﻿Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-08-2020
Ran by peg (administrator) on PEG-PC (Gigabyte Technology Co., Ltd. GA-A75-D3H) (21-08-2020 12:09:29)
Running from C:\Users\peg\Desktop
Loaded Profiles: peg
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Firebird Project) [File not signed] C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Firebird Project) [File not signed] C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksdeui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avpui.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11821160 2011-05-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SPIRunE] => C:\Windows\SysWOW64\SPIRunE.dll [18432 2009-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3371974989-788379993-4045197900-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\peg\AppData\Local\Microsoft\Teams\Update.exe [2350744 2020-07-25] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2019-10-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP 0053 Status Monitor: C:\Windows\system32\hpinksts0053LM.dll [485048 2016-10-14] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP 8911 Status Monitor: C:\Windows\system32\hpinksts8911LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP DeskJet 2600 series): C:\Windows\system32\HPDiscoPM0053.dll [983176 2018-04-17] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\Windows\system32\pxcpmL.dll [2187520 2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-19] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> 
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00072F82-CD08-4F8A-8EF0-250311E2723B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {02E0C9ED-E262-454A-95F6-37825BDF47BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-08] (Google Inc -> Google LLC)
Task: {176D63E8-D598-451D-9A72-B85EC3C1A3F8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18227896 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {33543E39-B6C4-4B54-9E4F-C16400F5944B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2020-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {350C7796-ADBF-4039-AC4C-8A033BBF10FB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2020-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {38F067B5-F547-4BB0-B02A-9FED886AE0AE} - System32\Tasks\Opera scheduled assistant Autoupdate 1585924256 => C:\Users\peg\AppData\Local\Programs\Opera\launcher.exe [1529880 2020-08-11] (Opera Software AS -> Opera Software)
Task: {3D8464EA-0090-469A-974A-F9C35962EF0A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [123600 2020-07-30] (Mozilla Corporation -> Mozilla Foundation)
Task: {46AB3A36-D91E-4331-9BB2-9590D0A0EB65} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24611720 2020-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {595EFA66-0414-4377-B041-D3FFA2F2DC83} - System32\Tasks\Opera scheduled Autoupdate 1585924247 => C:\Users\peg\AppData\Local\Programs\Opera\launcher.exe [1529880 2020-08-11] (Opera Software AS -> Opera Software)
Task: {5F888955-F145-494D-8A53-1EB0A6920F60} - System32\Tasks\{E92AE6F0-2416-48CA-90E4-7A6B36FE1818} => C:\Windows\system32\pcalua.exe -a C:\Users\peg\Downloads\FacebookGameroom.exe -d C:\Users\peg\Downloads
Task: {6C0F1338-C25D-42F0-9EF4-632A4027CB1A} - System32\Tasks\{A0EB7633-02CC-4035-B361-5BC2415DE22D} => C:\Windows\system32\pcalua.exe -a D:\Drivers\ITE8211\Driver\AsusSetup.exe -d D:\Drivers\ITE8211\Driver
Task: {85423449-CC2B-4090-BF13-DE8C439265B5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1336400 2020-07-08] (Adobe Inc. -> Adobe Inc.)
