Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-01-2022 01 Ran by gruca (administrator) on DESKTOP-VI3R4BF (INTEL X99) (12-01-2022 07:35:02) Running from C:\Users\gruca\AppData\Local\Temp\scoped_dir23328_206442671 Loaded Profiles: gruca Platform: Microsoft Windows 10 Pro Version 20H2 19042.1415 (X64) Language: Polish (Poland) -> English (United Kingdom) Default browser: Opera Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe (Discord Inc. -> Discord Inc.) C:\Users\gruca\AppData\Local\Discord\app-1.0.9003\Discord.exe <6> (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\96.0.4664.39\remoting_host.exe <2> (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) [File not signed] [File is in use] C:\Users\gruca\AppData\Roaming\.dllbackups\dllruntime.exe (Microsoft Corporation) [File not signed] C:\Users\gruca\AppData\Local\Temp\1y6QaG1dVqmqkzRvawVNVxn3bhE\dllservices.exe <4> (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmconnect.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\vmwp.exe <3> (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Mozilla Corporation -> ) C:\Users\gruca\AppData\Local\Programs\Python\Python39\Scripts\geckodriver.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6> (Mozilla Corporation -> Mozilla Corporation) H:\ThunderbirdPortable\App\Thunderbird64\thunderbird.exe <4> (NortonLifeLock Inc. -> Broadcom) C:\Program Files\Norton Security\Engine\22.21.11.46\NortonSecurity.exe <2> (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.21.11.46\nsWscSvc.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe <2> (Opera Software AS -> Opera Software) C:\Users\gruca\AppData\Local\Programs\Opera\82.0.4227.43\opera_crashreporter.exe (Opera Software AS -> Opera Software) C:\Users\gruca\AppData\Local\Programs\Opera\opera.exe <57> (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler.exe (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler64.exe (Python Software Foundation -> Python Software Foundation) C:\Users\gruca\AppData\Local\Programs\Python\Python39\python.exe (Rare Ideas LLC -> PortableApps.com) H:\ThunderbirdPortable\ThunderbirdPortable.exe (RealVNC Ltd -> RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncagent.exe (RealVNC Ltd -> RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd -> RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMDE.EXE (Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe <6> (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\gruca\AppData\Roaming\Telegram Desktop\Telegram.exe (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieSvc.exe (VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe <2> ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [7580488 2021-05-24] (Paramount Software UK Ltd -> Paramount Software UK Ltd) HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2254152 2020-08-05] (voidtools -> voidtools) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [119000 2020-11-17] (VMware, Inc. -> VMware, Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [670080 2021-04-09] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [895360 2021-04-09] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [409280 2020-11-12] (AVB Disc Soft, SIA -> Disc Soft Ltd) HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc) [File not signed] HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [Discord] => C:\Users\gruca\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub) HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software) [File not signed] HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35342976 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [110018944 2021-06-07] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [DeepL] => C:\Users\gruca\AppData\Local\DeepL\app-2.5.1\DeepL.exe [133632 2021-06-02] (DeepL GmbH) [File not signed] HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1079184 2021-10-03] (Blizzard Entertainment, Inc. -> Blizzard Entertainment) HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267432 2021-12-16] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [Opera Browser Assistant] => C:\Users\gruca\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software) HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [electron.app.dllservices] => C:\Users\gruca\AppData\Roaming\.dllbackups\dllruntime.exe [63924677 2021-11-29] (Microsoft Corporation) [File not signed] [File is in use] HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\Run: [net.mullvad.vpn] => C:\Program Files\Mullvad VPN\Mullvad VPN.exe (No File) HKU\S-1-5-21-86094929-2313430768-12774340-1001\...\MountPoints2: {a93df173-24ea-11eb-b8cc-001fc65fdfcd} - "I:\setup.EXE" /AUTORUN HKLM\...\Print\Monitors\EPSON WF-2630 Series 64MonitorBE: C:\Windows\system32\E_YLMBMDE.DLL [179712 2013-12-06] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed] HKLM\...\Print\Monitors\MONVNC: C:\Windows\system32\VNCpm.dll [37704 2021-01-20] (RealVNC Ltd -> RealVNC Ltd) HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\96.1.13589.113\Installer\chrmstp.exe [2021-12-17] (Piriform Software Ltd -> Piriform Software) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.71\Installer\chrmstp.exe [2022-01-08] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2021-07-12] ShortcutTarget: Universal Media Server.lnk -> C:\Program Files (x86)\Universal Media Server\UMS.exe (Universal Media Server) [File not signed] GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {05C86C1B-299E-40E4-A995-5A6400676FA3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {0AFE358E-A42E-4F69-AEE4-146FA248088E} - System32\Tasks\Opera scheduled assistant Autoupdate 1605188342 => C:\Users\gruca\AppData\Local\Programs\Opera\launcher.exe [2256592 2021-12-21] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\gruca\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {1134D056-AF9B-44B7-931D-B5962482BF23} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6332312 2021-12-19] (Microsoft Corporation -> Microsoft Corporation) Task: {13CDF188-26C7-4B32-B67E-AE545C565601} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1067736 