Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2024 Ran by piotr (administrator) on DESKTOP-FROVGQP (HP HP Pavilion All-in-One 24-r0xx) (03-10-2024 17:40:55) Running from C:\Users\piotr\Downloads\FRST64.exe Loaded Profiles: piotr Platform: Microsoft Windows 10 Home Version 1909 18363.1556 (X64) Language: Dansk (Danmark) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe (C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe (C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2> (C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.911.1\DropboxCrashHandler.exe (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCopyAccelerator.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7> (explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\piotr\AppData\Local\FluxSoftware\Flux\flux.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <36> (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5> (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\NisSrv.exe (services.exe ->) (Mullvad VPN AB -> Mullvad VPN AB) C:\Program Files\Mullvad VPN\resources\mullvad-daemon.exe (services.exe ->) (PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.) C:\Program Files\Portrait Displays\HP Display Control\DisplayControlService.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (services.exe ->) (WildTangent Inc -> ) C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe (svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe (svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe (svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (svchost.exe ->) (HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\piotr\AppData\Local\Microsoft\OneDrive\24.171.0825.0002\FileCoAuth.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DisplayControl.exe] => C:\Program Files\Portrait Displays\HP Display Control\DisplayControl.exe [3938112 2017-06-08] (PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.) [File not signed] HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4116912 2024-07-26] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [704832 2017-04-27] (HP Inc. -> HP Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9235344 2024-09-17] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2622520 2019-05-19] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-3956460003-1498418990-1826556186-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> ) [File not signed] HKU\S-1-5-21-3956460003-1498418990-1826556186-1001\...\Run: [f.lux] => C:\Users\piotr\AppData\Local\FluxSoftware\Flux\flux.exe [1528952 2024-02-22] (F.lux Software LLC -> f.lux Software LLC) HKU\S-1-5-21-3956460003-1498418990-1826556186-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [8876960 2024-08-03] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-3956460003-1498418990-1826556186-1001\...\Run: [MicrosoftEdgeAutoLaunch_102D77BE86092CD11F3B00AB05EA0725] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3794984 2024-09-26] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3956460003-1498418990-1826556186-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\piotr\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File) HKU\S-1-5-21-3956460003-1498418990-1826556186-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\piotr\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" [70969872 2024-10-03] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3956460003-1498418990-1826556186-1001\...\RunOnce: [Uninstall 24.161.0811.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\piotr\AppData\Local\Microsoft\OneDrive\24.161.0811.0001" [0 2024-10-03] () <==== ATTENTION [zero byte File/Folder] HKLM\...\Windows x64\Print Processors\Canon MG2400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBW.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc) HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2400 series: C:\WINDOWS\system32\CNMLMBW.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\WINDOWS\system32\hpinkstsC511LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 4500 series): C:\WINDOWS\system32\HPDiscoPMC511.