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1113700261-1597838685-1862523002-1001\...\Run: [simplewall] => C:\Program Files\simplewall\simplewall.exe [812544 2023-11-02] (Henry++) [File not signed] HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2022-03-02] (Adobe Inc. -> Adobe Systems Inc) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {5CC7E4EB-5CF4-451B-883F-F2BD2193575D} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-1113700261-1597838685-1862523002-1001 => C:\Users\sztos\AppData\Local\Programs\Messenger\MessengerHelper.exe [2265336 2023-10-09] (Facebook, Inc. -> Meta Platforms, Inc.) Task: {7BA3F578-EE1F-4B22-858A-56D858521100} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21909392 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {841BC1B0-305F-4CDA-BB25-CA2EBF34E041} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21909392 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {3460AAA0-9418-4DD9-9222-F7C8695B8138} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141168 2023-09-06] (Microsoft Corporation -> Microsoft Corporation) Task: {FFA002BC-9371-40B7-9A53-019A96198F2B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141168 2023-09-06] (Microsoft Corporation -> Microsoft Corporation) Task: {7A3FAC83-D7FD-44B1-96E5-6DE3ECBF3899} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {0AF43EC4-A6EC-49D8-B160-FD90C584F6CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {950B2696-4280-4A13-9424-5A4D49B8804A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {91C94C8A-3181-41B6-A629-962817EFAC27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C4A1C45F-6704-4449-B10C-B611C01E6A0F} - System32\Tasks\simplewallTask => C:\Program Files\simplewall\simplewall.exe [812544 2023-11-02] (Henry++) [File not signed] (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 150.254.65.22 150.254.65.21 Tcpip\..\Interfaces\{10238c08-1bc8-44ac-be37-fb2b25a0f4bd}: [DhcpNameServer] 192.168.29.228 Tcpip\..\Interfaces\{1e1d4505-32fd-4acb-a072-0dbf2bf9fbc1}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{1e1d4505-32fd-4acb-a072-0dbf2bf9fbc1}: [DhcpNameServer] 150.254.65.22 150.254.65.21 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\sztos\AppData\Local\Microsoft\Edge\User Data\Default [2023-11-07] Edge Extension: (Google Docs Offline) - C:\Users\sztos\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-21] Edge Extension: (Edge relevant text changes) - C:\Users\sztos\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-21] Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\sztos\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2023-10-21] Edge Extension: (uBlock Origin) - C:\Users\sztos\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-10-21] FireFox: ======== FF DefaultProfile: ieqqd9z8.default FF ProfilePath: C:\Users\sztos\AppData\Roaming\Mozilla\Firefox\Profiles\ieqqd9z8.default [2023-09-15] FF ProfilePath: C:\Users\sztos\AppData\Roaming\Mozilla\Firefox\Profiles\tjf6fexi.default-release [2023-10-10] FF Extension: (Language: English (GB)) - C:\Users\sztos\AppData\Roaming\Mozilla\Firefox\Profiles\tjf6fexi.default-release\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2023-10-10] FF Extension: (uBlock Origin) - C:\Users\sztos\AppData\Roaming\Mozilla\Firefox\Profiles\tjf6fexi.default-release\Extensions\uBlock0@raymondhill.net.xpi [2023-10-10] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-06] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR HKU\S-1-5-21-1113700261-1597838685-1862523002-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2021-02-01] (Adobe Inc. -> Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9201120 2023-07-25] (Microsoft Corporation -> Microsoft Corporation) R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_943ac983dea9b81b\AS\IAS\IntelAudioService.exe [402488 2022-08-11] (Intel Corporation -> Intel) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402264 2023-10-10] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SurfaceExperienceService-61.23100.116; C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23100.116.