2015-10-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {1B69B7A2-1467-4BE5-9C7F-602253B5993C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {2135FF73-F8D0-4BC1-8B1A-A78D9E729C5A} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2521976 2021-12-15] (Piriform Software Ltd -> Piriform Software) Task: {23D702CE-0AD2-4386-AD75-0C9211763E52} - System32\Tasks\Opera scheduled Autoupdate 1605188338 => C:\Users\gruca\AppData\Local\Programs\Opera\launcher.exe [2256592 2021-12-21] (Opera Software AS -> Opera Software) Task: {2845F45D-8A8B-4B18-A319-103E1C5BA1B6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {2F9F7713-7E24-4F74-BC54-5BB50CBA73DA} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1645440 2020-11-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {34468E6B-7948-43E7-9146-5C375A6299A5} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.11.46\SymErr.exe [108752 2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc) Task: {3F9981CF-F809-40E7-B2F4-C2887A5AF991} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.21.11.46\SymErr.exe [108752 2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc) Task: {494896EA-9BD0-4C96-9BD0-4EF59B721F7B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108872 2021-12-19] (Microsoft Corporation -> Microsoft Corporation) Task: {4B4071B9-4856-4F3B-884B-0DFFA7AF0702} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.21.11.46\SymErr.exe [108752 2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc) Task: {4CA78637-1A7B-42DE-8BA0-3F66CBA5635A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5913E054-D21F-409C-8400-9714925A88BB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {599F5CFE-FD73-452A-8557-6840E76BE460} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [782320 2019-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) Task: {69B2B6F4-A98E-4226-ADF6-CD5DAEBD621C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation) Task: {6D5623B5-CDC4-4B2F-8033-6398E98E95E9} - System32\Tasks\EPSON WF-2630 Series Update {DA399E28-5CD9-4320-B9EF-B035F746ABF3} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE [690536 2013-11-21] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) Task: {8129C7B7-F28F-4D2D-A075-4A95980E9DBE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-11-12] (Piriform Software Ltd -> Piriform) Task: {8D69174E-14C9-4EBB-AD90-6CDA248B2140} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {91BA1ACD-E15C-4A62-AB69-0B2AF544A7A8} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {97C4D26D-110A-4CB7-A30A-1F0EF2CF1B70} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-06] (Google LLC -> Google LLC) Task: {9A67545F-A823-4287-9F1F-163F9B592850} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6332312 2021-12-19] (Microsoft Corporation -> Microsoft Corporation) Task: {9FDEE375-39DB-40ED-86C2-9DBD8F09903E} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-04-30] (Piriform Software Ltd -> Piriform Software) Task: {A151066C-1CA8-4E61-9FB1-F057A5F08450} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A54ED4F0-D14E-4372-B2CF-BB83652F45AF} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1645440 2020-11-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {A6B992D7-3925-4DC8-8213-39430F6C38BE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {AC7D69B2-355C-4A02-8492-1E9DC2E46C37} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {B7FECCDB-1F40-4A20-8499-F44076AC82C5} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.21.11.46\WSCStub.exe [646520 2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {BA031B0F-B08A-4A16-8DDC-A797F795B3BA} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1645440 2020-11-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {BEE7CB96-1B10-460A-AD31-92E1629A92A7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108872 2021-12-19] (Microsoft Corporation -> Microsoft Corporation) Task: {C30093F2-15F8-43CC-BDAA-FB2BC2305FA9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation) Task: {D0734E67-0078-4E0A-836F-3F4DFB9F09CD} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E2F83080-7262-46DC-BD98-D50D7956C60C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-06] (Google LLC -> Google LLC) Task: {ECA4F0C1-B374-4CFF-B148-A76249882C73} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2521976 2021-12-15] (Piriform Software Ltd -> Piriform Software) Task: {EDF6DA37-1652-4261-8887-04DE2F5560DA} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65432 2021-10-15] (Microsoft Corporation -> Microsoft) Task: {EE06C872-ACBC-4837-A3A7-9227FC67FC33} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Moo0\AudioRecorder 1.46\VoiceRecorder.exe (No File) Task: {EF4C9440-90DA-4594-AB29-753A41165902} - System32\Tasks\CCleanerSkipUAC - gruca => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd) Task: {EF7AC5A0-1194-4090-97D7-1C40A253B68C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {F3C13D2C-794A-48C9-A6CA-07462581633F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation) Task: {F3DEDE6A-11FF-4E5D-9F3D-76F72CA2388E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {F68B4074-6F48-4755-BD9A-AFE68C34C5B0} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-04-30] (Piriform Software Ltd -> Piriform Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {DA399E28-5CD9-4320-B9EF-B035F746ABF3}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{DA399E28-5CD9-4320-B9EF-B035F746ABF3} /F:UpdateWORKGROUP\DESKTOP-VI3R4BF$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3016a114-084d-482b-a2e8-b01007ad0086}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3e805e67-e0c4-44fa-99ca-c10d7980f1d9}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{449a4402-7be0-4802-a416-af8c9206b14a}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{701885b7-b46c-4de5-afab-52d8960e6425}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f440536d-681b-46f0-94c2-53f6ccdb9a34}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\gruca\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-01] Edge Extension: (Outlook) - C:\Users\gruca\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-11-16] Edge