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\129.0.6668.72\Installer\chrmstp.exe [2024-10-03] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {AACE8D2F-0836-4B8E-937B-B45968435D49} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1563080 2024-07-31] (Adobe Inc. -> Adobe Inc.) Task: {9A931A9B-DF05-4588-83AA-326EA9A42D93} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4116912 2024-07-26] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {C23E47D4-6925-4002-82C7-3FBC4B525097} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4454832 2024-07-26] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {FE2F37D7-1518-4949-A9D1-B1A10343ACC5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-12-20] (Dropbox, Inc -> Dropbox, Inc.) Task: {A7943314-6D92-4B53-982B-B68512A0AB45} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-12-20] (Dropbox, Inc -> Dropbox, Inc.) Task: {35D877ED-39E1-4096-A2F7-A99D80BB93F0} - System32\Tasks\G2MUpdateTask-S-1-5-21-3956460003-1498418990-1826556186-1001 => C:\Users\piotr\AppData\Local\GoToMeeting\19992\g2mupdate.exe [34872 2024-05-02] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {B70E1045-FFCF-430C-8442-868CBA850538} - System32\Tasks\G2MUploadTask-S-1-5-21-3956460003-1498418990-1826556186-1001 => C:\Users\piotr\AppData\Local\GoToMeeting\19992\g2mupload.exe [34872 2024-05-02] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {04476A0F-113D-481A-BD4E-1B3BDA4C0AA4} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem130.0.6679.0{E8ADC2D0-5170-4E2D-9961-62B84902B4BE} => C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe [4884584 2024-08-26] (Google LLC -> Google LLC) Task: {C5525E66-B122-45F9-94E3-6F113437524C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-01-04] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show Task: {37F725C7-DC28-4A82-A369-BF0B2B14099E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-01-04] (HP Inc. -> HP Inc.) Task: {617046E4-36E1-451C-A1DA-DEEEE643394B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\/f Task: {DE4F0F5E-EB4B-4A6C-890B-49970E15EDD0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPPrinterLowInk => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPPrinterLowInk\HPPrinterLowInk.exe [231472 2024-01-04] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show Task: {B77407D6-D051-4B98-8182-E00C9B8E7F86} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-01-04] (HP Inc. -> HP Inc.) [File not signed] Task: {83DBD701-592E-4575-BD44-B8E5A2629790} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File) Task: {811335CE-E4A7-46E9-8646-703FC288BC7A} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.) Task: {13F7E4C5-0ACD-4A00-8DB0-F921E1B8A26E} - System32\Tasks\HPEA3JOBS => C:\Program -> Files\HP\HP ePrint\hpeprint.exe /CheckJobs Task: {AC622D59-985D-40E2-AFF1-D238EC367B72} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-05-12] (HP Inc. -> ) Task: {0E2F3236-66FD-4596-934B-1EFC1D5F121D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-06] (Microsoft Corporation -> Microsoft Corporation) Task: {29ED44E5-F1D0-4C90-9D74-10E127860619} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-06] (Microsoft Corporation -> Microsoft Corporation) Task: {A31E32B2-EB06-4AD8-BAB6-3FB04F9B1D0E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221152 2024-05-05] (Microsoft Corporation -> Microsoft Corporation) Task: {090B9777-4FE0-4E52-83C0-8961AC711EDF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221152 2024-05-05] (Microsoft Corporation -> Microsoft Corporation) Task: {F5769508-377D-4B45-A679-73316A365C1F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [343032 2024-05-06] (Microsoft Corporation -> Microsoft Corporation) Task: {191384C9-85A1-4EB2-81D4-48F5A0C6ACB7} - System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr => C:\WINDOWS\System32\UNP\UpdateNotificationMgr.exe [0 2021-04-05] () <==== ATTENTION [zero byte File/Folder] Task: {CEB50594-23F9-4CBA-BAC5-F20A57EA8467} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-10-03] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DAAFFA8D-9170-4BCE-A536-B88A34844EC8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-10-03] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {AB2A4851-56FC-4E8B-B424-D1A0CB5F706E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-10-03] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A635E420-28DA-4494-A77E-6664941FBFF6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-10-03] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {059521C9-0E3B-4BE9-8CF1-57A51CBB799F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-07-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {F4BA7C48-75E4-44D6-9202-AFC6D1B327C7} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-06-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3956460003-1498418990-1826556186-1001.job => C:\Users\piotr\AppData\Local\GoToMeeting\19992\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3956460003-1498418990-1826556186-1001.job => C:\Users\piotr\AppData\Local\GoToMeeting\19992\g2mupload.