Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-01-2022
Ran by D (administrator) on DESKTOP-D (ASUS All Series) (30-01-2022 15:43:07)
Running from C:\Users\D\Desktop
Loaded Profiles: D
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1503 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <15>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe <4>
(Open Source Developer, Dominik Reichl -> Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe
(VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [9298344 2021-11-17] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [115688 2017-09-18] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126200 2018-12-12] (Intel(R) Driver & Support Assistant -> Intel)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3091136 2020-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3879116872-396271162-1637455061-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4268456 2022-01-16] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3879116872-396271162-1637455061-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31193432 2022-01-12] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Windows x64\Print Processors\hpcpp210: C:\Windows\System32\spool\prtprocs\x64\hpcpp210.dll [769776 2017-08-23] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [127728 2017-08-23] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM190: C:\WINDOWS\system32\hpmlm190.dll [310696 2017-08-23] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-28] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {008EF202-3FEF-47A8-B4E8-3E9F70F21DEF} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {2CE4FF35-3CD8-43E5-A620-5C7FDDD35679} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {3D569B7A-F298-4594-83B4-EADA39A95060} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {4603A201-C1D0-4349-A1A8-5A8AFDB30BD2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4CBA28D8-8DD2-4258-9364-246B29BF038C} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {5ED1D970-C635-4A67-BDFB-48F6E6D4531B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {642E3FD5-F9EA-4C2B-8089-7DA79DC8EFF4} - System32\Tasks\Opera scheduled Autoupdate 1552150883 => C:\Users\D\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {7102EE57-6AE2-467C-A24B-6BC2B218103C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {77E8FA41-1DF4-4969-966D-8F02B94B1DE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {80CEAC69-B294-4E09-B0F6-24C5EB1F1615} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {83BA1506-7157-4A3F-889C-C0E4EF2C497F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [26968 2022-01-12] (Garmin International, Inc. -> )
Task: {93710A48-5FEF-40F7-998F-0B36E6779B42} - System32\Tasks\Opera scheduled assistant Autoupdate 1553619719 => C:\Users\D\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\D\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {A5C39FF9-D493-45EF-8452-A572315FA412} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-07-26] (Google Inc -> Google Inc.)
Task: {A5F80329-60CE-44E4-B1E4-5AE0D8EDE389} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {B25FAD11-946E-40DD-BDA7-18D846110518} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146048 2018-10-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {CF5CD6AD-DD28-4B6B-8B48-B270C4D715CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {DA35B678-01E9-4584-AFBA-E181B6E63CEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-07-26] (Google Inc -> Google Inc.)
Task: {E15F2872-D176-4947-B4B3-6CA3F777C4E0} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {F02E7667-ED41-4DB6-BCC1-7FFF72B6B5FA} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{a42fcf16-70f4-4aeb-8f3d-13e38736df58}: [DhcpNameServer] 82.202.120.1 81.19.33.2
Tcpip\..\Interfaces\{aa841f84-a046-4051-9833-1b0ec7b11a30}: [DhcpNameServer] 82.202.120.1 81.19.33.2

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\D\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-30]

FireFox:
========
FF DefaultProfile: v65swddb.default
FF ProfilePath: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\v65swddb.default [2022-01-30]
FF NewTab: Mozilla\Firefox\Profiles\v65swddb.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__190122
FF Extension: (SaveFrom.net helper) - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\v65swddb.default\Extensions\helper@savefrom.net.xpi [2022-01-28]
FF Extension: (Kee - Password Manager) - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\v65swddb.default\Extensions\keefox@chris.tomlinson.xpi [2021-05-05]
FF Extension: (Linked Image List) - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\v65swddb.default\Extensions\linkedimagelist@grue.addons.mozilla.org.xpi [2021-01-22]
FF Extension: (Screen Recorder) - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\v65swddb.default\Extensions\screen-recorder@freebusinessapps.xpi [2019-11-26]
FF Extension: (User-Agent Switcher) - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\v65swddb.default\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2020-12-08]
FF Extension: (Udělej printscreen celé webové stránky - FireShot) - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\v65swddb.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2021-08-11]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\v65swddb.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2021-12-04]