Extension: (Word) - C:\Users\gruca\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-11-16] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\gruca\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-12-23] Edge Extension: (Excel) - C:\Users\gruca\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-11-16] Edge Extension: (PowerPoint) - C:\Users\gruca\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-11-16] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: jlvompdq.default FF ProfilePath: C:\Users\gruca\AppData\Roaming\Mozilla\Firefox\Profiles\jlvompdq.default [2022-01-08] FF ProfilePath: C:\Users\gruca\AppData\Roaming\Mozilla\Firefox\Profiles\hp1srljy.default-release [2022-01-08] FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-05] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-05] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [2021-04-30] (Piriform Software Ltd -> Piriform Software) FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [2021-04-30] (Piriform Software Ltd -> Piriform Software) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\gruca\AppData\Local\Google\Chrome\User Data\Default [2022-01-08] CHR DefaultSearchURL: Default -> hxxps://ssl.gstatic.com/chromoting/chromoting_logo_512.png CHR Extension: (Prezentacje) - C:\Users\gruca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-06] CHR Extension: (Dokumenty) - C:\Users\gruca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-06] CHR Extension: (Dysk Google) - C:\Users\gruca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-06] CHR Extension: (YouTube) - C:\Users\gruca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-06] CHR Extension: (Chrome Remote Desktop) - C:\Users\gruca\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmjfjelnicpmdcmfikempdhlmainjcb [2021-02-06] CHR Extension: (Arkusze) - C:\Users\gruca\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-06] CHR Extension: (Dokumenty Google offline) - C:\Users\gruca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-08] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\gruca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-09] CHR Extension: (Chrome Remote Desktop) - C:\Users\gruca\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2021-02-06] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\gruca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-06] CHR Extension: (Gmail) - C:\Users\gruca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-06] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Opera: ======= OPR Profile: C:\Users\gruca\AppData\Roaming\Opera Software\Opera Stable [2022-01-12] OPR Notifications: Opera Stable -> hxxps://www.epaka.pl; hxxps://www.pathofexile.com OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Cookie Cleaner (Cookie Eraser)) - C:\Users\gruca\AppData\Roaming\Opera Software\Opera Stable\Extensions\dedogejibcldnlhidaifpendclhofikg [2021-11-02] OPR Extension: (Rich Hints Agent) - C:\Users\gruca\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-12-23] OPR Extension: (GetThemAll) - C:\Users\gruca\AppData\Roaming\Opera Software\Opera Stable\Extensions\fhkjfciooifcflkailbnchdaihccdebf [2021-01-11] OPR Extension: (Better PathOfExile Trading) - C:\Users\gruca\AppData\Roaming\Opera Software\Opera Stable\Extensions\fhlinfpmdlijegjlpgedcmglkakaghnk [2021-11-07] OPR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\gruca\AppData\Roaming\Opera Software\Opera Stable\Extensions\gjpihpkhgfngnbhhfdehlcmgfahbciip [2020-11-18] OPR Extension: (Dark Mode) - C:\Users\gruca\AppData\Roaming\Opera Software\Opera Stable\Extensions\jabpfojepndedlelamfloejfoopkogcf [2021-11-29] OPR Extension: (Amazon Assistant Promotion) - C:\Users\gruca\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-16] OPR Extension: (Web Developer) - C:\Users\gruca\AppData\Roaming\Opera Software\Opera Stable\Extensions\kddhmaadmaklcieonhggddempagbakph [2021-01-29] OPR Extension: (Zainstaluj rozszerzenia Chrome) - C:\Users\gruca\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2021-01-11] OPR Extension: (Tłumacz Google) - C:\Users\gruca\AppData\Roaming\Opera Software\Opera Stable\Extensions\mchdgimobfnilobnllpdnompfjkkfdmi [2021-12-06] OPR Extension: (Tampermonkey) - C:\Users\gruca\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2021-06-22] OPR Extension: (Adblock Plus - darmowy adblocker) - C:\Users\gruca\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2021-12-03] OPR Extension: (Zrób pełny, całkowity zrzut ekranu strony internetowej - FireShot) - C:\Users\gruca\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbjmgmedeliohhbaefhlplndokcbmjio [2020-11-18] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com) S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-04-30] (Piriform Software Ltd -> Piriform Software) S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\96.1.13589.113\elevation_service.exe [1721904 2021-12-15] (Piriform Software Ltd -> Piriform Software) S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-04-30] (Piriform Software Ltd -> Piriform Software) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\96.0.4664.39\remoting_host.exe [72536 2021-11-04] (Google LLC -> Google LLC) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12129128 2021-12-10] (Microsoft Corporation -> Microsoft Corporation) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [5030592 2020-11-12] (AVB Disc Soft, SIA -> Disc Soft Ltd) R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [678328 2018-06-11] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (SEIKO EPSON Corporation -> Seiko Epson Corporation) R2 Everything; C:\Program Files\Everything\Everything.exe [2254152 2020-08-05] (voidtools -> voidtools) R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2357936 2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2021-06-02] (FUTUREMARK INC -> Futuremark) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation -> Microsoft Corporation) R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [8929608 2021-05-24] (Paramount Software UK Ltd -> Paramount Software UK