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.76.97 Tcpip\..\Interfaces\{00bc0693-1efb-4429-a013-0ee43f57f5da}: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{e79fc9bb-4fd1-474d-a57a-1cb86e715d48}: [DhcpNameServer] 192.168.76.97 Tcpip\..\Interfaces\{e79fc9bb-4fd1-474d-a57a-1cb86e715d48}\0596F647273702960586F6E656: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{e79fc9bb-4fd1-474d-a57a-1cb86e715d48}\253434F57457563747: [DhcpNameServer] 212.10.10.4 212.10.10.5 8.8.8.8 Tcpip\..\Interfaces\{e79fc9bb-4fd1-474d-a57a-1cb86e715d48}\34F6D6E65647F52393334434239334D25374: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{e79fc9bb-4fd1-474d-a57a-1cb86e715d48}\7416C616879702E4F64756130302C496475636831373: [DhcpNameServer] 192.168.121.22 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\piotr\AppData\Local\Microsoft\Edge\User Data\Default [2024-10-03] Edge StartupUrls: Default -> "hxxp://www.gazeta.pl/0,0.html?p=166" Edge DefaultSearchURL: Default -> hxxps://www.bing.com/search?EID=MBSC&form=BGGCMF&pc=__PARAM__BG02&q={searchTerms} Edge DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?form=BGGCSS&pc=__PARAM__BG02&query={searchTerms} Edge Session Restore: Default -> is enabled. Edge Extension: (NoFollow) - C:\Users\piotr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdbadhdfldeplmooomigjlpamkmkjfbl [2024-10-03] Edge Extension: (Meta Pixel Helper) - C:\Users\piotr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2024-03-13] Edge Extension: (Google Docs Offline) - C:\Users\piotr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-13] Edge Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\piotr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2024-10-03] Edge Extension: (Microsoft Bing Search Engine) - C:\Users\piotr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkecabaloghleaicfhefejdijblljpco [2024-08-22] Edge Extension: (Edge relevant text changes) - C:\Users\piotr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-01] Edge Extension: (NemID Nøglefilsprogram) - C:\Users\piotr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mbjoejbgakiicfllhcdilppjkmmicnch [2024-03-13] Edge Extension: (Free Screen Recorder) - C:\Users\piotr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ppnhmbecmjohhacmbjcefmmfhanjecaa [2024-06-03] FireFox: ======== FF DefaultProfile: ohp8w2yw.default FF ProfilePath: C:\Users\piotr\AppData\Roaming\Mozilla\Firefox\Profiles\ohp8w2yw.default [2024-02-06] FF Extension: (NoFollow) - C:\Users\piotr\AppData\Roaming\Mozilla\Firefox\Profiles\ohp8w2yw.default\Extensions\nofollow@igor.jerosimic.xpi [2018-09-19] FF Extension: (Telemetry coverage) - C:\Users\piotr\AppData\Roaming\Mozilla\Firefox\Profiles\ohp8w2yw.default\features\{e80867ee-8144-47a7-b826-0c94742f854c}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-23] [Legacy] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-05-02] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-05-19] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-05-06] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-09-07] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2024-08-03] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-05-19] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Default [2024-10-03] CHR Notifications: Default -> hxxps://app.alfabeto.dk; hxxps://business.facebook.com; hxxps://imged.pl; hxxps://katusaresearch.com; hxxps://mail.mail-online.dk; hxxps://mail.one.com; hxxps://meet.google.com; hxxps://neilpatel.com; hxxps://sportowefakty.wp.pl; hxxps://stacja7.pl; hxxps://virginmobile.pl; hxxps://vod.pl; hxxps://web.skype.com; hxxps://webmail.dandomain.dk; hxxps://www.airbaltic.com; hxxps://www.bzwbk.pl; hxxps://www.homebook.pl; hxxps://www.pinterest.dk; hxxps://www.seoreviewtools.com; hxxps://www.tectake.dk; hxxps://www.youtube.com CHR StartupUrls: Default -> "hxxp://www.gazeta.pl/0,0.html?p=166" CHR Session Restore: Default -> is enabled. CHR Extension: (Duolingo on the Web) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2017-12-20] CHR Extension: (NoFollow) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogidghaigoomjdeacndafapdijmiid [2024-10-03] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-08-25] CHR Extension: (Meta Pixel Helper) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2024-03-14] CHR Extension: (Google Docs Offline) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-23] CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2024-10-03] CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-01] CHR