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [8742336 2023-11-05] (Microsoft Corporation -> Microsoft) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation) S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2022-05-18] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.) R3 MpKsl25b1e100; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E469F975-B71A-4168-AE11-F1B803B4C6A1}\MpKslDrv.sys [263560 2023-11-07] (Microsoft Windows -> Microsoft Corporation) R3 SurfaceSerialHubDriver; C:\Windows\System32\DriverStore\FileRepository\surfaceserialhubdriver.inf_amd64_f531483c52451822\SurfaceSerialHubDriver.sys [366056 2021-03-05] (Microsoft Corporation -> Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55744 2023-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [578856 2023-11-07] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-11-07 19:08 - 2023-11-07 19:08 - 000014528 _____ C:\Users\sztos\Downloads\FRST.txt 2023-11-07 18:18 - 2023-11-07 19:08 - 000000000 ____D C:\FRST 2023-11-07 18:17 - 2023-11-07 18:17 - 002383872 _____ (Farbar) C:\Users\sztos\Downloads\FRST64.exe 2023-11-05 18:19 - 2023-11-05 18:19 - 000003442 _____ C:\Windows\system32\Tasks\simplewallTask 2023-11-05 16:40 - 2023-11-05 16:40 - 000000000 ____D C:\Users\sztos\AppData\Local\fontconfig 2023-11-03 14:27 - 2023-11-03 14:27 - 000000000 ____D C:\Users\Public\BlueStacks 2023-11-02 21:11 - 2023-11-02 21:11 - 000001748 __RSH C:\ProgramData\ntuser.pol 2023-11-02 17:35 - 2023-11-02 17:35 - 000001894 _____ C:\Users\Public\Desktop\FL Studio 21.lnk 2023-11-02 17:20 - 2023-11-05 17:57 - 000001062 _____ C:\Users\sztos\Desktop\simplewall.lnk 2023-11-02 17:20 - 2023-11-05 17:57 - 000000000 ____D C:\Program Files\simplewall 2023-11-02 12:32 - 2023-11-02 17:24 - 000000000 ____D C:\Program Files\Mozilla Thunderbird 2023-11-02 12:08 - 2023-11-02 12:08 - 000000000 ____D C:\Users\sztos\AppData\Roaming\uad 2023-10-30 23:24 - 2023-10-30 23:25 - 000000000 ____D C:\Whisper 2023-10-30 19:13 - 2023-10-30 19:13 - 000000000 ____D C:\Users\sztos\AppData\Local\Chromium 2023-10-30 19:12 - 2023-10-30 19:44 - 000000000 ____D C:\Program Files\Chromium 2023-10-26 07:01 - 2023-11-07 15:56 - 000002368 _____ C:\Users\sztos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams classic.lnk 2023-10-21 01:22 - 2023-10-21 01:22 - 000008192 _____ C:\Windows\system32\config\userdiff 2023-10-20 22:26 - 2023-10-21 13:17 - 000043761 _____ C:\Windows\diagerr.xml 2023-10-20 22:26 - 2023-10-21 13:17 - 000041913 _____ C:\Windows\diagwrn.xml 2023-10-16 17:49 - 2023-10-16 17:49 - 020935012 _____ C:\Users\sztos\Downloads\Return of the Lazy Dungeon Master.pdf 2023-10-16 09:33 - 2023-10-16 09:34 - 000000000 ____D C:\Users\sztos\Downloads\bikety 2023-10-15 18:40 - 2003-04-21 20:46 - 000061440 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\ASIW32N50.dll 2023-10-15 18:40 - 2002-09-10 18:35 - 000016302 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\ASINDIS5.sys 2023-10-15 18:40 - 2001-04-16 04:48 - 000015577 _____ C:\Windows\SysWOW64\ASINDIS3.vxd 2023-10-13 12:06 - 2023-05-16 15:07 - 005169424 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw10.sys 2023-10-13 12:06 - 2023-05-16 15:07 - 001474832 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter10.dll 2023-10-12 13:27 - 2023-11-02 17:25 - 000000128 _____ C:\Users\sztos\AppData\Roaming\winscp.rnd 2023-10-12 13:27 - 2023-10-12 13:27 - 000000000 ____D C:\Program Files (x86)\WinSCP 2023-10-12 10:13 - 2023-10-12 10:13 - 000000000 ____D C:\Users\sztos\Documents\Adobe 2023-10-10 22:11 - 2023-11-07 19:07 - 000000000 ____D C:\Users\sztos\AppData\Roaming\Messenger 2023-10-10 22:11 - 2023-11-07 19:06 - 000000000 ____D C:\Users\sztos\AppData\Local\Messenger 2023-10-10 22:11 - 2023-10-12 10:10 - 000002329 _____ C:\Users\sztos\Desktop\Messenger.lnk 2023-10-10 22:11 - 2023-10-10 22:11 - 000002337 _____ C:\Users\sztos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk 2023-10-10 22:11 - 2023-10-10 22:11 - 000000000 ____D C:\Users\sztos\AppData\LocalLow\Messenger 2023-10-10 22:11 - 2023-10-10 22:11 - 000000000 ____D C:\Users\sztos\AppData\Local\messenger-updater 2023-10-10 22:07 - 2023-10-10 22:08 - 000000000 ___HD C:\$WinREAgent 2023-10-09 