Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-12-2021 Ran by pawelg (administrator) on PAWELG-PC (ASUSTeK Computer Inc. K53SM) (05-01-2022 21:31:17) Running from C:\Users\pawelg\Desktop\0 USUS\us Loaded Profiles: pawelg Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications Inc. -> Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\25.0.1.194\DiscoverySrv.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <3> (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Programy\MSI Afterburner\MSIAfterburner.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (OORT inc. -> oh!soft) C:\Program Files (x86)\oCam\oCamTask.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe" (No File) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [981664 2011-09-30] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-09-30] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-763209912-3907225475-2704796620-1000\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33618400 2021-12-15] (Epic Games Inc. -> Epic Games, Inc.) HKU\S-1-5-21-763209912-3907225475-2704796620-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35373696 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\...\Windows x64\Print Processors\hpcpp180: C:\Windows\System32\spool\prtprocs\x64\hpcpp180.dll [647408 2015-08-18] (Hewlett-Packard Company -> Hewlett-Packard Corporation) HKLM\...\Windows x64\Print Processors\Perfect PDF 10 Premium Print Processor: C:\Windows\System32\spool\prtprocs\x64\sx_p10_p.dll [264136 2021-09-19] (soft Xpansion GmbH & Co.KG -> soft Xpansion) HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\Windows\system32\HPMPW081.DLL [126704 2015-08-18] (Hewlett-Packard Company -> Hewlett-Packard) HKLM\...\Print\Monitors\HPMLM180: C:\Windows\system32\hpmlm180.dll [309488 2015-08-18] (Hewlett-Packard Company -> Hewlett-Packard Company) HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\91.1.25.72\Installer\chrmstp.exe [2021-06-13] (Brave Software, Inc. -> Brave Software, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2011-09-30] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2011-09-30] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [182784 2018-03-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [159704 2018-03-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06D72539-24D2-4309-9DEE-441C558F9ED1} - System32\Tasks\{5B4ACF17-32E6-46EF-9299-4EA6587BCB05} => C:\Windows\system32\pcalua.exe -a C:\Users\pawelg\Downloads\miflash_unlock-en-3.5.724.32\MiUsbDriver.exe -d C:\Users\pawelg\Downloads\miflash_unlock-en-3.5.724.32 Task: {1FCFF820-8EA4-4C70-ACDE-D40F2E1B1DDE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.) Task: {25039C70-ED27-4DE7-BE4D-7A131EC7053C} - System32\Tasks\oCamTask => C:\Program Files (x86)\oCam\oCamTask.exe [148816 2019-09-06] (OORT inc. -> oh!soft) Task: {2AF0032D-8DD2-4B28-A690-5B11724DDC4D} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-12] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {44D8EB7C-89F9-4518-B4A9-6CA17FFA634A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [757184 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) Task: {52DAF0DD-363B-4FDD-85E5-28D15022E255} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-12-07] (Piriform Software Ltd -> Piriform) Task: {5447144C-7B8F-45AE-9FBE-816DBB43F2F3} - System32\Tasks\{817B0BB0-865A-4C58-9621-76AFE3165A6E} => C:\Windows\system32\pcalua.exe -a C:\Users\pawelg\Downloads\win64_15.36.34.4889.exe -d C:\Users\pawelg\Downloads Task: {54C2C5B7-C092-4FD7-8886-8AB56D79D071} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-12] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {60A85320-EF36-43BF-A38E-9AEE303BF8C7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {A9B7D21C-6C69-4A54-99D3-0C1B2AB2C942} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [510912 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) Task: {AB388A20-363C-4619-9784-001E6E702DE4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) Task: {CA2C598E-130D-4828-BD59-EA900083B300} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E981C0D1-259B-49AC-9F90-27124496710E} - System32\Tasks\CCleanerSkipUAC - pawelg => C:\Program Files\CCleaner\CCleaner.exe [29442688 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd) Task: {ED7BDD81-8CEA-4113-A162-3CE2E2A9155B} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {F8F875BE-86E3-4E8D-9C00-B8D57F011AD7} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\25.0.1.194\WatchDog.exe [937064 2021-08-10] (Bitdefender SRL -> Bitdefender) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{614AD41A-9CDF-41D9-B9E7-DEE1027D5C51}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{F59C3B3E-A31A-4C65-8F91-2DB3E76E495C}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF DefaultProfile: j0lbfzi5.default FF ProfilePath: C:\Users\pawelg\AppData\Roaming\Mozilla\Firefox\Profiles\94ecnymz.pawel3 [2021-12-12] FF Extension: (Easy Screenshot) - C:\Users\pawelg\AppData\Roaming\Mozilla\Firefox\Profiles\94ecnymz.pawel3\Extensions\easyscreenshot@mozillaonline.com.xpi [2020-03-26] FF Extension: (Ghostery – Bloker reklam chroniący prywatność) - C:\Users\pawelg\AppData\Roaming\Mozilla\Firefox\Profiles\94ecnymz.pawel3\Extensions\firefox@ghostery.com.xpi [2020-12-08] FF Extension: (uBlock Origin) - C:\Users\pawelg\AppData\Roaming\Mozilla\Firefox\Profiles\94ecnymz.pawel3\Extensions\uBlock0@raymondhill.net.xpi [2020-12-08] FF ProfilePath: C:\Users\pawelg\AppData\Roaming\Mozilla\Firefox\Profiles\dl401j53.pawel2 [2022-01-01] FF Extension: (Easy Screenshot) - C:\Users\pawelg\AppData\Roaming\Mozilla\Firefox\Profiles\dl401j53.pawel2\Extensions\easyscreenshot@mozillaonline.com.xpi [2021-10-24] FF Extension: (Ghostery – Bloker reklam chroniący prywatność) - C:\Users\pawelg\AppData\Roaming\Mozilla\Firefox\Profiles\dl401j53.pawel2\Extensions\firefox@ghostery.com.xpi [2021-10-24] FF Extension: (uBlock Origin) - C:\Users\pawelg\AppData\Roaming\Mozilla\Firefox\Profiles\dl401j53.pawel2\Extensions\uBlock0@raymondhill.net.xpi [2021-12-28] FF ProfilePath: C:\Users\pawelg\AppData\Roaming\Mozilla\Firefox\Profiles\j0lbfzi5.default [2022-01-05] FF Homepage: Mozilla\Firefox\Profiles\j0lbfzi5.default -> hxxps://www.google.pl/ FF Extension: (Easy Screenshot) - C:\Users\pawelg\AppData\Roaming\Mozilla\Firefox\Profiles\j0lbfzi5.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2021-07-30] FF Extension: (Ghostery – Bloker reklam chroniący prywatność) - C:\Users\pawelg\AppData\Roaming\Mozilla\Firefox\Profiles\j0lbfzi5.default\Extensions\firefox@ghostery.com.xpi [2021-06-29] FF Extension: (uBlock Origin) - C:\Users\pawelg\AppData\Roaming\Mozilla\Firefox\Profiles\j0lbfzi5.default\Extensions\uBlock0@raymondhill.net.xpi [2021-12-28] FF ProfilePath: C:\Users\pawelg\AppData\Roaming\Mozilla\Firefox\Profiles\plo7uj7i.default-release [2021-12-12] FF Plugin: @java.com/DTPlugin,version=11.192.2 -> C:\Program Files\Java\jre1.8.0_192\bin\dtplugin\npDeployJava1.dll [2019-08-31] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.192.2 -> C:\Program Files\Java\jre1.8.0_192\bin\plugin2\npjp2.dll [2019-08-31] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2018-06-06] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-12-12] (Brave Software, Inc. -> BraveSoftware Inc.) FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-12-12] (Brave Software, Inc. -> BraveSoftware Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-07-19] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2019-07-19] <==== ATTENTION Brave: ======= BRA Profile: C:\Users\pawelg\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-01-02] BRA Notifications: Default -> hxxps://www.komputerswiat.pl BRA DefaultSearchURL: Default -> hxxps://www.startpage.com/do/search?q={searchTerms}&segment=startpage.brave BRA DefaultSearchKeyword: Default -> startpage.com BRA DefaultSuggestURL: Default -> hxxps://www.startpage.com/cgi-bin/csuggest?query={searchTerms}&limit=10&format=json BRA Extension: (Brave Local Data