Fix result of Farbar Recovery Scan Tool (x64) Version: 10-01-2022 01 Ran by gruca (12-01-2022 22:47:42) Run:1 Running from C:\Users\gruca\Desktop\frst Loaded Profiles: gruca & Dziecko & Mike & john Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: EmptyTemp: HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [electron.app.dllservices] => C:\Users\gruca\AppData\Roaming\.dllbackups\dllruntime.exe [63924677 2021-11-29] (Microsoft Corporation) [File not signed] [File is in use] HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [net.mullvad.vpn] => C:\Program Files\Mullvad VPN\Mullvad VPN.exe (No File) HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\MountPoints2: {a93df173-24ea-11eb-b8cc-001fc65fdfcd} - "I:\setup.EXE" /AUTORUN GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION Task: {23D702CE-0AD2-4386-AD75-0C9211763E52} - System32\Tasks\Opera scheduled Autoupdate 1605188338 => C:\Users\gruca\AppData\Local\Programs\Opera\launcher.exe [2256592 2021-12-21] (Opera Software AS -> Opera Software) Task: {EE06C872-ACBC-4837-A3A7-9227FC67FC33} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Moo0\AudioRecorder 1.46\VoiceRecorder.exe (No File) Tcpip\..\Interfaces\{3016a114-084d-482b-a2e8-b01007ad0086}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3e805e67-e0c4-44fa-99ca-c10d7980f1d9}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{449a4402-7be0-4802-a416-af8c9206b14a}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{701885b7-b46c-4de5-afab-52d8960e6425}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f440536d-681b-46f0-94c2-53f6ccdb9a34}: [DhcpNameServer] 192.168.1.1 2021-12-20 14:01 - 2021-12-20 14:01 - 000000690 __RSH C:\ProgramData\ntuser.pol 2022-01-12 07:11 - 2021-07-26 06:36 - 000000000 ____D C:\Users\gruca\AppData\Roaming\dllservices C:\Users\gruca\AppData\Roaming\dll-propagation C:\Users\gruca\AppData\Roaming\.dllbackups C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE FirewallRules: [TCP Query User{BCC19036-B9B3-4ED3-B5C3-0D737457FA30}C:\users\gruca\appdata\roaming\.dllbackups\data\modules\dll-host\downloads\phoenix-gpu\phoenixminer.exe] => (Block) C:\users\gruca\appdata\roaming\.dllbackups\data\modules\dll-host\downloads\phoenix-gpu\phoenixminer.exe => No File FirewallRules: [UDP Query User{3921EB57-E497-4568-95CC-C8315DD75B2A}C:\users\gruca\appdata\roaming\.dllbackups\data\modules\dll-host\downloads\phoenix-gpu\phoenixminer.exe] => (Block) C:\users\gruca\appdata\roaming\.dllbackups\data\modules\dll-host\downloads\phoenix-gpu\phoenixminer.exe => No File RemoveProxy: ***************** Restore point was successfully created. Processes closed successfully. "HKU\S-1-5-21-86094929-2313430768-12774340-1001\Software\Microsoft\Windows\CurrentVersion\Run\\electron.app.dllservices" => removed successfully "HKU\S-1-5-21-86094929-2313430768-12774340-1001\Software\Microsoft\Windows\CurrentVersion\Run\\net.mullvad.vpn" => removed successfully HKU\S-1-5-21-86094929-2313430768-12774340-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a93df173-24ea-11eb-b8cc-001fc65fdfcd} => removed successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\ProgramData\NTUSER.pol => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23D702CE-0AD2-4386-AD75-0C9211763E52}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23D702CE-0AD2-4386-AD75-0C9211763E52}" => removed successfully C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1605188338 => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1605188338" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE06C872-ACBC-4837-A3A7-9227FC67FC33}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE06C872-ACBC-4837-A3A7-9227FC67FC33}" => removed successfully C:\WINDOWS\System32\Tasks\RunAsStdUser Task => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3016a114-084d-482b-a2e8-b01007ad0086}\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3e805e67-e0c4-44fa-99ca-c10d7980f1d9}\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{449a4402-7be0-4802-a416-af8c9206b14a}\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{701885b7-b46c-4de5-afab-52d8960e6425}\\DhcpNameServer" => removed successfully "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f440536d-681b-46f0-94c2-53f6ccdb9a34}\\DhcpNameServer" => removed successfully "C:\ProgramData\ntuser.pol" => not found C:\Users\gruca\AppData\Roaming\dllservices => moved successfully C:\Users\gruca\AppData\Roaming\dll-propagation => moved successfully C:\Users\gruca\AppData\Roaming\.dllbackups => moved successfully C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE => moved successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BCC19036-B9B3-4ED3-B5C3-0D737457FA30}C:\users\gruca\appdata\roaming\.dllbackups\data\modules\dll-host\downloads\phoenix-gpu\phoenixminer.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3921EB57-E497-4568-95CC-C8315DD75B2A}C:\users\gruca\appdata\roaming\.dllbackups\data\modules\dll-host\downloads\phoenix-gpu\phoenixminer.exe" => removed successfully ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-86094929-2313430768-12774340-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-86094929-2313430768-12774340-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-86094929-2313430768-12774340-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-86094929-2313430768-12774340-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= =========== EmptyTemp: ========== BITS transfer queue => 1048576 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 129515745 B Java, Flash, Steam htmlcache => 59530377 B Windows/system/drivers => 10812296 B Edge => 27648 B Chrome => 8340050 B Firefox => 17691433 B Opera => 353381620 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 985500 B NetworkService => 990934 B gruca => 2564660552 B Dziecko => 2564666184 B Mike => 2564683258 B liza => 2564683258 B john => 2564687138 B RecycleBin => 377459 B EmptyTemp: => 12.5 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 22:53:10 ====