Ltd) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-07] (Malwarebytes Inc -> Malwarebytes) R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.21.11.46\NortonSecurity.exe [343336 2021-12-13] (NortonLifeLock Inc. -> Broadcom) R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.21.11.46\nsWscSvc.exe [1059176 2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [331752 2021-02-01] (Tonalio GmbH -> sandboxie-plus.com) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6138112 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation) S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13261608 2021-05-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15221296 2020-11-17] (VMware, Inc. -> ) R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [6878456 2021-01-20] (RealVNC Ltd -> RealVNC Ltd) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-12-02] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-12-02] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.2.57\Definitions\BASHDefs\20220111.011\BHDrvx64.sys [2018784 2021-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\ccSetx64.sys [192256 2021-12-13] (Symantec Corporation -> Symantec Corporation) S3 cpuz150; C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [44832 2022-01-11] (CPUID S.A.R.L.U. -> CPUID) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-11-12] (AVB Disc Soft, SIA -> Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-11-12] (AVB Disc Soft, SIA -> Disc Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [509904 2021-12-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145376 2021-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-10-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.2.57\Definitions\IPSDefs\20220111.061\IDSvia64.sys [1480144 2021-12-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-08-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2022-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-07] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2022-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\nsvst.sys [56080 2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [179416 2019-02-15] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [182672 2021-01-31] (NGO -> sandboxie-plus.com) R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software) R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\SRTSP64.SYS [892600 2021-12-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\SRTSPX64.SYS [48824 2021-12-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\SYMEFASI64.SYS [2030768 2021-12-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\SymELAM.sys [31984 2021-12-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [93120 2021-12-11] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.2.57\SymPlatform\SymEvnt.sys [712432 2021-07-13] (Symantec Corporation -> Symantec Corporation) R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\Ironx64.SYS [319152 2021-12-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\symnets.sys [575344 2021-12-13] (Symantec Corporation -> Symantec Corporation) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [37360 2019-04-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project) R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [60344 2020-11-17] (VMware, Inc. -> VMware, Inc.) R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [68544 2020-11-17] (VMware, Inc. -> VMware, Inc.) R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [105912 2020-08-10] (VMware, Inc. -> VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [54592 2020-08-11] (VMware, Inc. -> VMware, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-12-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435424 2021-12-02] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-12-02] (Microsoft Windows -> Microsoft Corporation) R1 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\16150B0.02E\wpCtrlDrv.sys [1015760 2021-12-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-01-12 07:34 - 2022-01-12 07:35 - 000000000 ____D C:\FRST 2022-01-12 07:34 - 2022-01-12 07:34 - 002297344 _____ (Farbar) C:\Users\gruca\Downloads\FRST64.exe 2022-01-12 07:15 - 2022-01-12 07:20 - 000000000 ____D C:\Users\gruca\AppData\LocalLow\Mozilla 2022-01-12 07:10 - 2022-01-12 07:23 - 000000000 ____D C:\Users\gruca\AppData\LocalLow\IGDump 2022-01-12 07:10 - 2022-01-12 07:10 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2022-01-12 07:10 - 2022-01-12 07:10 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2022-01-12 07:10 - 2022-01-12 07:10 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2022-01-11 14:29 - 2022-01-11 14:29 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation 2022-01-11 14:11 - 2022-01-11 14:11 - 009183528 _____ (Martin Malik - REALiX ) C:\Users\gruca\Downloads\hwi_716.exe 2022-01-11 14:11 - 2022-01-11 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64 2022-01-11 14:11 - 2022-01-11 14:11 - 000000000 ____D C:\Program Files\HWiNFO641 2022-01-11 10:30 - 2022-01-11 10:30 - 000136128 _____ C:\Users\gruca\Downloads\65-20_Zawiadomienie (2).pdf 2022-01-11 10:25 - 2022-01-11 10:25 - 000367501 _____ C:\Users\gruca\Downloads\65-20_SIWZ.pdf 2022-01-11 10:25 - 2022-01-11 10:25 - 000217110 _____ C:\Users\gruca\Downloads\2020-OJS091-218182-pl.pdf 2022-01-11 10:25 - 2022-01-11 10:25 - 000136128 _____ C:\Users\gruca\Downloads\65-20_Zawiadomienie (1).pdf 2022-01-11 10:23 - 2022-01-11 10:23 - 000136128 _____ C:\Users\gruca\Downloads\65-20_Zawiadomienie.pdf 2022-01-11 10:23 - 2022-01-11 10:23 - 000111800 _____ C:\Users\gruca\Downloads\65-20_Informacja z otwarcia ofert.pdf 2022-01-11 09:46 - 2022-01-11 09:46 - 000022344 _____ C:\Users\gruca\Downloads\custom_rules.json 2022-01-11 09:37 - 2022-01-11 09:38 - 000001968 _____ C:\Users\gruca\Desktop\t6733b.exe - Shortcut.lnk 2022-01-11 09:37 - 2022-01-11 09:37 - 069798912 _____ () C:\Users\gruca\Downloads\t6733b 2022-01-11 08:27 - 2022-01-11 08:27 - 000282347 _____ C:\Users\gruca\Documents\siatpol.pdf 2022-01-11 06:23 - 2022-01-11 06:23 - 000000000 ____D C:\Users\gruca\Downloads\CinebenchR23 (1) 2022-01-11 06:21 - 2022-01-11 06:22 - 261956799 _____ C:\Users\gruca\Downloads\CinebenchR23 (1).zip 2022-01-08 19:28 - 2022-01-08 19:28 - 001442670 _____ C:\Users\gruca\Downloads\geckodriver-v0.30.0-win64.zip 2022-01-08 19:28 - 2022-01-08 19:28 - 000002767 _____ C:\Users\gruca\Downloads\muleex_ultimatum.py 2022-01-08 19:28 - 2022-01-08 19:28 - 000001048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-01-08 19:28 - 2022-01-08 19:28 - 000001036 _____ C:\Users\Public\Desktop\Firefox.lnk 2022-01-08 19:28 - 2022-01-08 19:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2022-01-08 19:28 - 2022-01-08 19:28 - 000000000 ____D C:\Users\gruca\AppData\Local\Mozilla 2022-01-08 19:28 - 2022-01-08 19:28 - 000000000 ____D C:\Program Files\Mozilla Firefox 2022-01-08 19:27 - 2022-01-08 19:27 - 000333952 _____ (Mozilla) C:\Users\gruca\Downloads\Firefox Installer.exe 2022-01-08 19:15 - 2022-01-08 19:15 - 000000000 ____D C:\webdriver 2022-01-08 18:58 - 2022-01-08 18:58 - 006180382 _____ C:\Users\gruca\Downloads\chromedriver_win32.zip 2022-01-08 18:57 - 2022-01-08 18:57 - 001341272 _____ (Google LLC) C:\Users\gruca\Downloads\ChromeSetup.exe 2022-01-08 18:54 - 2022-01-11 13:23 - 000000000 ____D C:\Users\gruca\Desktop\mule 2022-01-07 18:01 - 2022-01-07 18:01 - 006165870 _____ C:\Users\gruca\Downloads\POE maper 3.16.2b v2.rar 2022-01-07 09:57 - 2022-01-07 09:57 - 000170887 _____ C:\Users\gruca\Downloads\Ogłoszenie o zamówieniu.pdf 2022-01-07 09:41 - 2022-01-07 09:41 - 012550779 _____ C:\Users\gruca\Downloads\Załączniki do SWZ.zip 2022-01-07 08:34 - 2022-01-07 08:34 - 000067015 _____ C:\Users\gruca\Downloads\32.__Plan_postepowan_na_2021_rok_wersja_32.pdf 2022-01-05 09:28 - 2022-01-05 09:28 - 005528219 _____ C:\Users\gruca\Downloads\Cennik angielski turbo min.pdf 2022-01-04 13:18 - 2022-01-04 13:18 - 006433160 _____ C:\Users\gruca\Downloads\Cennik Turbo +4% na wszystko.pdf 2022-01-04 13:05 - 2022-01-04 13:05 - 006609838 _____ C:\Users\gruca\Downloads\Cennik Turbo +4 procent na wszystko.pdf 2022-01-03 16:45 - 2022-01-03 17:40 - 000000000 ____D C:\PoeBot_3162_23.11 2022-01-03 16:41 - 2022-01-03 16:45 - 000000000 ____D C:\Users\gruca\Desktop\New folder 2022-01-03 14:45 - 2022-01-03 14:45 - 006350008 _____ C:\Users\gruca\Downloads\Siatpol Cennik Angielski (4).pdf 2022-01-03 11:01 - 2022-01-03 11:01 - 014324737 _____ C:\Users\gruca\Downloads\Katalog-Siatpol-2022-druk.docx-EN-nigdy-więcej-za-normalną-cenę.pdf 2021-12-31 15:33 - 2021-12-31 15:33 - 000021358 _____ C:\Users\gruca\Downloads\[EX-TORRENTY.ORG] Fortress 2021 [1080p] [BluRay] [HT] [5.1] [ENG].torrent 2021-12-31 15:33 - 2021-12-31 15:33 - 000011835 _____ C:\Users\gruca\Downloads\[EX-TORRENTY.ORG] Resident Evil. Witajcie w Raccoon City - Resident Evil. Welcome to Raccoon City (2021) [WEB-DL.1080P] [AC3.PL.EN+SUB.PL] [LEKTOR-KRZYSZTOF] [TeaM-EnTeR1973].torrent 2021-12-30 16:06 - 2022-01-03 16:38 - 009755288 _____ C:\PoeBot_3162_23.11.zip 2021-12-30 08:07 - 2021-12-30 08:07 - 006521019 _____ C:\Users\gruca\Downloads\Siatpol cennik polski ceny turbo minimalne.pdf 2021-12-30 08:02 - 2021-12-30 08:02 - 010382632 _____ C:\Users\gruca\Downloads\Siatpol ogrodzeniówki i leśne.zip 2021-12-30 08:02 - 2021-12-30 08:02 - 007676389 _____ C:\Users\gruca\Downloads\Siatpol ogrodzeniówki i leśne (1).pdf 2021-12-30 07:59 - 2021-12-30 07:59 - 007695692 _____ C:\Users\gruca\Downloads\Siatpol ogrodzeniówki i leśne.pdf 2021-12-29 20:33 - 2021-12-29 20:33 - 000310346 _____ C:\Users\gruca\Desktop\fgfdgdfgdfgdf.txt 2021-12-29 14:29 - 2022-01-11 09:35 - 000000000 ____D C:\Users\gruca\AppData\Roaming\vlc 2021-12-29 14:28 - 2021-12-29 14:28 - 000000959 _____ C:\Users\Public\Desktop\VLC media player.lnk 2021-12-29 14:28 - 2021-12-29 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2021-12-29 14:28 - 2021-12-29 14:28 - 000000000 ____D C:\Program Files\VideoLAN 2021-12-29 14:27 - 2021-12-29 14:28 - 042762464 _____ C:\Users\gruca\Downloads\vlc-3.0.16-win64.exe 2021-12-28 13:41 - 2021-12-28 13:43 - 000001968 _____ C:\Users\gruca\Desktop\ea1820.exe - Shortcut (2).lnk 2021-12-28 13:40 - 2021-12-28 13:40 - 000000000 ____D C:\Users\gruca\Downloads\Agent 28_12 2021-12-28 13:35 - 2021-12-28 13:35 - 000002045 _____ C:\Users\gruca\Desktop\ea1820.exe - Shortcut.lnk 2021-12-28 13:27 - 2021-12-28 13:28 - 000002045 _____ C:\Users\gruca\Desktop\ea1806.exe - Shortcut.lnk 2021-12-28 09:10 - 2021-12-28 09:10 - 000071978 _____ C:\Users\gruca\Downloads\custom_skills.json 2021-12-27 06:13 - 2021-12-27 06:14 - 094699432 _____ (Mullvad VPN) C:\Users\gruca\Downloads\MullvadVPN-2021.6.exe 2021-12-25 06:06 - 2021-12-25 06:06 - 000002472 _____ C:\Users\Public\Desktop\Norton Security.lnk 2021-12-24 06:41 - 2021-12-24 06:41 - 000000000 ____D C:\Users\gruca\AppData\Local\Norton 2021-12-24 06:31 - 2022-01-12 07:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360 2021-12-24 06:26 - 2021-12-25 06:06 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2021-12-24 06:26 - 2021-12-24 06:26 - 000003378 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration 2021-12-23 22:37 - 2021-12-23 22:37 - 009401775 _____ C:\blight_1059357956.rar 2021-12-23 22:23 - 2021-12-23 22:23 - 000002813 _____ C:\Users\gruca\AppData\Local\recently-used.xbel 2021-12-23 22:10 - 2021-12-23 22:10 - 000000000 ____D C:\blight_1059357956 2021-12-23 21:31 - 2021-12-23 21:31 - 000004727 _____ C:\Users\gruca\Documents\PATH.odt 2021-12-23 21:28 - 2021-12-23 21:28 - 000000000 ____D C:\Users\gruca\Downloads\godofwar 2021-12-23 21:27 - 2021-12-23 21:27 - 000014155 _____ C:\Users\gruca\Downloads\godofwar.zip 2021-12-23 14:18 - 2021-12-23 14:18 - 009833103 _____ C:\Users\gruca\Downloads\PoeBot_3162_22 (2).zip 2021-12-23 14:18 - 2021-12-23 14:18 - 000000000 ____D C:\Users\gruca\Downloads\PoeBot_3162_22 (2) 2021-12-22 11:58 - 2021-12-22 11:58 - 000065785 _____ C:\Users\gruca\Downloads\Wydruk (1).pdf 2021-12-22 11:44 - 2021-12-22 11:44 - 000000000 ____D C:\ProgramData\Comarch ERP Optima 2021-12-22 11:40 - 2021-12-22 11:40 - 000001167 _____ C:\Users\Public\Desktop\Comarch ERP Optima SaaS.lnk 2021-12-22 11:40 - 2021-12-22 11:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comarch ERP Optima SaaS 2021-12-22 