Task: {8E6BF13B-69D7-4E1A-8453-57530F80088C} - System32\Tasks\{EA2C5FC0-6C48-4EB7-81A7-0E5F84A9D3B8} => C:\Windows\system32\pcalua.exe -a C:\Users\peg\Desktop\AMD\XPR2\Setup.exe -d C:\Users\peg\Desktop\AMD\XPR2
Task: {8E73EDE2-2A49-4F42-B2F8-2833646DBF44} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [10219208 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {8F49E382-2579-4AA0-ADBE-C49E8493D7BB} - System32\Tasks\{77BCC426-A8F2-4832-86C4-F80598063728} => C:\Windows\system32\pcalua.exe -a D:\Drivers\USB2\AsusSetup.exe -d D:\Drivers\USB2
Task: {8FE0F9AF-3F0B-4357-8CEC-5EFCD5849219} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232 2020-04-10] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {9E6DBC5F-B8CE-4A3B-96AF-25CB6D7CB025} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24611720 2020-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {B2F6A63E-E047-4C8E-B6F3-5858083503F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-08] (Google Inc -> Google LLC)
Task: {B6516246-3A2B-4852-8912-DE9A48A18C83} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-03-30] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 195.146.128.62
Tcpip\..\Interfaces\{AA468E53-48A7-4A1F-811B-FF098A68E3BA}: [DhcpNameServer] 192.168.1.1 195.146.128.62
Tcpip\..\Interfaces\{BF9B835A-4F13-42DF-B03E-52C2DC6E17BB}: [DhcpNameServer] 192.168.1.1 195.146.128.62

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\IEExt\ie_plugin.dll [2020-04-10] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2020-05-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\IEExt\ie_plugin.dll [2020-04-10] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2020-05-18] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\IEExt\ie_plugin.dll [2020-04-10] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\IEExt\ie_plugin.dll [2020-04-10] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3371974989-788379993-4045197900-1000 -> Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\IEExt\ie_plugin.dll [2020-04-10] (Kaspersky Lab -> AO Kaspersky Lab)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) [File not signed]
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-07] (Microsoft Corporation -> Microsoft Corporation)

Edge: 
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\peg\AppData\Local\Microsoft\Edge\User Data\Default [2020-08-19]
Edge Extension: (XTranslate) - C:\Users\peg\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cinfaflgbaachkaamaeglolofeahelkd [2020-07-04]
Edge Extension: (Kaspersky Protection) - C:\Users\peg\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\elhpdacimkjpccooodognopfhbdgnpbk [2020-07-04]
Edge Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\peg\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\okhjkpgblgdjappgfgakbcecdblgffcl [2020-06-26]
Edge Extension: (AdGuard AdBlocker) - C:\Users\peg\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffkfellgipmhklpdmokmckkkfcopbh [2020-08-18]
Edge HKU\S-1-5-21-3371974989-788379993-4045197900-1000\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [elhpdacimkjpccooodognopfhbdgnpbk]

FireFox:
========
FF DefaultProfile: se0n7m4t.default
FF ProfilePath: C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\se0n7m4t.default [2020-05-20]
FF NewTab: Mozilla\Firefox\Profiles\se0n7m4t.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__191013
FF ProfilePath: C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\lta1g0rx.default-release [2020-08-21]
FF NewTab: Mozilla\Firefox\Profiles\lta1g0rx.default-release -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__191013
FF Extension: (Hoxx VPN Proxy) - C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\lta1g0rx.default-release\Extensions\@hoxx-vpn.xpi [2020-07-10]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\lta1g0rx.default-release\Extensions\firefox@ghostery.com.xpi [2020-08-20]
FF Extension: (Google Translator for Firefox) - C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\lta1g0rx.default-release\Extensions\translator@zoli.bod.xpi [2019-10-08]
FF Extension: (Open in VLC™ media player) - C:\Users\peg\AppData\Roaming\Mozilla\Firefox\Profiles\lta1g0rx.default-release\Extensions\{6b954d17-d17c-4a19-8fe6-ee8052a562d6}.xpi [2019-10-12]
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-07-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3371974989-788379993-4045197900-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3371974989-788379993-4045197900-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3371974989-788379993-4045197900-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2020-04-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2020-04-10] <==== ATTENTION