Files Updater) - C:\Users\pawelg\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-10-06] BRA Extension: (Brave User Model Installer) - C:\Users\pawelg\AppData\Local\BraveSoftware\Brave-Browser\User Data\aijecnhpjljblhnogamehknbmljlbfgn [2021-02-16] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\pawelg\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-01-02] BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\pawelg\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-07-16] BRA Extension: (Brave Ads Resources) - C:\Users\pawelg\AppData\Local\BraveSoftware\Brave-Browser\User Data\fojhemdeemkcacelmecilmibcjallejo [2022-01-02] BRA Extension: (Brave NTP sponsored images) - C:\Users\pawelg\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodhafecfemgejckecbnmpobnhmoaoag [2022-01-02] BRA Extension: (Brave SpeedReader Updater) - C:\Users\pawelg\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-10-06] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\pawelg\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-01-02] StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-09-30] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2461792 2021-04-06] (Bitdefender SRL -> Bitdefender) R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [1899112 2018-03-22] (Bitdefender SRL -> Bitdefender) R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2019-05-14] (Apple Inc. -> Apple Inc.) S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-12] (Brave Software, Inc. -> BraveSoftware Inc.) S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-12] (Brave Software, Inc. -> BraveSoftware Inc.) S3 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2016-04-18] (Microsoft Corporation -> Microsoft Corporation) S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed] R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [785512 2021-08-10] (Bitdefender SRL -> Bitdefender) S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234824 2021-09-19] (soft Xpansion GmbH & Co.KG -> soft Xpansion) R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [236128 2021-07-15] (Bitdefender SRL -> Bitdefender) R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [585824 2021-12-21] (Bitdefender SRL -> Bitdefender) R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [240352 2021-07-15] (Bitdefender SRL -> Bitdefender) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-04-18] (Microsoft Windows -> Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-09-30] (Atheros Communications Inc. -> Atheros) [File not signed] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Co., Ltd. -> AnvSoft Inc.) R1 atc; C:\Windows\System32\DRIVERS\atc.sys [3947928 2021-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA) R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1394688 2009-06-20] (Microsoft Windows -> Atheros Communications, Inc.) R2 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [800672 2021-09-10] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender) S3 bduefiscan; C:\Windows\System32\DRIVERS\bduefiscan.sys [55864 2021-07-17] (Bitdefender SRL -> Bitdefender) S3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [309120 2020-02-27] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA) R1 Gemma; C:\Windows\System32\DRIVERS\Gemma.sys [1190288 2021-12-21] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender S.R.L. Bucharest, ROMANIA) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-01-30] (Martin Malik - REALiX -> REALiX(tm)) S3 nlwt; C:\Windows\System32\DRIVERS\nlwt.sys [29888 2020-11-29] (TEFINCOM S.A. -> WireGuard LLC) R3 RTCore64; C:\Programy\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) S3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project) R2 trufos; C:\Windows\System32\drivers\trufos.sys [623008 2021-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender) R0 vlflt; C:\Windows\System32\DRIVERS\vlflt.sys [485792 2021-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-01-05 21:29 - 