11:40 - 2021-12-22 11:40 - 000000000 ____D C:\Program Files\Comarch ERP Optima SaaS 2021-12-22 11:39 - 2021-12-22 11:40 - 000000000 __HDC C:\ProgramData\{8E1DA6C6-EEE0-4AFE-A844-21699951C47D} 2021-12-22 11:39 - 2021-12-22 11:39 - 024214784 _____ (Comarch SA ) C:\Users\gruca\Downloads\Comarch ERP Optima SaaS.exe 2021-12-22 11:39 - 2021-12-22 11:39 - 000000000 ____D C:\Users\gruca\AppData\Roaming\Comarch ERP Optima SaaS 2021-12-22 11:39 - 2021-12-22 11:39 - 000000000 ____D C:\Users\gruca\AppData\Local\III 2021-12-22 09:41 - 2021-12-22 09:41 - 002086344 _____ C:\Users\gruca\Downloads\SKMBT_C22021122013410.pdf 2021-12-21 21:27 - 2021-12-21 21:27 - 000000000 ____D C:\item_rules 2021-12-21 12:10 - 2021-12-21 12:10 - 008020256 _____ C:\Users\gruca\Downloads\KatalogGatigo.pdf 2021-12-21 12:08 - 2021-12-21 12:08 - 019854292 _____ C:\Users\gruca\Downloads\KatalogPlastMet.pdf 2021-12-21 12:08 - 2021-12-21 12:08 - 014036819 _____ C:\Users\gruca\Downloads\KatalogKonsport.pdf 2021-12-21 11:02 - 2021-12-21 11:02 - 000105713 _____ C:\Users\gruca\Downloads\faktura-10-10-2021.pdf 2021-12-21 11:02 - 2021-12-21 11:02 - 000093486 _____ C:\Users\gruca\Downloads\faktura-11-10-2021.pdf 2021-12-20 23:20 - 2021-12-20 23:20 - 009833103 _____ C:\Users\gruca\Downloads\PoeBot_3162_22 (1).zip 2021-12-20 23:20 - 2021-12-20 23:20 - 000000000 ____D C:\Users\gruca\Downloads\PoeBot_3162_22 (1) 2021-12-20 21:11 - 2021-12-20 21:11 - 005928398 _____ C:\Users\gruca\Downloads\PoeBot_patch (58).zip 2021-12-20 20:45 - 2021-12-20 20:45 - 009833103 _____ C:\Users\gruca\Downloads\PoeBot_3162_22.zip 2021-12-20 20:15 - 2021-12-20 20:15 - 005928398 _____ C:\Users\gruca\Downloads\PoeBot_patch (57).zip 2021-12-20 19:13 - 2021-12-02 22:22 - 000001616 _____ C:\Janko.license 2021-12-20 14:01 - 2021-12-20 14:01 - 000000690 __RSH C:\ProgramData\ntuser.pol 2021-12-20 12:27 - 2021-12-20 12:27 - 000276513 _____ C:\Users\gruca\Downloads\Informacja_z_otwarcia_ofert.pdf 2021-12-20 12:27 - 2021-12-20 12:27 - 000146342 _____ C:\Users\gruca\Downloads\Regionalny-Zarzad-Gospodarki-Wodnej-w-Krakowie.pdf 2021-12-20 12:26 - 2021-12-20 12:27 - 000249308 _____ C:\Users\gruca\Downloads\Zawiadomienie_o_uniewaznieniu_postepowania_w_zakresie_Czesci_1_i_Czesci_2 (1).pdf 2021-12-20 12:26 - 2021-12-20 12:26 - 000249308 _____ C:\Users\gruca\Downloads\Zawiadomienie_o_uniewaznieniu_postepowania_w_zakresie_Czesci_1_i_Czesci_2.pdf 2021-12-20 12:03 - 2021-12-20 12:03 - 007751759 _____ C:\Users\gruca\Downloads\Siatpol Cennik polski (6).pdf 2021-12-20 12:02 - 2021-12-20 12:02 - 007738243 _____ C:\Users\gruca\Downloads\Siatpol Cennik polski (5).pdf 2021-12-20 12:00 - 2021-12-20 12:00 - 007751002 _____ C:\Users\gruca\Downloads\Siatpol Cennik polski (4).pdf 2021-12-20 11:45 - 2021-12-20 11:45 - 005983275 _____ C:\Users\gruca\Downloads\Siatpol Cennik polski (3).pdf 2021-12-20 11:43 - 2021-12-20 11:43 - 006716430 _____ C:\Users\gruca\Downloads\Siatpol Cennik polski (2).pdf 2021-12-20 11:40 - 2021-12-20 11:40 - 006692555 _____ C:\Users\gruca\Downloads\Siatpol Cennik polski (1).pdf 2021-12-20 10:09 - 2021-12-20 10:09 - 001982614 _____ C:\Users\gruca\Downloads\Siatpol Cennik polski.pdf 2021-12-20 09:05 - 2021-12-20 09:05 - 000726552 _____ (Spotify Ltd) C:\Users\gruca\Downloads\SpotifySetup.exe 2021-12-20 07:25 - 2021-12-20 07:25 - 000000000 ____D C:\Users\gruca\Downloads\PoeBot_patch (56) 2021-12-20 07:24 - 2021-12-20 07:24 - 005925370 _____ C:\Users\gruca\Downloads\PoeBot_patch (56).zip 2021-12-19 06:42 - 2021-12-19 06:42 - 000000000 ____D C:\Users\gruca\Downloads\PoeBot_patch (55) 2021-12-19 06:41 - 2021-12-19 06:41 - 005917304 _____ C:\Users\gruca\Downloads\PoeBot_patch (55).zip 2021-12-18 21:21 - 2021-12-18 21:21 - 001446128 _____ C:\Users\gruca\Downloads\jakis_error_podczas_lootu.mkv 2021-12-18 12:44 - 2021-12-18 12:44 - 000000098 _____ C:\Users\gruca\Downloads\Gemy_20plus_chaosow.csv 2021-12-18 12:41 - 2021-12-18 12:56 - 000003140 _____ C:\Users\gruca\Documents\Gemy 20plus chaosow.csv 2021-12-18 12:23 - 2021-12-18 12:40 - 000000098 _____ C:\Users\gruca\Documents\20_20 gems 20 plus chaos.txt 2021-12-17 23:26 - 2021-12-17 23:26 - 011062272 _____ (Anonymous) C:\Users\gruca\Downloads\PoeBot (11).exe 2021-12-17 22:55 - 2021-12-17 22:55 - 000275171 _____ C:\Users\gruca\Downloads\pepe1.filter 2021-12-17 22:45 - 2021-12-17 22:45 - 000333493 _____ C:\Users\gruca\Downloads\pepe (1).filter 2021-12-17 22:24 - 2021-12-17 22:24 - 005918536 _____ C:\Users\gruca\Downloads\PoeBot_patch (54).zip 2021-12-17 22:24 - 2021-12-17 22:24 - 000000000 ____D C:\Users\gruca\Downloads\PoeBot_patch (54) 2021-12-17 22:15 - 2021-12-17 22:15 - 006164078 _____ C:\Users\gruca\Downloads\POE maper 3.16.2 v1 (3).rar 2021-12-17 21:14 - 2021-12-17 21:14 - 000000000 ____D C:\Users\gruca\Downloads\blight_2905103154 2021-12-17 21:12 - 2021-12-17 21:12 - 000131476 _____ C:\Users\gruca\Downloads\Flipping 17_12.fsettings 2021-12-17 21:12 - 2021-12-17 21:12 - 000003430 _____ C:\Users\gruca\Downloads\BulkBuying 17_12.bbsettings 2021-12-17 14:21 - 2021-12-17 14:21 - 005930859 _____ C:\Users\gruca\Downloads\PoeBot_patch (53).zip 2021-12-17 14:21 - 2021-12-17 14:21 - 000000000 ____D C:\Users\gruca\Downloads\PoeBot_patch (53) 2021-12-17 13:26 - 2021-12-17 13:26 - 006147156 _____ C:\Users\gruca\Downloads\SIATPOL Pricelit.pdf 2021-12-17 13:21 - 2021-12-17 13:21 - 006146422 _____ C:\Users\gruca\Downloads\Siatpol Cennik Angielski (3).pdf 2021-12-17 12:33 - 2021-12-17 12:33 - 000554148 _____ C:\Users\gruca\Downloads\Siatpol Cennik Angielski (2).pdf 2021-12-17 12:15 - 2021-12-17 12:15 - 000971688 _____ C:\Users\gruca\Downloads\Siatpol Cennik Angielski (1).pdf 2021-12-17 08:51 - 2021-12-17 08:51 - 000000000 ____D C:\Users\gruca\Downloads\Siatpol Cennik Angielski 2021-12-17 08:50 - 2021-12-17 08:50 - 010402450 _____ C:\Users\gruca\Downloads\Siatpol Cennik Angielski.zip 2021-12-17 08:48 - 2021-12-17 08:48 - 006194429 _____ C:\Users\gruca\Downloads\Siatpol Cennik Angielski.pdf 2021-12-17 07:21 - 2021-12-17 07:21 - 000275171 _____ C:\Users\gruca\Downloads\pepe.filter 2021-12-17 06:58 - 2021-12-17 06:58 - 000000000 ____D C:\Users\gruca\Downloads\PoeBot_patch (52) 2021-12-17 06:57 - 2021-12-17 06:57 - 005924804 _____ C:\Users\gruca\Downloads\PoeBot_patch (52).zip 2021-12-16 20:10 - 2021-12-16 20:10 - 002865898 _____ C:\Users\gruca\Desktop\USR_Ogrodzenie_widoki-Model.pdf 2021-12-16 20:10 - 2021-12-16 20:10 - 002664981 _____ C:\Users\gruca\Desktop\Nr 6_ogrodzenie.pdf 2021-12-16 18:51 - 2021-12-16 18:51 - 005912575 _____ C:\Users\gruca\Downloads\PoeBot_patch (51).zip 2021-12-16 18:51 - 2021-12-16 18:51 - 000000000 ____D C:\Users\gruca\Downloads\PoeBot_patch (51) 2021-12-16 18:39 - 2021-12-16 11:28 - 000148549 _____ C:\Users\gruca\Documents\1017520464_umowy.pdf 2021-12-16 16:30 - 2021-12-16 16:30 - 000001616 _____ C:\Users\gruca\Documents\Kubaczka.pb.license 2021-12-16 09:47 - 2021-12-16 09:47 - 000024127 _____ C:\Users\gruca\Downloads\contacts (1).vcf 2021-12-16 09:26 - 2021-12-16 09:26 - 000000127 _____ C:\Users\gruca\Downloads\contacts.vcf 2021-12-16 09:13 - 2021-12-16 09:13 - 000000445 _____ C:\Users\gruca\Downloads\contacts.csv 2021-12-16 08:27 - 2021-12-16 08:27 - 002940659 _____ C:\Users\gruca\Downloads\publication.pdf 2021-12-16 08:17 - 2021-12-16 08:17 - 000293288 _____ C:\Users\gruca\Downloads\Product Price List Template - TemplateLab.com.xlsx 2021-12-16 07:10 - 2021-12-16 07:10 - 000002501 _____ C:\Users\gruca\Desktop\Outlook.lnk 2021-12-16 07:10 - 2021-12-16 07:10 - 000001252 _____ C:\Users\gruca\Desktop\Hyper-V Manager.lnk 2021-12-16 00:52 - 2021-12-16 00:52 - 000000000 ____D C:\WINDOWS\SystemTemp 2021-12-16 00:24 - 2021-12-16 00:24 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-12-16 00:24 - 2021-12-16 00:24 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-12-16 00:24 - 2021-12-16 00:24 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-12-16 00:24 - 2021-12-16 00:24 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-12-16 00:12 - 2021-12-16 00:12 - 000000000 ___HD C:\$WinREAgent 2021-12-15 21:41 - 2021-12-15 21:41 - 000007675 _____ C:\Users\gruca\Downloads\tests.xml 2021-12-15 21:39 - 2021-12-15 21:39 - 005895278 _____ C:\Users\gruca\Downloads\PoeBot_patch (50).zip 2021-12-15 15:44 - 2021-12-15 15:44 - 000026577 _____ C:\Users\gruca\Downloads\[EX-TORRENTY.ORG] Venom_ Let There Be Carnage 2021 [1080p.BluRay.x264-BRY] [Dubbing PL].torrent 2021-12-15 14:32 - 2021-12-15 14:32 - 051825215 _____ C:\Users\gruca\Documents\Agent - bahcior.7z 2021-12-15 14:29 - 2021-12-15 14:29 - 069958898 _____ C:\Users\gruca\Documents\poehelper vadash.7z 2021-12-15 08:00 - 2021-12-15 08:00 - 000001616 _____ C:\Users\gruca\Documents\Ksjaomi.pb.license 2021-12-14 17:24 - 2021-12-14 17:24 - 072817664 _____ () C:\Users\gruca\Downloads\ea1820.exe 2021-12-14 14:07 - 2021-12-14 14:07 - 005930859 _____ C:\Users\gruca\Downloads\PoeBot_patch (49).zip 2021-12-14 14:06 - 2021-12-14 14:06 - 009763804 _____ C:\Users\gruca\Downloads\PoeBot_3162_21 (1).zip 2021-12-14 13:23 - 2021-12-14 13:23 - 000000341 _____ C:\Users\gruca\Downloads\td_release-9.7.zip 2021-12-14 13:14 - 2021-12-14 13:14 - 002491592 _____ C:\Users\gruca\Downloads\TowerDefense_9.7.7998.21163.zip 2021-12-13 09:12 - 2021-12-13 09:12 - 000000000 ____D C:\Users\gruca\Downloads\DiviBooster-RozpakujMnie! 2021-12-13 08:51 - 2021-12-13 08:57 - 444643834 _____ C:\Users\gruca\Downloads\DiviBooster-RozpakujMnie!.zip 2021-12-13 08:48 - 2021-12-13 08:48 - 000066043 _____ C:\Users\gruca\Downloads\Wydruk.pdf 2021-12-13 08:02 - 2021-12-13 08:02 - 000004265 _____ C:\Users\gruca\Downloads\Free_Sample_By_Wix.jfif 2021-12-13 07:22 - 2021-12-13 07:22 - 000000000 ____D C:\Users\gruca\Downloads\wordpress-5.8.2-pl_PL 2021-12-13 07:21 - 2021-12-13 07:21 - 017302852 _____ C:\Users\gruca\Downloads\wordpress-5.8.2-pl_PL.zip 2021-12-13 07:18 - 2021-12-13 07:18 - 011797848 _____ (Tim Kosse) C:\Users\gruca\Downloads\FileZilla_3.57.0_win64-setup.exe ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-01-12 07:36 - 2020-11-23 13:55 - 000000000 ____D C:\Users\gruca\AppData\Roaming\discord 2022-01-12 07:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-01-12 07:28 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-01-12 07:21 - 2021-05-04 08:33 - 000000000 ____D C:\Users\gruca\AppData\Roaming\Telegram Desktop 2022-01-12 07:21 - 2020-12-30 10:48 - 000000000 ____D C:\Users\gruca\AppData\Local\Discord 2022-01-12 07:17 - 2021-04-23 21:31 - 001899616 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-01-12 07:17 - 2019-12-07 16:08 - 000830022 _____ C:\WINDOWS\system32\perfh015.dat 2022-01-12 07:17 - 2019-12-07 16:08 - 000174092 _____ C:\WINDOWS\system32\perfc015.dat 2022-01-12 07:17 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2022-01-12 07:16 - 2020-12-23 09:38 - 000000000 ____D C:\ProgramData\NVIDIA 2022-01-12 07:16 - 2020-11-12 14:48 - 000000000 ____D C:\ProgramData\Mozilla 2022-01-12 07:15 - 2021-07-23 10:12 - 000000000 ____D C:\Program Files (x86)\Steam 2022-01-12 07:15 - 2021-07-12 11:16 - 000000000 ____D C:\ProgramData\UMS 2022-01-12 07:15 - 2021-03-21 10:02 - 000000000 ____D C:\Program Files\CCleaner 2022-01-12 07:15 - 2021-02-06 19:23 - 000000000 ____D C:\Program Files (x86)\Google 2022-01-12 07:15 - 2020-11-28 19:57 - 000001004 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2022-01-12 07:15 - 2020-11-15 22:19 - 000000000 ____D C:\Users\gruca\AppData\Roaming\Thunderbird 2022-01-12 07:15 - 2020-11-12 14:49 - 000000000 ____D C:\Users\gruca\AppData\Roaming\Mozilla 2022-01-12 07:14 - 2021-05-05 06:20 - 000000000 ____D C:\Users\gruca\AppData\Local\RealVNC 2022-01-12 07:14 - 2021-04-23 21:30 - 000003126 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher 2022-01-12 07:14 - 2021-04-23 21:30 - 000003112 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate 2022-01-12 07:14 - 2021-04-23 21:24 - 000000000 ____D C:\Users\gruca 2022-01-12 07:13 - 2021-07-12 15:32 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK 2022-01-12 07:13 - 2021-05-05 06:51 - 000000000 ____D C:\ProgramData\RealVNC-Service 2022-01-12 07:13 - 2021-04-23 21:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-01-12 07:13 - 2021-04-23 21:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-01-12 07:13 - 2021-04-23 21:20 - 000008192 ___SH