FF Extension: (Screenshot Extension (Screen Capture Tool)) - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\v65swddb.default\Extensions\{cae82615-f7be-4aff-875d-33da1bc93923}.xpi [2018-11-26]
FF Extension: (Easy Video Downloader) - C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\v65swddb.default\Extensions\{cd04e15e-6b23-4648-860d-0057602a5c2a}.xpi [2020-05-22]
FF SearchPlugin: C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\v65swddb.default\searchplugins\securesearch.xml [2019-02-27]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2018-08-03] (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )

Chrome: 
=======
CHR Profile: C:\Users\D\AppData\Local\Google\Chrome\User Data\Default [2021-08-19]
CHR Extension: (Prezentace) - C:\Users\D\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-26]
CHR Extension: (Dokumenty) - C:\Users\D\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-26]
CHR Extension: (Disk Google) - C:\Users\D\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-26]
CHR Extension: (YouTube) - C:\Users\D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-26]
CHR Extension: (Adobe Acrobat) - C:\Users\D\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-10-19]
CHR Extension: (Tabulky) - C:\Users\D\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\D\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-19]
CHR Extension: (Gmail) - C:\Users\D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-19]
CHR Extension: (Chrome Media Router) - C:\Users\D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-19]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
S2 APCPBEAgent; C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe [42488 2020-12-10] (Schneider Electric USA Inc. -> Schneider Electric)
S2 APCPBEServer; C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe [57160 2013-09-09] (Schneider Electric -> APC)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23288 2018-12-12] (Intel(R) Driver & Support Assistant -> Intel)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40104 2019-11-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [10508032 2021-11-17] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6136536 2022-01-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12986664 2021-12-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248856 2017-01-18] (Synology Inc. -> ) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14344168 2017-09-18] (VMware, Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-23] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-03] (ASUSTeK Computer Inc. -> )
R3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [57824 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider)
R3 dlcdcncm; C:\WINDOWS\System32\drivers\dlcdcncm62_x64.sys [90344 2020-04-28] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [34496 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFlt; C:\WINDOWS\System32\drivers\EPMVolFlt.sys [30416 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [73448 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 EUBAKUP0; C:\WINDOWS\system32\drivers\EUBAKUP0.sys [73328 2018-05-15] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [53504 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 EUBKMON0; C:\WINDOWS\system32\drivers\EUBKMON0.sys [53360 2018-05-15] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [22784 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [341760 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 EUFDDISK0; C:\WINDOWS\system32\drivers\EUFDDISK0.sys [341104 2018-07-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 HPMoA407; C:\WINDOWS\System32\drivers\HPMoA407.sys [25088 2011-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
S3 HPubA407; C:\WINDOWS\System32\Drivers\HPubA407.sys [18944 2012-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2017-06-19] (Martin Malik - REALiX -> REALiX(tm))
R1 HWiNFO_150; C:\WINDOWS\system32\drivers\HWiNFO64A_150.SYS [62240 2020-05-31] (Martin Malik - REALiX -> REALiX(tm))
R3 MirayVirtualDisk; C:\WINDOWS\System32\drivers\mvd.sys [62576 2011-04-17] (Miray Software AG -> Miray)
R2 NPF; C:\WINDOWS\SysWOW64\drivers\npf64.sys [36600 2019-06-27] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 OSFMount; C:\Program Files\OSFMount\x64\OSFMount.sys [1038416 2018-03-22] (PassMark Software Pty Ltd -> PassMark Software)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [199808 2017-10-18] (Oracle Corporation -> Oracle Corporation)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [66520 2017-09-18] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-04] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-30 15:43 - 2022-01-30 15:43 - 000025375 _____ C:\Users\D\Desktop\FRST.txt
2022-01-30 15:43 - 2022-01-30 15:43 - 000000000 ____D C:\FRST
2022-01-30 15:42 - 2022-01-30 15:41 - 002311680 _____ (Farbar) C:\Users\D\Desktop\FRST64.exe
2022-01-30 15:41 - 2022-01-30 15:41 - 002311680 _____ (Farbar) C:\Users\D\Downloads\FRST64.exe