2022-01-05 21:30 - 000025814 _____ C:\Users\pawelg\Desktop\FRST.txt 2022-01-05 21:28 - 2022-01-05 21:31 - 000000000 ____D C:\FRST 2022-01-05 20:26 - 2022-01-05 20:35 - 000000000 ____D C:\Users\pawelg\Documents\Rise of the Tomb Raider 2022-01-05 20:26 - 2022-01-05 20:26 - 000000372 _____ C:\Users\pawelg\Desktop\Rise of the Tomb Raider 20 Year Celebration.url 2022-01-05 20:26 - 2022-01-05 20:26 - 000000000 ____D C:\Users\pawelg\AppData\Roaming\Crystal Dynamics 2022-01-05 17:31 - 2022-01-05 17:31 - 000000000 ____D C:\Users\pawelg\AppData\LocalLow\Team17 Digital Limited 2022-01-05 17:28 - 2022-01-05 17:28 - 000000379 _____ C:\Users\pawelg\Desktop\Moving Out.url 2021-12-29 18:59 - 2021-12-29 19:01 - 000000000 ____D C:\Users\pawelg\Desktop\DISC - materiały 2021-12-25 19:03 - 2021-12-25 19:03 - 008126614 _____ C:\Users\pawelg\Desktop\DoktrynaJakości_wydanie_II.pdf 2021-12-25 17:15 - 2021-12-25 17:16 - 000000000 ____D C:\Users\pawelg\Desktop\rr 2021-12-12 19:44 - 2021-12-12 19:46 - 000000283 _____ C:\Users\pawelg\Desktop\Notatki z 3 rozdz Doktryna jakości A. Blikle.txt 2021-12-12 19:43 - 2021-12-12 19:43 - 000000164 _____ C:\Users\pawelg\Desktop\US_opis rand.txt 2021-12-12 19:24 - 2021-12-12 19:24 - 000000455 _____ C:\Users\pawelg\Desktop\Notatki z 3. rozdziału ksiązki Doktyrna jakości - Andrzej Blikle.txt 2021-12-10 13:38 - 2021-12-10 13:38 - 000001638 _____ C:\Users\pawelg\Desktop\Polecane ukulele_2021-12.txt 2021-12-06 22:09 - 2021-12-06 22:09 - 000043970 _____ C:\Users\pawelg\Desktop\label-2021-12-06T21 09 49.357Z.pdf ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-01-05 21:31 - 2021-07-31 13:24 - 000000000 ____D C:\Users\pawelg\Desktop\0 USUS 2022-01-05 21:31 - 2018-08-30 19:28 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free 2022-01-05 21:28 - 2018-08-21 20:51 - 000000000 ____D C:\Users\pawelg\AppData\LocalLow\Mozilla 2022-01-05 19:59 - 2020-12-26 11:41 - 000000000 ____D C:\Program Files\CCleaner 2022-01-02 22:03 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2022-01-02 22:03 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2022-01-01 23:21 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI 2022-01-01 23:21 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2022-01-01 23:17 - 2018-08-30 19:28 - 000003692 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2022-01-01 23:15 - 2018-08-26 11:12 - 000000000 ____D C:\ProgramData\NVIDIA 2022-01-01 23:15 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2022-01-01 13:59 - 2019-02-05 19:11 - 000000000 ____D C:\ProgramData\Mozilla 2021-12-28 21:38 - 2021-07-07 10:03 - 000002502 _____ C:\Users\pawelg\Desktop\MPS - ustalenia.txt 2021-12-28 20:27 - 2021-11-23 19:26 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-12-28 20:27 - 2018-08-21 20:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-12-28 20:26 - 2020-12-11 18:26 - 000000000 ____D C:\Users\pawelg\AppData\Roaming\vlc 2021-12-26 22:34 - 2021-11-25 16:50 - 000018458 _____ C:\Users\pawelg\Desktop\Mentoring LKB_2021-11.odt 2021-12-21 21:47 - 2021-10-19 20:28 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2021-12-21 19:51 - 2021-10-06 16:11 - 001190288 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\gemma.sys 2021-12-21 19:51 - 2018-08-30 19:30 - 003947928 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys 2021-12-14 19:59 - 2020-12-26 11:41 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update 2021-12-10 13:47 - 2018-11-29 17:51 - 000000000 ____D C:\Users\pawelg\AppData\Local\CrashDumps ==================== Files in the root of some directories ======== 2020-12-24 20:38 - 2020-12-24 20:39 - 000000052 _____ () C:\Users\pawelg\AppData\Roaming\~SiMPLEX.ini 2020-02-02 12:47 - 2020-02-02 12:47 - 000004608 _____ () C:\Users\pawelg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-08-30 19:13 - 2020-04-05 17:51 - 000007622 _____ () C:\Users\pawelg\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2022-01-01 13:20 ==================== End of FRST.txt ========================