C:\DumpStack.log.tmp 2022-01-12 07:13 - 2020-12-30 21:59 - 000000000 ____D C:\ProgramData\VMware 2022-01-12 07:13 - 2020-12-10 09:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2022-01-12 07:13 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2022-01-12 07:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2022-01-12 07:11 - 2021-07-26 06:36 - 000000000 ____D C:\Users\gruca\AppData\Roaming\dllservices 2022-01-11 23:39 - 2021-05-04 12:44 - 000003142 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner 2022-01-11 23:39 - 2020-11-13 07:51 - 000000000 ____D C:\Users\gruca\AppData\Local\Everything 2022-01-11 23:39 - 2020-11-12 14:49 - 000000000 ____D C:\Users\gruca\AppData\Roaming\Everything 2022-01-11 23:39 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2022-01-11 23:34 - 2021-04-01 05:59 - 000007593 _____ C:\Users\gruca\AppData\Local\Resmon.ResmonCfg 2022-01-11 14:10 - 2021-12-12 17:58 - 000000000 ____D C:\Program Files\HWiNFO64 2022-01-11 13:40 - 2021-02-12 22:11 - 000000000 ____D C:\Users\gruca\AppData\Roaming\obs-studio 2022-01-11 07:26 - 2019-12-07 16:10 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2022-01-11 06:23 - 2021-03-25 15:11 - 000000000 ____D C:\Users\gruca\AppData\Roaming\Maxon 2022-01-09 10:39 - 2021-01-28 21:28 - 000000000 ____D C:\Users\gruca\Desktop\GOSIA 2022-01-09 07:38 - 2020-11-12 14:49 - 000000000 ____D C:\Users\gruca\AppData\Local\D3DSCache 2022-01-09 07:35 - 2020-11-29 10:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2022-01-08 18:57 - 2021-02-06 19:26 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-01-08 06:27 - 2020-11-16 07:16 - 000002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-01-08 06:27 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-01-07 09:57 - 2020-11-12 14:34 - 000000000 ____D C:\Users\gruca\AppData\Local\Packages 2022-01-06 23:21 - 2020-11-12 14:52 - 000000000 ____D C:\Users\gruca\AppData\Roaming\BitComet 2022-01-04 08:25 - 2021-04-23 21:30 - 000004248 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1605188338 2022-01-04 08:25 - 2020-11-12 14:39 - 000001446 _____ C:\Users\gruca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Przeglądarka Opera.lnk 2022-01-03 07:12 - 2020-12-23 09:31 - 000000000 ____D C:\Users\gruca\AppData\Local\CrashDumps 2022-01-03 07:11 - 2020-11-22 09:56 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2022-01-03 07:11 - 2020-11-22 09:55 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner 2022-01-02 16:18 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-12-31 11:13 - 2021-04-23 21:30 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-12-24 16:21 - 2021-08-23 18:00 - 000000000 ____D C:\Program Files\Common Files\AV 2021-12-24 06:41 - 2021-08-23 16:45 - 000000000 ____D C:\ProgramData\Norton 2021-12-24 06:30 - 2020-11-12 14:50 - 000000000 ____D C:\ProgramData\Packages 2021-12-24 06:26 - 2021-08-23 16:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64 2021-12-23 23:56 - 2021-01-17 09:46 - 000000000 ____D C:\Users\gruca\AppData\Roaming\FileZilla 2021-12-23 22:28 - 2020-11-21 08:53 - 000000000 ____D C:\Users\gruca\Documents\pNE 2021-12-23 22:23 - 2020-12-15 19:17 - 000000000 ____D C:\Users\gruca\AppData\Local\gtk-2.0 2021-12-23 01:28 - 2020-12-30 21:59 - 001917884 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2021-12-19 23:14 - 2021-03-29 12:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-12-17 11:29 - 2021-12-06 09:13 - 000000203 _____ C:\Users\gruca\Downloads\WTS.txt 2021-12-17 06:10 - 2021-04-30 12:05 - 000002387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk 2021-12-17 06:10 - 2021-04-30 12:05 - 000002352 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk 2021-12-17 06:10 - 2021-04-30 12:03 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser 2021-12-16 16:28 - 2021-11-29 21:02 - 000004811 _____ C:\Users\gruca\Downloads\leveling-TRandCA (2).json 2021-12-16 00:54 - 2021-04-23 21:21 - 000592320 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-12-16 00:52 - 2021-07-12 16:07 - 000000000 ____D C:\Program Files\Hyper-V 2021-12-16 00:52 - 2021-07-12 16:03 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-12-16 00:52 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-12-16 00:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-12-16 00:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-12-16 00:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-12-16 00:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-12-16 00:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-12-16 00:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-12-16 00:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-12-16 00:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-12-16 00:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-12-16 00:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-12-16 00:24 - 2020-11-12 14:15 - 000414852 __RSH C:\bootmgr 2021-12-16 00:12 - 2020-11-13 00:16 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-12-16 00:06 - 2020-11-13 00:16 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-12-15 17:38 - 2020-12-30 22:18 - 000000000 ____D C:\Users\gruca\AppData\Local\VMware 2021-12-15 17:38 - 2020-12-30 22:10 - 000000000 ____D C:\Users\gruca\AppData\Roaming\VMware 2021-12-15 14:19 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing 2021-12-14 18:51 - 2021-10-27 20:01 - 000000000 ____D C:\Users\gruca\Downloads\Agent_-_newest (1) 2021-12-13 07:18 - 2021-01-17 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2021-12-13 07:18 - 2021-01-17 09:46 - 000000000 ____D C:\Program Files\FileZilla FTP Client ==================== Files in the root of some directories ======== 2021-10-15 15:58 - 2021-10-27 10:30 - 000000064 _____ () C:\Users\gruca\AppData\Roaming\.backup_validation 2021-11-23 12:53 - 2021-11-23 12:53 - 000000127 ___SH () C:\Users\gruca\AppData\Local\00000502 2021-12-23 22:23 - 2021-12-23 22:23 - 000002813 _____ () C:\Users\gruca\AppData\Local\recently-used.xbel 2021-04-01 05:59 - 2022-01-11 23:34 - 000007593 _____ () C:\Users\gruca\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================