Profile: C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 2 [2020-03-02] CHR Extension: (Slides) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-18] CHR Extension: (Docs) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-18] CHR Extension: (Google Drev) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-18] CHR Extension: (YouTube) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-18] CHR Extension: (Adobe Acrobat) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-08-29] CHR Extension: (Sheets) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-18] CHR Extension: (Google Docs Offline) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-02] CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-02] CHR Extension: (Gmail) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-29] CHR Extension: (Chrome Media Router) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-02] CHR Profile: C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 3 [2024-07-22] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-07-22] CHR Extension: (Google Docs Offline) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-22] CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-07-22] CHR Profile: C:\Users\piotr\AppData\Local\Google\Chrome\User Data\System Profile [2024-10-03] CHR HKU\S-1-5-21-3956460003-1498418990-1826556186-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-07-31] (Adobe Inc. -> Adobe Inc.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-05-19] (Adobe Inc. -> Adobe Inc.) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [134080 2017-05-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221280 2024-04-06] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-12-20] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-12-20] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2024-09-17] (Dropbox, Inc -> Dropbox, Inc.) R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1318184 2017-05-15] (HP Inc. -> HP Inc.) S2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [888880 2024-01-04] (HP Inc. -> HP Inc.) R2 HPDCService; C:\Program Files\Portrait Displays\HP Display Control\DisplayControlService.exe [203584 2017-06-08] (PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.) S2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [887848 2024-01-04] (HP Inc. -> HP Inc.) R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-05-23] (HP Inc. -> HP Inc.) S2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [884784 2024-01-04] (HP Inc. -> HP Inc.) S2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [886832 2024-01-04] (HP Inc. -> HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [630776 2017-02-06] (HP Inc. -> HP Inc.) S3 mc-wps-secdashboardservice; C:\Program Files (x86)\HP\HP Support Framework\Resources\mc-wps-secdashboardservice.exe [1204608 2024-01-04] (McAfee, LLC -> McAfee, LLC) R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe [1431160 2024-10-03] (Microsoft Windows Publisher -> Microsoft Corporation) R2 MullvadVPN; C:\Program Files\Mullvad VPN\resources\mullvad-daemon.exe [21429464 2023-12-06] (Mullvad VPN AB -> Mullvad VPN AB) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\NisSrv.exe [3199656 2024-10-03] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1549168 2017-06-03] (WildTangent Inc -> ) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe [133704 2024-10-03] (Microsoft Windows Publisher -> Microsoft Corporation) S3 DropboxElevationService; "C:\Program Files (x86)\Dropbox\Client\206.4.6506\DropboxElevationService.exe" --svc --appid={cc46080e-4c33-4981-859a-bba2f780f31e} [X] S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 mullvad-split-tunnel; C:\Program Files\Mullvad VPN\resources\mullvad-split-tunnel.sys [90736 2023-12-06] (Mullvad VPN AB -> Mullvad VPN AB) S3 MullvadWireGuard; C:\WINDOWS\System32\drivers\mullvad-wireguard.sys [498664 2024-01-16] (Mullvad VPN AB -> WireGuard LLC) R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2017-06-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) S3 scsiscan; C:\WINDOWS\system32\DRIVERS\scsiscan.sys [21504 2020-01-22] (Microsoft Windows -> Microsoft Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-10-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602392 2024-10-03] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-10-03] (Microsoft Windows -> Microsoft Corporation) S3 MpKsl1d86a363; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D198738D-8B0D-4DA4-B581-D46749172DBB}\MpKslDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (All) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2024-10-03 