09:37 - 2023-10-09 09:37 - 000000000 ____D C:\ProgramData\HP 2023-10-09 09:37 - 2023-10-09 09:37 - 000000000 ____D C:\ProgramData\Hewlett-Packard 2023-10-09 09:37 - 2021-07-30 01:03 - 000192448 _____ (SS) C:\Windows\system32\shm4mci.exe 2023-10-09 09:37 - 2021-07-30 01:02 - 000082408 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\spool\prtprocs\x64\shm4mpc.dll 2023-10-09 09:37 - 2021-07-30 01:02 - 000061416 _____ () C:\Windows\system32\shm4mlm.dll ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-11-07 19:07 - 2023-09-07 01:45 - 000000000 ____D C:\Users\sztos\AppData\Roaming\discord 2023-11-07 19:04 - 2023-09-07 00:52 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-11-07 18:54 - 2023-09-07 00:31 - 000000000 ____D C:\Windows\system32\Tasks\Meta 2023-11-07 18:28 - 2023-09-06 22:20 - 000000000 ____D C:\Users\sztos\AppData\Roaming\Signal 2023-11-07 18:26 - 2023-09-30 19:59 - 000000000 ____D C:\Users\sztos\AppData\Local\Spotify 2023-11-07 18:26 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-11-07 18:10 - 2023-09-07 01:45 - 000002231 _____ C:\Users\sztos\Desktop\Discord.lnk 2023-11-07 18:10 - 2023-09-07 01:45 - 000000000 ____D C:\Users\sztos\AppData\Local\Discord 2023-11-07 18:06 - 2023-09-30 19:59 - 000000000 ____D C:\Users\sztos\AppData\Roaming\Spotify 2023-11-07 18:05 - 2023-09-06 20:48 - 000000000 __SHD C:\Users\sztos\IntelGraphicsProfiles 2023-11-07 18:05 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2023-11-07 16:28 - 2023-09-06 23:09 - 000000000 ____D C:\Users\sztos\AppData\Roaming\Microsoft\Teams 2023-11-07 15:48 - 2023-09-06 21:53 - 000000000 ____D C:\Users\sztos\AppData\Roaming\Microsoft\Word 2023-11-07 15:41 - 2023-09-06 20:41 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-11-07 15:24 - 2023-09-06 20:41 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-11-06 08:45 - 2023-09-06 21:34 - 000000000 ____D C:\Users\sztos\AppData\Roaming\Microsoft\Excel 2023-11-05 21:27 - 2023-09-06 21:54 - 000000000 ____D C:\Users\sztos\AppData\Roaming\Microsoft\UProof 2023-11-05 21:27 - 2023-09-06 20:48 - 000000000 ____D C:\Users\sztos\AppData\Local\Packages 2023-11-05 19:40 - 2023-09-06 21:51 - 000000000 ____D C:\Users\sztos\AppData\Roaming\qBittorrent 2023-11-05 18:03 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness 2023-11-05 17:58 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-11-05 17:58 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState 2023-11-05 17:57 - 2023-09-06 20:51 - 000000000 ____D C:\Users\sztos\AppData\Local\PlaceholderTileLogoFolder 2023-11-05 14:46 - 2023-09-06 23:16 - 000000000 ____D C:\Users\sztos\AppData\Roaming\vlc 2023-11-05 13:57 - 2023-10-07 21:27 - 000000000 ____D C:\Users\sztos\AppData\Local\uad 2023-11-04 23:34 - 2023-10-07 21:29 - 000000000 ____D C:\Program Files\platform-tools 2023-11-04 21:08 - 2023-09-07 00:30 - 000000000 ____D C:\Users\sztos\AppData\Roaming\Bitwarden 2023-11-04 17:18 - 2023-09-06 20:41 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-11-03 16:02 - 2023-09-06 20:46 - 000000000 ____D C:\Users\sztos 2023-11-02 22:27 - 2023-09-06 20:48 - 000000000 ____D C:\Users\sztos\AppData\Local\D3DSCache 2023-11-02 21:28 - 2023-09-06 21:17 - 000000000 ____D C:\ProgramData\Package Cache 2023-11-02 21:28 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF 2023-11-02 17:24 - 2023-09-07 00:52 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk 2023-10-30 21:09 - 2023-09-06 22:19 - 000000000 ____D C:\Windows\system32\appmgmt 2023-10-29 12:47 - 2023-09-22 13:34 - 000000000 ____D C:\Users\sztos\Documents\Studia 2023-10-28 15:33 - 2023-09-06 20:41 - 000003534 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-10-28 15:33 - 2023-09-06 20:41 - 000003410 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-10-28 15:30 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports 2023-10-25 18:04 - 2023-09-06 20:49 - 000840982 _____ C:\Windows\system32\PerfStringBackup.INI 2023-10-25 17:58 - 2023-09-06 20:48 - 000000000 ____D C:\Intel 2023-10-25 17:58 - 2023-09-06 20:41 - 000008192 ___SH C:\DumpStack.log.tmp 2023-10-25 17:58 - 2023-09-06 20:41 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-10-25 