Chrome: 
=======
CHR Profile: C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default [2020-08-21]
CHR Notifications: Default -> hxxps://meet.google.com
CHR HomePage: Default -> hxxps://www.google.com/gmail/
CHR StartupUrls: Default -> "hxxp://www.google.sk/","hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-08]
CHR Extension: (Duolingo on the Web) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2019-10-08]
CHR Extension: (Magio GO) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\anoiechkjklgabdfompidjolhpfdpjdd [2019-10-08]
CHR Extension: (Docs) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-08]
CHR Extension: (Google Drive) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-08]
CHR Extension: (YouTube) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-08]
CHR Extension: (Flash Player) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmimdmkleccdoghpgdhaahkelfhjfhgm [2020-07-08]
CHR Extension: (Search by Image (by Google)) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2019-10-08]
CHR Extension: (Infinity New Tab - Productivity&Speed Dial) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg [2020-04-18]
CHR Extension: (Polarr Photo Editor) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2019-11-23]
CHR Extension: (Kaspersky Protection) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\elhpdacimkjpccooodognopfhbdgnpbk [2020-06-30]
CHR Extension: (Video Downloader professional) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2020-07-25]
CHR Extension: (Sheets) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-08]
CHR Extension: (Word Online) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2019-10-08]
CHR Extension: (Google Docs Offline) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-08-14]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-08-14]
CHR Extension: (Google Calendar) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2020-08-11]
CHR Extension: (Google Photos) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2019-10-08]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2019-10-08]
CHR Extension: (Pixlr Editor) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2019-10-08]
CHR Extension: (Webcam Toy) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2019-10-08]
CHR Extension: (Clean Google Calendar) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\magodclodecbbnbdfpmoehfdddkhlfmm [2019-10-08]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2020-08-06]
CHR Extension: (Awesome Screenshot & Screen Recorder) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2020-08-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-08]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2020-07-30]
CHR Extension: (Video Editor for Chromebook & more: Free app) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2019-10-08]
CHR Extension: (myHomework Student Planner) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pembccdigcahnckbjcbehhcacplbbomj [2020-08-04]
CHR Extension: (Gmail) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\peg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]

Opera: 
=======
OPR Notifications: hxxps://calendar.google.com; hxxps://meet.google.com
OPR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\peg\AppData\Roaming\Opera Software\Opera Stable\Extensions\glaedmooikiamindhmfcfccncmmdagge [2020-05-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R2 AVP20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe [357416 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11118960 2020-08-06] (Microsoft Corporation -> Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2019-10-07] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
S3 klvssbridge64_20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\vssbridge64.exe [438928 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE4.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe [619752 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\New TunesGo\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40720 2020-05-23] (Shenzhen Wondershare Information Technology Co., Ltd. -> Google Inc)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [52608 2011-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [76160 2011-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [531584 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [79768 2020-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [145504 2020-02-08] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [93312 2019-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [251800 2020-08-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [643840 2020-06-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1277704 2020-06-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [998808 2020-08-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [58192 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [79760 2020-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48592 2018-03-16] (AnchorFree Inc -> The OpenVPN Project)