17:40 - 2024-10-03 17:42 - 000034802 _____ C:\Users\piotr\Downloads\FRST.txt 2024-10-03 17:34 - 2024-10-03 17:34 - 002397696 _____ (Farbar) C:\Users\piotr\Downloads\FRST64.exe 2024-10-03 15:02 - 2024-10-03 15:03 - 000000000 ____D C:\Program Files (x86)\chrome_url_fetcher_6996_165871577 2024-10-03 10:05 - 2024-10-03 10:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2024-10-03 10:04 - 2024-10-03 10:04 - 000000000 ____D C:\Program Files (x86)\chrome_url_fetcher_15740_287824208 2024-09-17 16:18 - 2024-09-17 16:18 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2024-09-17 16:18 - 2024-09-17 16:18 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2024-09-17 16:18 - 2024-09-17 16:18 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2024-09-17 16:18 - 2024-09-17 16:18 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx.sys 2024-09-17 16:18 - 2024-09-17 16:18 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2024-10-03 17:41 - 2019-11-05 12:41 - 000000000 ____D C:\FRST 2024-10-03 17:38 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-10-03 17:14 - 2021-07-06 06:58 - 000000000 ____D C:\Users\piotr\OneDrive\Pulpit\Do zafakturowania 2024-10-03 17:09 - 2019-08-10 20:12 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3817F065-CE5A-4180-812C-B5246433368B} 2024-10-03 17:09 - 2019-08-10 19:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2024-10-03 15:03 - 2017-12-20 21:33 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2024-10-03 13:44 - 2019-08-10 20:12 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2024-10-03 13:43 - 2022-10-17 05:34 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk 2024-10-03 13:43 - 2022-10-17 05:34 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2024-10-03 10:35 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2024-10-03 10:22 - 2020-07-16 09:01 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-10-03 10:16 - 2018-03-01 10:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2024-10-03 10:14 - 2018-01-08 10:41 - 000000000 ____D C:\WINDOWS\system32\MRT 2024-10-03 10:10 - 2018-01-08 10:41 - 197093640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2024-10-03 10:09 - 2021-12-20 08:35 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3956460003-1498418990-1826556186-1001 2024-10-03 10:09 - 2019-08-10 20:12 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3956460003-1498418990-1826556186-1001 2024-10-03 10:09 - 2019-08-10 20:04 - 000002364 _____ C:\Users\piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2024-10-03 10:07 - 2024-01-16 20:45 - 000003530 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 2024-10-03 10:07 - 2019-10-03 12:21 - 000003506 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0 2024-10-03 10:06 - 2017-12-20 21:29 - 000000000 ____D C:\Users\piotr\AppData\Roaming\Dropbox 2024-10-03 10:06 - 2017-12-20 21:28 - 000000000 ____D C:\Users\piotr\AppData\Local\Dropbox 2024-10-03 10:06 - 2017-12-20 21:28 - 000000000 ____D C:\Program Files (x86)\Dropbox 2024-10-03 10:05 - 2020-07-16 09:01 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-10-03 10:05 - 2020-07-16 09:01 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2024-10-03 09:52 - 2024-01-16 21:11 - 000000000 ____D C:\ProgramData\Mullvad VPN ==================== Files in the root of some directories ======== 2024-07-27 11:05 - 2024-07-27 11:03 - 006877632 _____ (Microsoft Corporation) C:\Program Files\7ac8bfb8-7121-4c98-9292-185396a958bf.tmp 2024-08-26 10:32 - 2024-08-26 10:30 - 006901816 _____ (Microsoft Corporation) C:\Program Files\cf6b0d15-4dc0-4368-9a23-20e1feefee81.tmp 2024-10-03 15:03 - 2024-10-03 15:03 - 000028118 _____ () C:\Program Files\chrome_installer.log 2024-08-26 10:33 - 2024-08-26 10:33 - 006879272 _____ (Microsoft Corporation) C:\Program Files\f4f139e3-cddd-44dc-ab77-963dfef068bc.tmp 2024-08-26 10:31 - 2024-10-03 10:42 - 000169050 _____ () C:\Program Files\msedge_installer.log 2018-09-28 08:37 - 2018-09-28 08:37 - 000000000 _____ () C:\Users\piotr\AppData\Local\oobelibMkey.log ==================== FCheck ================================ (If an entry is included in the fixlist, the file/folder will be moved.) FCheck: C:\WINDOWS\system32\bcdedit.exe [2019-08-15] <==== ATTENTION (zero byte File/Folder) FCheck: C:\WINDOWS\system32\SRH.dll [2021-04-05] <==== ATTENTION (zero byte File/Folder) ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ATTENTION: ==> Could not access BCD. -> 䄀搀最愀渀最 渀쎦gtet. ==================== End of FRST.txt ========================