2022-01-29 19:07 - 2022-01-30 14:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2022-01-28 19:24 - 2022-01-28 19:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-01-28 19:24 - 2022-01-28 19:24 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-28 19:24 - 2022-01-28 19:24 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-28 19:24 - 2022-01-28 19:24 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-01-28 19:24 - 2022-01-28 19:24 - 000011805 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-28 19:23 - 2022-01-28 19:23 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-01-28 19:23 - 2022-01-28 19:23 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2022-01-28 19:23 - 2022-01-28 19:23 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-01-28 19:18 - 2022-01-28 19:18 - 000000000 ___HD C:\$WinREAgent
2022-01-28 18:53 - 2022-01-28 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-30 15:36 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-30 15:29 - 2019-02-17 14:02 - 000000000 ____D C:\ProgramData\Mozilla
2022-01-30 15:28 - 2017-06-16 20:27 - 000000000 ____D C:\Users\D\AppData\LocalLow\Mozilla
2022-01-30 15:26 - 2020-09-01 14:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-30 14:56 - 2019-04-04 19:15 - 000000000 ____D C:\Users\D\AppData\Roaming\KeePass
2022-01-30 14:52 - 2018-07-26 10:14 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-30 14:23 - 2021-06-25 16:18 - 000000000 ____D C:\Program Files (x86)\Steam
2022-01-30 14:22 - 2017-06-17 20:10 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-01-30 14:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-30 14:07 - 2020-09-01 14:08 - 001693204 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-30 14:07 - 2019-12-07 15:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2022-01-30 14:07 - 2019-12-07 15:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2022-01-30 14:07 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-29 04:51 - 2020-06-05 14:57 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-29 04:51 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-28 19:30 - 2021-11-07 17:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-01-28 19:30 - 2020-09-01 14:03 - 000458568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-28 19:30 - 2017-06-16 20:27 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-01-28 19:30 - 2017-06-16 20:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-01-28 19:29 - 2020-09-01 14:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-28 19:29 - 2020-09-01 14:03 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-28 19:29 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-01-28 19:29 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-28 19:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-28 19:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-28 19:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-28 19:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-28 19:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-01-28 19:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-01-28 19:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-28 19:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-01-28 19:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-01-28 19:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-01-28 19:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-01-28 19:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-28 19:29 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-01-28 19:29 - 2017-09-27 22:21 - 000000000 ____D C:\ProgramData\VMware
2022-01-28 19:26 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-28 19:23 - 2020-09-01 14:05 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-01-28 19:07 - 2020-09-07 01:00 - 000000000 ____D C:\WINDOWS\system32\config\regsave
2022-01-28 19:07 - 2018-05-08 14:02 - 000476672 ___SH C:\EUMONBMP.SYS
2022-01-28 19:00 - 2017-06-16 20:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-28 18:57 - 2017-11-19 12:22 - 000000000 ____D C:\ProgramData\Garmin
2022-01-28 18:57 - 2017-06-16 20:31 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-28 18:53 - 2020-09-01 14:08 - 000003624 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask
2022-01-28 18:53 - 2018-07-26 10:15 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-28 18:53 - 2018-07-26 10:15 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-01-28 18:53 - 2018-05-08 14:20 - 000004096 ___SH C:\{CD6E8585-A4DB-496C-9287-0A869B2C03C9}.CBM
2022-01-28 18:53 - 2017-11-19 12:22 - 000000000 ____D C:\Program Files (x86)\Garmin
2022-01-28 18:53 - 2017-06-16 20:27 - 000000000 ____D C:\ProgramData\Package Cache
2022-01-28 18:52 - 2020-09-01 14:08 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-28 18:52 - 2017-09-03 10:23 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-01-28 18:50 - 2021-12-23 18:20 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3879116872-396271162-1637455061-1001
2022-01-28 18:50 - 2020-09-01 14:08 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3879116872-396271162-1637455061-1001
2022-01-28 18:50 - 2020-09-01 13:02 - 000002365 _____ C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-28 18:46 - 2020-09-01 14:08 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-28 18:46 - 2020-09-01 14:08 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-28 18:44 - 2020-09-01 14:08 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-28 18:44 - 2020-09-01 14:08 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2017-06-17 19:30 - 2017-06-17 19:31 - 000054075 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2021-11-07 16:19 - 2021-11-07 16:19 - 000000869 _____ () C:\Users\D\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================