R1 klwfp; C:\Windows\System32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [211048 2020-02-08] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [233368 2020-08-13] (Kaspersky Lab -> AO Kaspersky Lab)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [867328 2009-06-10] (Microsoft Windows -> Ralink Technology Corp.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation -> Corel Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2020-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-03] (Microsoft Corporation) [File not signed] [File is in use]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-20 22:05 - 2020-08-21 10:19 - 000000000 ____D C:\Users\peg\Desktop\Foto sex
2020-08-20 09:56 - 2020-08-20 09:56 - 000026535 _____ C:\Users\peg\Desktop\logy.rar
2020-08-20 09:44 - 2020-08-20 09:46 - 000069327 _____ C:\Users\peg\Desktop\Addition.txt
2020-08-20 09:38 - 2020-08-21 12:11 - 000032660 _____ C:\Users\peg\Desktop\FRST.txt
2020-08-20 09:38 - 2020-08-21 12:11 - 000000000 ____D C:\FRST
2020-08-20 09:29 - 2020-08-20 09:29 - 002297344 _____ (Farbar) C:\Users\peg\Desktop\FRST64.exe
2020-08-20 09:18 - 2020-08-20 09:18 - 000291768 _____ C:\Windows\Minidump\082020-19671-01.dmp
2020-08-20 01:45 - 2020-08-20 16:56 - 000000000 ____D C:\Users\peg\Desktop\auro
2020-08-19 23:23 - 2020-08-19 23:35 - 000000000 ____D C:\Users\peg\Desktop\Foto Harry Meghan
2020-08-18 12:45 - 2020-08-18 16:15 - 000000000 ____D C:\Users\peg\Desktop\sopka
2020-08-18 00:30 - 2020-08-18 10:36 - 000000000 ____D C:\Users\peg\Desktop\foto diplomati
2020-08-17 11:09 - 2020-08-17 11:11 - 000000000 ____D C:\Users\peg\Desktop\Audio diplomati
2020-08-15 23:48 - 2020-08-20 15:07 - 000000000 ____D C:\Users\peg\Desktop\Nina
2020-08-14 13:58 - 2020-08-14 13:58 - 000287584 _____ C:\Windows\Minidump\081420-18938-01.dmp
2020-08-13 10:25 - 2020-08-14 12:04 - 000000000 ____D C:\Users\peg\Desktop\Kuruc all
2020-08-11 12:13 - 2020-08-11 13:40 - 000000000 ____D C:\Users\peg\Desktop\foto mannzelky
2020-08-11 11:00 - 2020-08-11 11:26 - 000000000 ____D C:\Users\peg\Desktop\konferencia
2020-08-11 08:50 - 2020-08-11 09:03 - 000000000 ____D C:\Users\peg\Desktop\nahravka konferencie
2020-08-10 20:52 - 2020-08-10 20:52 - 000696227 _____ C:\Users\peg\Desktop\28-31_rozhovor.pdf
2020-08-10 08:29 - 2020-08-10 08:38 - 000000000 ____D C:\Users\peg\Desktop\Rozhovor Kurc vyber
2020-08-08 17:10 - 2020-08-09 14:08 - 000000000 ____D C:\Users\peg\Desktop\Kuruc audio
2020-08-06 09:09 - 2020-08-06 09:09 - 000003124 _____ C:\Windows\system32\Tasks\{E92AE6F0-2416-48CA-90E4-7A6B36FE1818}
2020-08-06 09:06 - 2020-08-06 09:10 - 000000000 ____D C:\Users\peg\AppData\Local\Facebook
2020-08-06 09:05 - 2020-08-06 09:05 - 000419872 _____ (Facebook Technologies, LLC) C:\Users\peg\Downloads\FacebookGameroom.exe
2020-07-31 22:45 - 2020-07-31 22:45 - 000291584 _____ C:\Windows\Minidump\073120-33228-01.dmp
2020-07-31 21:25 - 2020-07-31 21:25 - 000262144 _____ C:\Windows\Minidump\073120-24070-01.dmp
2020-07-31 18:28 - 2020-07-31 18:28 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-07-30 22:32 - 2020-07-31 21:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-07-30 12:11 - 2020-07-30 12:11 - 000512488 _____ C:\Users\peg\Desktop\hitech.pdf
2020-07-28 09:06 - 2020-08-19 10:06 - 000004256 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1585924256
2020-07-27 08:16 - 2020-07-27 08:16 - 000287584 _____ C:\Windows\Minidump\072720-17955-01.dmp
2020-07-27 08:14 - 2020-07-27 08:14 - 000295896 _____ C:\Windows\Minidump\072720-20124-01.dmp
2020-07-24 00:51 - 2020-07-24 00:51 - 000262144 _____ C:\Windows\Minidump\072420-21793-01.dmp
2020-07-23 15:46 - 2020-07-30 10:00 - 000000000 ____D C:\Users\peg\Desktop\Afganistan

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-21 12:11 - 2020-04-10 15:40 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-08-21 12:05 - 2019-11-21 15:18 - 000000000 ___RD C:\Users\peg\Desktop\PRIVAT 2019
2020-08-21 11:28 - 2020-07-06 16:57 - 000000000 ____D C:\Users\peg\Desktop\NOVE CISLLO