17:58 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog 2023-10-25 17:58 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-10-25 17:55 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI 2023-10-25 16:56 - 2023-09-06 20:52 - 000000000 ____D C:\Windows\Firmware 2023-10-24 21:44 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows NT 2023-10-23 20:26 - 2023-09-19 15:22 - 000000000 ____D C:\Users\sztos\AppData\Local\ElevatedDiagnostics 2023-10-23 05:54 - 2023-09-06 20:48 - 000000000 __RHD C:\Users\Public\AccountPictures 2023-10-21 15:13 - 2023-09-06 20:53 - 000000000 ____D C:\Users\sztos\AppData\Roaming\Microsoft\Spelling 2023-10-21 15:13 - 2023-09-06 20:48 - 000000000 ___SD C:\Users\sztos\AppData\Roaming\Microsoft\Crypto 2023-10-21 15:13 - 2023-09-06 20:46 - 000000000 ___SD C:\Users\sztos\AppData\Roaming\Microsoft\Credentials 2023-10-21 15:13 - 2023-09-06 20:46 - 000000000 ____D C:\Users\sztos\AppData\Roaming\Microsoft\Windows 2023-10-21 15:13 - 2023-07-28 22:59 - 000000000 ____D C:\Windows\SystemTemp 2023-10-21 15:13 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2023-10-21 15:13 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\spool 2023-10-21 15:13 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\MsDtc 2023-10-21 15:13 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Drivers\DriverData 2023-10-21 15:13 - 2019-12-07 10:14 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows 2023-10-21 15:13 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2023-10-21 13:17 - 2023-09-06 20:48 - 000000000 ____D C:\ProgramData\Packages 2023-10-21 13:17 - 2022-05-07 12:35 - 000000000 ___HD C:\$WINDOWS.~BT 2023-10-21 00:31 - 2023-09-07 00:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-10-20 23:35 - 2023-09-06 20:48 - 000002352 _____ C:\Users\sztos\Desktop\Microsoft Edge.lnk 2023-10-20 23:03 - 2023-09-06 22:40 - 000000000 ____D C:\Windows\Panther 2023-10-20 22:28 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM 2023-10-20 22:21 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe 2023-10-19 12:29 - 2023-09-06 20:47 - 000000000 ___SD C:\Users\sztos\AppData\Roaming\Microsoft\SystemCertificates 2023-10-18 09:15 - 2023-09-06 21:34 - 000000000 ____D C:\Users\sztos\AppData\Roaming\Microsoft\Office 2023-10-12 23:02 - 2023-09-16 00:01 - 000000000 ____D C:\Users\sztos\Documents\RPG 2023-10-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2023-10-10 22:19 - 2023-09-06 20:41 - 000296328 _____ C:\Windows\system32\FNTCACHE.DAT 2023-10-10 22:18 - 2019-12-07 15:47 - 000000000 ___SD C:\Windows\system32\AppV 2023-10-10 22:18 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2023-10-10 22:18 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2023-10-10 22:18 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2023-10-10 22:18 - 2019-12-07 15:44 - 000000000 ____D C:\Windows\system32\Drivers\en-GB 2023-10-10 22:18 - 2019-12-07 15:44 - 000000000 ____D C:\Windows\en-GB 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System 2023-10-10 22:18 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2023-10-10 22:18 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing 2023-10-10 22:16 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp 2023-10-10 22:14 - 2019-12-07 15:47 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll 2023-10-10 22:14 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll 2023-10-10 22:14 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll 2023-10-10 21:49 - 2023-09-06 20:44 - 003014144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-10-10 21:29 - 2023-09-06 20:52 - 000000000 ____D C:\Windows\system32\MRT 2023-10-10 21:27 - 2023-09-06 20:52 - 181553176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-10-08 21:19 - 2023-09-06 22:38 - 000000000 ____D C:\Users\sztos\AppData\Roaming\Microsoft\PowerPoint ==================== Files in the root of some directories ======== 2023-10-12 13:27 - 2023-11-02 17:25 - 000000128 _____ () C:\Users\sztos\AppData\Roaming\winscp.rnd 2023-09-06 22:16 - 2023-09-06 22:16 - 000000410 _____ () C:\Users\sztos\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================