2020-08-21 09:30 - 2009-07-14 06:45 - 000024224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-08-21 09:30 - 2009-07-14 06:45 - 000024224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-08-21 09:15 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-20 16:56 - 2019-10-08 17:00 - 000001456 _____ C:\Users\peg\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-08-20 12:01 - 2019-10-08 18:00 - 000000000 ____D C:\Users\peg\AppData\LocalLow\Mozilla
2020-08-20 11:07 - 2020-03-14 12:01 - 000000000 ___RD C:\Users\peg\Desktop\udrzba
2020-08-20 09:27 - 2020-04-03 13:46 - 000000000 ____D C:\Users\peg\Desktop\hesla
2020-08-20 09:18 - 2020-07-10 16:09 - 689049137 _____ C:\Windows\MEMORY.DMP
2020-08-20 09:18 - 2020-04-29 11:06 - 000000000 ____D C:\Windows\Minidump
2020-08-19 10:13 - 2020-06-26 10:56 - 000002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-08-19 10:13 - 2020-06-26 10:56 - 000002182 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-08-19 10:13 - 2020-06-26 10:56 - 000002182 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-08-17 14:12 - 2020-04-03 16:30 - 000004026 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1585924247
2020-08-17 10:49 - 2009-07-14 07:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2020-08-17 10:49 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-08-15 20:11 - 2020-03-06 18:50 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-08-15 20:09 - 2019-10-08 10:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-08-13 11:44 - 2020-04-10 15:40 - 000998808 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2020-08-13 11:44 - 2020-04-10 15:40 - 000251800 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2020-08-13 11:44 - 2019-03-19 02:31 - 000233368 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys
2020-08-12 20:48 - 2020-05-20 17:14 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-08-12 20:47 - 2020-05-20 17:13 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-08-12 10:20 - 2020-06-09 11:28 - 000000000 ____D C:\Users\peg\Desktop\PDF Plus 7 Dni
2020-08-09 01:00 - 2019-12-08 11:09 - 000000000 ____D C:\Users\peg\AppData\Local\ElevatedDiagnostics
2020-08-05 10:58 - 2019-10-08 16:58 - 000000000 ____D C:\Users\peg\AppData\Local\Adobe
2020-08-03 23:30 - 2019-10-09 21:24 - 000000000 ____D C:\Users\peg\AppData\Local\Firestorm_x64
2020-08-03 11:47 - 2020-02-14 12:25 - 000000132 _____ C:\Users\peg\AppData\Roaming\Adobe PNG Format CS6 Prefs
2020-07-31 22:34 - 2020-03-17 14:01 - 000000000 ____D C:\Windows\system32\Tasks\NCH Software
2020-07-31 22:34 - 2020-03-17 14:01 - 000000000 ____D C:\ProgramData\NCH Software
2020-07-31 22:34 - 2020-03-17 14:01 - 000000000 ____D C:\Program Files (x86)\NCH Software
2020-07-31 22:33 - 2020-05-20 15:42 - 000000000 ____D C:\Program Files\Nitro
2020-07-31 22:33 - 2019-10-07 23:05 - 000000000 ____D C:\ProgramData\Package Cache
2020-07-31 22:31 - 2020-06-17 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
2020-07-31 22:31 - 2020-06-17 10:38 - 000000000 ____D C:\Program Files (x86)\ACD Systems
2020-07-31 21:25 - 2019-10-08 18:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-30 23:28 - 2020-05-23 14:00 - 000000000 ____D C:\Users\peg\AppData\Local\CrashDumps
2020-07-29 13:03 - 2020-06-06 13:25 - 000000000 ____D C:\Users\peg\AppData\Local\NitroSpoolDir
2020-07-29 13:03 - 2020-05-20 15:44 - 000000000 ____D C:\Users\peg\AppData\Roaming\Nitro
2020-07-28 17:15 - 2019-10-31 19:42 - 000000000 ___RD C:\Users\peg\Desktop\BORDEL
2020-07-28 17:14 - 2020-04-01 11:06 - 000000000 ___RD C:\Users\peg\Desktop\NEPOUZ
2020-07-28 17:12 - 2020-06-06 22:13 - 000000000 ____D C:\Users\peg\Desktop\BREJK upravene hotove pdf
2020-07-26 08:42 - 2020-04-03 14:37 - 000002802 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-07-25 09:28 - 2020-07-07 08:07 - 000002275 _____ C:\Users\peg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-07-25 09:28 - 2020-07-07 08:07 - 000002267 _____ C:\Users\peg\Desktop\Microsoft Teams.lnk
2020-07-24 14:35 - 2020-04-03 14:37 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update

==================== Files in the root of some directories ========

2020-02-14 12:25 - 2020-08-03 11:47 - 000000132 _____ () C:\Users\peg\AppData\Roaming\Adobe PNG Format CS6 Prefs
2019-10-08 17:00 - 2020-08-20 16:56 - 000001456 _____ () C:\Users\peg\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-12-17 21:12 - 2019-12-17 21:12 - 000000058 _____ () C:\Users\peg\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2019-10-19 17:50 - 2020-06-24 15:45 - 000007630 _____ () C:\Users\peg\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-08-15 10:12
==================== End of FRST.txt ========================